CVE-2017-14032

Debian Security Advisory 3967-1

Severity Score

8.1

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

ARM mbed TLS before 1.3.21 and 2.x before 2.1.9, if optional authentication is configured, allows remote attackers to bypass peer authentication via an X.509 certificate chain with many intermediates. NOTE: although mbed TLS was formerly known as PolarSSL, the releases shipped with the PolarSSL name are not affected.

ARM mbed TLS en versiones anteriores a la 1.3.21 y en versiones 2.x anteriores a la 2.1.9, si se configura la autenticación opcional, permite a los atacantes omitir la autenticación Peer mediante una cadena de certificados X.509 con muchos intermediarios. NOTA: aunque mbed TLS se conocía antes como PolarSSL, las versiones lanzadas con el nombre PolarSSL no están afectadas.

An authentication bypass vulnerability was discovered in mbed TLS, a lightweight crypto and SSL/TLS library, when the authentication mode is configured as 'optional'. A remote attacker can take advantage of this flaw to mount a man-in-the-middle attack and impersonate an intended peer via an X.509 certificate chain with many intermediates.

*Credits: N/A

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2017-08-30 CVE Reserved
2017-08-30 CVE Published
2024-08-05 CVE Updated
2025-06-28 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-287: Improper Authentication

CAPEC

References (5)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC
https://bugs.debian.org/873557	2017-11-08
https://github.com/ARMmbed/mbedtls/commit/31458a18788b0cf0b722acda9bb2f2fe13a3fb32	2017-11-08
https://github.com/ARMmbed/mbedtls/commit/d15795acd5074e0b44e71f7ede8bdfe1b48591fc	2017-11-08

URL	Date	SRC
http://www.debian.org/security/2017/dsa-3967	2017-11-08
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-02	2017-11-08

