CVE-2017-14032

ARM mbed TLS before 1.3.21 and 2.x before 2.1.9, if optional authentication is configured, allows remote attackers to bypass peer authentication via an X.509 certificate chain with many intermediates. NOTE: although mbed TLS was formerly known as PolarSSL, the releases shipped with the PolarSSL name are not affected.

CVSS v3.0 8.1 HIGH
CVSS v2.0 6.8 MEDIUM

8.1^/10

CVSS v3.0 : HIGH

V3 Legend

Vector : AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability : 2.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-02	Vendor Advisory
https://github.com/ARMmbed/mbedtls/commit/d15795acd5074e0b44e71f7ede8bdfe1b48591fc	Issue Tracking Patch Third Party Advisory
https://github.com/ARMmbed/mbedtls/commit/31458a18788b0cf0b722acda9bb2f2fe13a3fb32	Issue Tracking Patch Third Party Advisory
https://bugs.debian.org/873557	Issue Tracking Patch Third Party Advisory
http://www.debian.org/security/2017/dsa-3967

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:arm:mbed_tls:1.3.12:::::::*
	cpe:2.3:a:arm:mbed_tls:1.3.13:::::::*
	cpe:2.3:a:arm:mbed_tls:1.3.21:::::::*
	cpe:2.3:a:arm:mbed_tls:2.1.9:::::::*
	cpe:2.3:a:arm:mbed_tls:1.3.10:::::::*
	cpe:2.3:a:arm:mbed_tls:1.3.11:::::::*
	cpe:2.3:a:arm:mbed_tls:1.3.18:::::::*
	cpe:2.3:a:arm:mbed_tls:1.3.19:::::::*
	cpe:2.3:a:arm:mbed_tls:2.4.2:::::::*
	cpe:2.3:a:arm:mbed_tls:2.5.1:::::::*
	cpe:2.3:a:arm:mbed_tls:2.1.2:::::::*
	cpe:2.3:a:arm:mbed_tls:1.3.16:::::::*
	cpe:2.3:a:arm:mbed_tls:1.3.15:::::::*
	cpe:2.3:a:arm:mbed_tls:2.1.4:::::::*
	cpe:2.3:a:arm:mbed_tls:2.1.7:::::::*
	cpe:2.3:a:arm:mbed_tls:2.0.0:::::::*
	cpe:2.3:a:arm:mbed_tls:2.3.0:::::::*
	cpe:2.3:a:arm:mbed_tls:2.2.1:::::::*
	cpe:2.3:a:arm:mbed_tls:2.1.8:::::::*
	cpe:2.3:a:arm:mbed_tls:2.2.0:::::::*
	cpe:2.3:a:arm:mbed_tls:1.3.20:::::::*
	cpe:2.3:a:arm:mbed_tls:1.3.14:::::::*
	cpe:2.3:a:arm:mbed_tls:2.1.1:::::::*
	cpe:2.3:a:arm:mbed_tls:2.1.5:::::::*
	cpe:2.3:a:arm:mbed_tls:2.1.0:::::::*
	cpe:2.3:a:arm:mbed_tls:2.1.3:::::::*
	cpe:2.3:a:arm:mbed_tls:2.6.2:::::::*
	cpe:2.3:a:arm:mbed_tls:2.1.6:::::::*
	cpe:2.3:a:arm:mbed_tls:2.4.0:::::::*
	cpe:2.3:a:arm:mbed_tls:1.3.17:::::::*

Information

Published : 2017-08-30 13:29

Updated : 2017-11-07 18:29

NVD link : CVE-2017-14032

Mitre link : CVE-2017-14032

JSON object : View

CWE

CWE-287

Improper Authentication

Products Affected

arm

mbed_tls

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-02", "name": "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-02", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "https://github.com/ARMmbed/mbedtls/commit/d15795acd5074e0b44e71f7ede8bdfe1b48591fc", "name": "https://github.com/ARMmbed/mbedtls/commit/d15795acd5074e0b44e71f7ede8bdfe1b48591fc", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "https://github.com/ARMmbed/mbedtls/commit/31458a18788b0cf0b722acda9bb2f2fe13a3fb32", "name": "https://github.com/ARMmbed/mbedtls/commit/31458a18788b0cf0b722acda9bb2f2fe13a3fb32", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "https://bugs.debian.org/873557", "name": "https://bugs.debian.org/873557", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.debian.org/security/2017/dsa-3967", "name": "DSA-3967", "tags": [], "refsource": "DEBIAN"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "ARM mbed TLS before 1.3.21 and 2.x before 2.1.9, if optional authentication is configured, allows remote attackers to bypass peer authentication via an X.509 certificate chain with many intermediates. NOTE: although mbed TLS was formerly known as PolarSSL, the releases shipped with the PolarSSL name are not affected."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-287"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2017-14032", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.2}}, "publishedDate": "2017-08-30T20:29Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:arm:mbed_tls:1.3.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:arm:mbed_tls:1.3.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:arm:mbed_tls:1.3.21:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:arm:mbed_tls:2.1.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:arm:mbed_tls:1.3.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:arm:mbed_tls:1.3.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:arm:mbed_tls:1.3.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:arm:mbed_tls:1.3.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:arm:mbed_tls:2.4.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:arm:mbed_tls:2.5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:arm:mbed_tls:2.1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:arm:mbed_tls:1.3.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:arm:mbed_tls:1.3.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:arm:mbed_tls:2.1.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:arm:mbed_tls:2.1.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:arm:mbed_tls:2.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:arm:mbed_tls:2.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:arm:mbed_tls:2.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:arm:mbed_tls:2.1.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:arm:mbed_tls:2.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:arm:mbed_tls:1.3.20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:arm:mbed_tls:1.3.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:arm:mbed_tls:2.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:arm:mbed_tls:2.1.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:arm:mbed_tls:2.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:arm:mbed_tls:2.1.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:arm:mbed_tls:2.6.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:arm:mbed_tls:2.1.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:arm:mbed_tls:2.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:arm:mbed_tls:1.3.17:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-11-08T02:29Z"}

8.1 /10