8.1
CVE-2017-14032
- EPSS 1.49%
- Veröffentlicht 30.08.2017 20:29:00
- Zuletzt bearbeitet 05.06.2026 19:38:32
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
ARM mbed TLS before 1.3.21 and 2.x before 2.1.9, if optional authentication is configured, allows remote attackers to bypass peer authentication via an X.509 certificate chain with many intermediates. NOTE: although mbed TLS was formerly known as PolarSSL, the releases shipped with the PolarSSL name are not affected.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Trustedfirmware ≫ Mbed Tls Version1.3.10
Trustedfirmware ≫ Mbed Tls Version1.3.11
Trustedfirmware ≫ Mbed Tls Version1.3.12
Trustedfirmware ≫ Mbed Tls Version1.3.13
Trustedfirmware ≫ Mbed Tls Version1.3.14
Trustedfirmware ≫ Mbed Tls Version1.3.15
Trustedfirmware ≫ Mbed Tls Version1.3.16
Trustedfirmware ≫ Mbed Tls Version1.3.17
Trustedfirmware ≫ Mbed Tls Version1.3.18
Trustedfirmware ≫ Mbed Tls Version1.3.20
Trustedfirmware ≫ Mbed Tls Version2.0.0
Trustedfirmware ≫ Mbed Tls Version2.1.0
Trustedfirmware ≫ Mbed Tls Version2.1.1
Trustedfirmware ≫ Mbed Tls Version2.1.2
Trustedfirmware ≫ Mbed Tls Version2.1.3
Trustedfirmware ≫ Mbed Tls Version2.1.4
Trustedfirmware ≫ Mbed Tls Version2.1.5
Trustedfirmware ≫ Mbed Tls Version2.1.6
Trustedfirmware ≫ Mbed Tls Version2.1.8
Trustedfirmware ≫ Mbed Tls Version2.2.0
Trustedfirmware ≫ Mbed Tls Version2.2.1
Trustedfirmware ≫ Mbed Tls Version2.3.0
Trustedfirmware ≫ Mbed Tls Version2.4.0
Trustedfirmware ≫ Mbed Tls Version2.5.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.49% | 0.708 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.1 | 2.2 | 5.9 |
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
http://www.debian.org/security/2017/dsa-3967
https://bugs.debian.org/873557
https://github.com/ARMmbed/mbedtls/commit/31458a18788b0cf0b722acda9bb2f2fe13a3fb32
https://github.com/ARMmbed/mbedtls/commit/d15795acd5074e0b44e71f7ede8bdfe1b48591fc
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-02