CVE-2017-14032

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2017-14032
ARM mbed TLS before 1.3.21 and 2.x before 2.1.9, if optional authentication is configured, allows remote attackers to bypass peer authentication via an X.509 certificate chain with many intermediates. NOTE: although mbed TLS was formerly known as PolarSSL, the releases shipped with the PolarSSL name are not affected.

8.1 /10

CVSS v3 : HIGH

V3 Legend

Vector : AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability : 2.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.8 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://www.debian.org/security/2017/dsa-3967
https://bugs.debian.org/873557 Issue Tracking Patch Third Party Advisory
https://github.com/ARMmbed/mbedtls/commit/31458a18788b0cf0b722acda9bb2f2fe13a3fb32 Issue Tracking Patch Third Party Advisory
https://github.com/ARMmbed/mbedtls/commit/d15795acd5074e0b44e71f7ede8bdfe1b48591fc Issue Tracking Patch Third Party Advisory
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-02 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:arm:mbed_tls:1.3.10:*:*:*:*:*:*:*
cpe:2.3:a:arm:mbed_tls:1.3.11:*:*:*:*:*:*:*
cpe:2.3:a:arm:mbed_tls:1.3.12:*:*:*:*:*:*:*
cpe:2.3:a:arm:mbed_tls:1.3.13:*:*:*:*:*:*:*
cpe:2.3:a:arm:mbed_tls:1.3.14:*:*:*:*:*:*:*
cpe:2.3:a:arm:mbed_tls:1.3.15:*:*:*:*:*:*:*
cpe:2.3:a:arm:mbed_tls:1.3.16:*:*:*:*:*:*:*
cpe:2.3:a:arm:mbed_tls:1.3.17:*:*:*:*:*:*:*
cpe:2.3:a:arm:mbed_tls:1.3.18:*:*:*:*:*:*:*
cpe:2.3:a:arm:mbed_tls:1.3.19:*:*:*:*:*:*:*
cpe:2.3:a:arm:mbed_tls:1.3.20:*:*:*:*:*:*:*
cpe:2.3:a:arm:mbed_tls:1.3.21:*:*:*:*:*:*:*
cpe:2.3:a:arm:mbed_tls:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:arm:mbed_tls:2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:arm:mbed_tls:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:arm:mbed_tls:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:arm:mbed_tls:2.1.3:*:*:*:*:*:*:*
cpe:2.3:a:arm:mbed_tls:2.1.4:*:*:*:*:*:*:*
cpe:2.3:a:arm:mbed_tls:2.1.5:*:*:*:*:*:*:*
cpe:2.3:a:arm:mbed_tls:2.1.6:*:*:*:*:*:*:*
cpe:2.3:a:arm:mbed_tls:2.1.7:*:*:*:*:*:*:*
cpe:2.3:a:arm:mbed_tls:2.1.8:*:*:*:*:*:*:*
cpe:2.3:a:arm:mbed_tls:2.1.9:*:*:*:*:*:*:*
cpe:2.3:a:arm:mbed_tls:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:arm:mbed_tls:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:arm:mbed_tls:2.3.0:*:*:*:*:*:*:*
cpe:2.3:a:arm:mbed_tls:2.4.0:*:*:*:*:*:*:*
cpe:2.3:a:arm:mbed_tls:2.4.2:*:*:*:*:*:*:*
cpe:2.3:a:arm:mbed_tls:2.5.1:*:*:*:*:*:*:*
cpe:2.3:a:arm:mbed_tls:2.6.2:*:*:*:*:*:*:*
History

No history.

Information

Published : 2017-08-30 20:29

Updated : 2023-12-10 12:15

NVD link : CVE-2017-14032

Mitre link : CVE-2017-14032

CVE.ORG link : CVE-2017-14032

JSON object : View

Products Affected

arm

  • mbed_tls
CWE
CWE-287

Improper Authentication