7.5
CVE-2020-36478
- EPSS 0.22%
- Published 23.08.2021 02:15:07
- Last modified 21.11.2024 05:29:38
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). A NULL algorithm parameters entry looks identical to an array of REAL (size zero) and thus the certificate is considered valid. However, if the parameters do not match in any way, then the certificate should be considered invalid.
Data is provided by the National Vulnerability Database (NVD)
Siemens ≫ Logo! Cmr2020 Firmware Version < 2.2
Siemens ≫ Logo! Cmr2040 Firmware Version < 2.2
Debian ≫ Debian Linux Version9.0
Debian ≫ Debian Linux Version10.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.22% | 0.451 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:P/A:N
|
CWE-295 Improper Certificate Validation
The product does not validate, or incorrectly validates, a certificate.