8.1

CVE-2017-14032

ARM mbed TLS before 1.3.21 and 2.x before 2.1.9, if optional authentication is configured, allows remote attackers to bypass peer authentication via an X.509 certificate chain with many intermediates. NOTE: although mbed TLS was formerly known as PolarSSL, the releases shipped with the PolarSSL name are not affected.

Data is provided by the National Vulnerability Database (NVD)
ArmMbed Tls Version1.3.10
ArmMbed Tls Version1.3.11
ArmMbed Tls Version1.3.12
ArmMbed Tls Version1.3.13
ArmMbed Tls Version1.3.14
ArmMbed Tls Version1.3.15
ArmMbed Tls Version1.3.16
ArmMbed Tls Version1.3.17
ArmMbed Tls Version1.3.18
ArmMbed Tls Version1.3.19
ArmMbed Tls Version1.3.20
ArmMbed Tls Version1.3.21
ArmMbed Tls Version2.0.0
ArmMbed Tls Version2.1.0
ArmMbed Tls Version2.1.1
ArmMbed Tls Version2.1.2
ArmMbed Tls Version2.1.3
ArmMbed Tls Version2.1.4
ArmMbed Tls Version2.1.5
ArmMbed Tls Version2.1.6
ArmMbed Tls Version2.1.7
ArmMbed Tls Version2.1.8
ArmMbed Tls Version2.1.9
ArmMbed Tls Version2.2.0
ArmMbed Tls Version2.2.1
ArmMbed Tls Version2.3.0
ArmMbed Tls Version2.4.0
ArmMbed Tls Version2.4.2
ArmMbed Tls Version2.5.1
ArmMbed Tls Version2.6.2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.08% 0.23
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 8.1 2.2 5.9
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://bugs.debian.org/873557
Patch
Third Party Advisory
Issue Tracking