CVE-2023-37920 Report - Details, Severity, & Advisories
Twingate Team
•
Apr 17, 2024
CVE-2023-37920 is a critical vulnerability affecting Certifi, a collection of root certificates used for validating SSL certificates and verifying TLS hosts. With a severity rating of 9.8, this vulnerability impacts systems using Certifi versions from 2015.04.28 up to 2023.07.22. The issue stems from Certifi recognizing e-Tugra root certificates prior to version 2023.07.22, which were subject to a security investigation. The vulnerability has been addressed in Certifi 2023.07.22, which removes e-Tugra root certificates from the root store.
How do I know if I'm affected?
If you're wondering whether you're affected by the vulnerability, you'll need to check the version of the Certifi package you're using. This vulnerability impacts Certifi versions from 2015.04.28 up to 2023.07.22. The issue is related to Certifi recognizing e-Tugra root certificates, which were subject to a security investigation. If your Certifi version falls within the mentioned range, you're affected by this vulnerability.
What should I do if I'm affected?
If you're affected by the vulnerability, it's crucial to update your Certifi package to version 2023.07.22 or later, which removes the problematic e-Tugra root certificates. To do this, follow the update instructions provided by your specific operating system or software distribution. By updating to a patched version, you'll mitigate the risk associated with this vulnerability and ensure the trustworthiness of SSL certificates and TLS hosts.
Is CVE-2023-37920 in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2023-37920 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. This vulnerability affects Certifi, a collection of root certificates, and is related to the recognition of e-Tugra root certificates. The issue has been addressed in Certifi version 2023.07.22, which removes the problematic e-Tugra root certificates. To protect your system, it's essential to update your Certifi package to this version or later.
Weakness enumeration
The Weakness Enumeration for CVE-2023-37920 is identified as CWE-345, which refers to insufficient verification of data authenticity. This vulnerability is related to the Certifi software and its recognition of e-Tugra root certificates.
For more details
CVE-2023-37920 is a critical vulnerability affecting Certifi, with severe consequences for systems using affected versions. To gain a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or links below for more information.
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
CVE-2023-37920 Report - Details, Severity, & Advisories
Twingate Team
•
Apr 17, 2024
CVE-2023-37920 is a critical vulnerability affecting Certifi, a collection of root certificates used for validating SSL certificates and verifying TLS hosts. With a severity rating of 9.8, this vulnerability impacts systems using Certifi versions from 2015.04.28 up to 2023.07.22. The issue stems from Certifi recognizing e-Tugra root certificates prior to version 2023.07.22, which were subject to a security investigation. The vulnerability has been addressed in Certifi 2023.07.22, which removes e-Tugra root certificates from the root store.
How do I know if I'm affected?
If you're wondering whether you're affected by the vulnerability, you'll need to check the version of the Certifi package you're using. This vulnerability impacts Certifi versions from 2015.04.28 up to 2023.07.22. The issue is related to Certifi recognizing e-Tugra root certificates, which were subject to a security investigation. If your Certifi version falls within the mentioned range, you're affected by this vulnerability.
What should I do if I'm affected?
If you're affected by the vulnerability, it's crucial to update your Certifi package to version 2023.07.22 or later, which removes the problematic e-Tugra root certificates. To do this, follow the update instructions provided by your specific operating system or software distribution. By updating to a patched version, you'll mitigate the risk associated with this vulnerability and ensure the trustworthiness of SSL certificates and TLS hosts.
Is CVE-2023-37920 in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2023-37920 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. This vulnerability affects Certifi, a collection of root certificates, and is related to the recognition of e-Tugra root certificates. The issue has been addressed in Certifi version 2023.07.22, which removes the problematic e-Tugra root certificates. To protect your system, it's essential to update your Certifi package to this version or later.
Weakness enumeration
The Weakness Enumeration for CVE-2023-37920 is identified as CWE-345, which refers to insufficient verification of data authenticity. This vulnerability is related to the Certifi software and its recognition of e-Tugra root certificates.
For more details
CVE-2023-37920 is a critical vulnerability affecting Certifi, with severe consequences for systems using affected versions. To gain a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or links below for more information.
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
CVE-2023-37920 Report - Details, Severity, & Advisories
Twingate Team
•
Apr 17, 2024
CVE-2023-37920 is a critical vulnerability affecting Certifi, a collection of root certificates used for validating SSL certificates and verifying TLS hosts. With a severity rating of 9.8, this vulnerability impacts systems using Certifi versions from 2015.04.28 up to 2023.07.22. The issue stems from Certifi recognizing e-Tugra root certificates prior to version 2023.07.22, which were subject to a security investigation. The vulnerability has been addressed in Certifi 2023.07.22, which removes e-Tugra root certificates from the root store.
How do I know if I'm affected?
If you're wondering whether you're affected by the vulnerability, you'll need to check the version of the Certifi package you're using. This vulnerability impacts Certifi versions from 2015.04.28 up to 2023.07.22. The issue is related to Certifi recognizing e-Tugra root certificates, which were subject to a security investigation. If your Certifi version falls within the mentioned range, you're affected by this vulnerability.
What should I do if I'm affected?
If you're affected by the vulnerability, it's crucial to update your Certifi package to version 2023.07.22 or later, which removes the problematic e-Tugra root certificates. To do this, follow the update instructions provided by your specific operating system or software distribution. By updating to a patched version, you'll mitigate the risk associated with this vulnerability and ensure the trustworthiness of SSL certificates and TLS hosts.
Is CVE-2023-37920 in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2023-37920 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. This vulnerability affects Certifi, a collection of root certificates, and is related to the recognition of e-Tugra root certificates. The issue has been addressed in Certifi version 2023.07.22, which removes the problematic e-Tugra root certificates. To protect your system, it's essential to update your Certifi package to this version or later.
Weakness enumeration
The Weakness Enumeration for CVE-2023-37920 is identified as CWE-345, which refers to insufficient verification of data authenticity. This vulnerability is related to the Certifi software and its recognition of e-Tugra root certificates.
For more details
CVE-2023-37920 is a critical vulnerability affecting Certifi, with severe consequences for systems using affected versions. To gain a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or links below for more information.