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Arm Search vendor "Arm"		Mbed Tls Search vendor "Arm" for product "Mbed Tls"				1.3.10 Search vendor "Arm" for product "Mbed Tls" and version "1.3.10"		-		Affected
Arm Search vendor "Arm"		Mbed Tls Search vendor "Arm" for product "Mbed Tls"				1.3.11 Search vendor "Arm" for product "Mbed Tls" and version "1.3.11"		-		Affected
Arm Search vendor "Arm"		Mbed Tls Search vendor "Arm" for product "Mbed Tls"				1.3.12 Search vendor "Arm" for product "Mbed Tls" and version "1.3.12"		-		Affected
Arm Search vendor "Arm"		Mbed Tls Search vendor "Arm" for product "Mbed Tls"				1.3.13 Search vendor "Arm" for product "Mbed Tls" and version "1.3.13"		-		Affected
Arm Search vendor "Arm"		Mbed Tls Search vendor "Arm" for product "Mbed Tls"				1.3.14 Search vendor "Arm" for product "Mbed Tls" and version "1.3.14"		-		Affected
Arm Search vendor "Arm"		Mbed Tls Search vendor "Arm" for product "Mbed Tls"				1.3.15 Search vendor "Arm" for product "Mbed Tls" and version "1.3.15"		-		Affected
Arm Search vendor "Arm"		Mbed Tls Search vendor "Arm" for product "Mbed Tls"				1.3.16 Search vendor "Arm" for product "Mbed Tls" and version "1.3.16"		-		Affected
Arm Search vendor "Arm"		Mbed Tls Search vendor "Arm" for product "Mbed Tls"				1.3.17 Search vendor "Arm" for product "Mbed Tls" and version "1.3.17"		-		Affected
Arm Search vendor "Arm"		Mbed Tls Search vendor "Arm" for product "Mbed Tls"				1.3.18 Search vendor "Arm" for product "Mbed Tls" and version "1.3.18"		-		Affected
Arm Search vendor "Arm"		Mbed Tls Search vendor "Arm" for product "Mbed Tls"				1.3.19 Search vendor "Arm" for product "Mbed Tls" and version "1.3.19"		-		Affected
Arm Search vendor "Arm"		Mbed Tls Search vendor "Arm" for product "Mbed Tls"				1.3.20 Search vendor "Arm" for product "Mbed Tls" and version "1.3.20"		-		Affected
Arm Search vendor "Arm"		Mbed Tls Search vendor "Arm" for product "Mbed Tls"				1.3.21 Search vendor "Arm" for product "Mbed Tls" and version "1.3.21"		-		Affected
Arm Search vendor "Arm"		Mbed Tls Search vendor "Arm" for product "Mbed Tls"				2.0.0 Search vendor "Arm" for product "Mbed Tls" and version "2.0.0"		-		Affected
Arm Search vendor "Arm"		Mbed Tls Search vendor "Arm" for product "Mbed Tls"				2.1.0 Search vendor "Arm" for product "Mbed Tls" and version "2.1.0"		-		Affected
Arm Search vendor "Arm"		Mbed Tls Search vendor "Arm" for product "Mbed Tls"				2.1.1 Search vendor "Arm" for product "Mbed Tls" and version "2.1.1"		-		Affected
Arm Search vendor "Arm"		Mbed Tls Search vendor "Arm" for product "Mbed Tls"				2.1.2 Search vendor "Arm" for product "Mbed Tls" and version "2.1.2"		-		Affected
Arm Search vendor "Arm"		Mbed Tls Search vendor "Arm" for product "Mbed Tls"				2.1.3 Search vendor "Arm" for product "Mbed Tls" and version "2.1.3"		-		Affected
Arm Search vendor "Arm"		Mbed Tls Search vendor "Arm" for product "Mbed Tls"				2.1.4 Search vendor "Arm" for product "Mbed Tls" and version "2.1.4"		-		Affected
Arm Search vendor "Arm"		Mbed Tls Search vendor "Arm" for product "Mbed Tls"				2.1.5 Search vendor "Arm" for product "Mbed Tls" and version "2.1.5"		-		Affected
Arm Search vendor "Arm"		Mbed Tls Search vendor "Arm" for product "Mbed Tls"				2.1.6 Search vendor "Arm" for product "Mbed Tls" and version "2.1.6"		-		Affected
Arm Search vendor "Arm"		Mbed Tls Search vendor "Arm" for product "Mbed Tls"				2.1.7 Search vendor "Arm" for product "Mbed Tls" and version "2.1.7"		-		Affected
Arm Search vendor "Arm"		Mbed Tls Search vendor "Arm" for product "Mbed Tls"				2.1.8 Search vendor "Arm" for product "Mbed Tls" and version "2.1.8"		-		Affected
Arm Search vendor "Arm"		Mbed Tls Search vendor "Arm" for product "Mbed Tls"				2.1.9 Search vendor "Arm" for product "Mbed Tls" and version "2.1.9"		-		Affected
Arm Search vendor "Arm"		Mbed Tls Search vendor "Arm" for product "Mbed Tls"				2.2.0 Search vendor "Arm" for product "Mbed Tls" and version "2.2.0"		-		Affected
Arm Search vendor "Arm"		Mbed Tls Search vendor "Arm" for product "Mbed Tls"				2.2.1 Search vendor "Arm" for product "Mbed Tls" and version "2.2.1"		-		Affected
Arm Search vendor "Arm"		Mbed Tls Search vendor "Arm" for product "Mbed Tls"				2.3.0 Search vendor "Arm" for product "Mbed Tls" and version "2.3.0"		-		Affected
Arm Search vendor "Arm"		Mbed Tls Search vendor "Arm" for product "Mbed Tls"				2.4.0 Search vendor "Arm" for product "Mbed Tls" and version "2.4.0"		-		Affected
Arm Search vendor "Arm"		Mbed Tls Search vendor "Arm" for product "Mbed Tls"				2.4.2 Search vendor "Arm" for product "Mbed Tls" and version "2.4.2"		-		Affected
Arm Search vendor "Arm"		Mbed Tls Search vendor "Arm" for product "Mbed Tls"				2.5.1 Search vendor "Arm" for product "Mbed Tls" and version "2.5.1"		-		Affected
Arm Search vendor "Arm"		Mbed Tls Search vendor "Arm" for product "Mbed Tls"				2.6.2 Search vendor "Arm" for product "Mbed Tls" and version "2.6.2"		-		Affected