CVE-2017-14032
 
Severity Score
8.1
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
ARM mbed TLS before 1.3.21 and 2.x before 2.1.9, if optional authentication is configured, allows remote attackers to bypass peer authentication via an X.509 certificate chain with many intermediates. NOTE: although mbed TLS was formerly known as PolarSSL, the releases shipped with the PolarSSL name are not affected.
ARM mbed TLS en versiones anteriores a la 1.3.21 y en versiones 2.x anteriores a la 2.1.9, si se configura la autenticación opcional, permite a los atacantes omitir la autenticación Peer mediante una cadena de certificados X.509 con muchos intermediarios. NOTA: aunque mbed TLS se conocía antes como PolarSSL, las versiones lanzadas con el nombre PolarSSL no están afectadas.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2017-08-30 CVE Reserved
- 2017-08-30 CVE Published
- 2023-05-08 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-287: Improper Authentication
CAPEC
References (5)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://www.debian.org/security/2017/dsa-3967 | 2017-11-08 | |
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-02 | 2017-11-08 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Arm Search vendor "Arm" | Mbed Tls Search vendor "Arm" for product "Mbed Tls" | 1.3.10 Search vendor "Arm" for product "Mbed Tls" and version "1.3.10" | - |
Affected
| ||||||
Arm Search vendor "Arm" | Mbed Tls Search vendor "Arm" for product "Mbed Tls" | 1.3.11 Search vendor "Arm" for product "Mbed Tls" and version "1.3.11" | - |
Affected
| ||||||
Arm Search vendor "Arm" | Mbed Tls Search vendor "Arm" for product "Mbed Tls" | 1.3.12 Search vendor "Arm" for product "Mbed Tls" and version "1.3.12" | - |
Affected
| ||||||
Arm Search vendor "Arm" | Mbed Tls Search vendor "Arm" for product "Mbed Tls" | 1.3.13 Search vendor "Arm" for product "Mbed Tls" and version "1.3.13" | - |
Affected
| ||||||
Arm Search vendor "Arm" | Mbed Tls Search vendor "Arm" for product "Mbed Tls" | 1.3.14 Search vendor "Arm" for product "Mbed Tls" and version "1.3.14" | - |
Affected
| ||||||
Arm Search vendor "Arm" | Mbed Tls Search vendor "Arm" for product "Mbed Tls" | 1.3.15 Search vendor "Arm" for product "Mbed Tls" and version "1.3.15" | - |
Affected
| ||||||
Arm Search vendor "Arm" | Mbed Tls Search vendor "Arm" for product "Mbed Tls" | 1.3.16 Search vendor "Arm" for product "Mbed Tls" and version "1.3.16" | - |
Affected
| ||||||
Arm Search vendor "Arm" | Mbed Tls Search vendor "Arm" for product "Mbed Tls" | 1.3.17 Search vendor "Arm" for product "Mbed Tls" and version "1.3.17" | - |
Affected
| ||||||
Arm Search vendor "Arm" | Mbed Tls Search vendor "Arm" for product "Mbed Tls" | 1.3.18 Search vendor "Arm" for product "Mbed Tls" and version "1.3.18" | - |
Affected
| ||||||
Arm Search vendor "Arm" | Mbed Tls Search vendor "Arm" for product "Mbed Tls" | 1.3.19 Search vendor "Arm" for product "Mbed Tls" and version "1.3.19" | - |
Affected
| ||||||
Arm Search vendor "Arm" | Mbed Tls Search vendor "Arm" for product "Mbed Tls" | 1.3.20 Search vendor "Arm" for product "Mbed Tls" and version "1.3.20" | - |
Affected
| ||||||
Arm Search vendor "Arm" | Mbed Tls Search vendor "Arm" for product "Mbed Tls" | 1.3.21 Search vendor "Arm" for product "Mbed Tls" and version "1.3.21" | - |
Affected
| ||||||
Arm Search vendor "Arm" | Mbed Tls Search vendor "Arm" for product "Mbed Tls" | 2.0.0 Search vendor "Arm" for product "Mbed Tls" and version "2.0.0" | - |
Affected
| ||||||
Arm Search vendor "Arm" | Mbed Tls Search vendor "Arm" for product "Mbed Tls" | 2.1.0 Search vendor "Arm" for product "Mbed Tls" and version "2.1.0" | - |
Affected
| ||||||
Arm Search vendor "Arm" | Mbed Tls Search vendor "Arm" for product "Mbed Tls" | 2.1.1 Search vendor "Arm" for product "Mbed Tls" and version "2.1.1" | - |
Affected
| ||||||
Arm Search vendor "Arm" | Mbed Tls Search vendor "Arm" for product "Mbed Tls" | 2.1.2 Search vendor "Arm" for product "Mbed Tls" and version "2.1.2" | - |
Affected
| ||||||
Arm Search vendor "Arm" | Mbed Tls Search vendor "Arm" for product "Mbed Tls" | 2.1.3 Search vendor "Arm" for product "Mbed Tls" and version "2.1.3" | - |
Affected
| ||||||
Arm Search vendor "Arm" | Mbed Tls Search vendor "Arm" for product "Mbed Tls" | 2.1.4 Search vendor "Arm" for product "Mbed Tls" and version "2.1.4" | - |
Affected
| ||||||
Arm Search vendor "Arm" | Mbed Tls Search vendor "Arm" for product "Mbed Tls" | 2.1.5 Search vendor "Arm" for product "Mbed Tls" and version "2.1.5" | - |
Affected
| ||||||
Arm Search vendor "Arm" | Mbed Tls Search vendor "Arm" for product "Mbed Tls" | 2.1.6 Search vendor "Arm" for product "Mbed Tls" and version "2.1.6" | - |
Affected
| ||||||
Arm Search vendor "Arm" | Mbed Tls Search vendor "Arm" for product "Mbed Tls" | 2.1.7 Search vendor "Arm" for product "Mbed Tls" and version "2.1.7" | - |
Affected
| ||||||
Arm Search vendor "Arm" | Mbed Tls Search vendor "Arm" for product "Mbed Tls" | 2.1.8 Search vendor "Arm" for product "Mbed Tls" and version "2.1.8" | - |
Affected
| ||||||
Arm Search vendor "Arm" | Mbed Tls Search vendor "Arm" for product "Mbed Tls" | 2.1.9 Search vendor "Arm" for product "Mbed Tls" and version "2.1.9" | - |
Affected
| ||||||
Arm Search vendor "Arm" | Mbed Tls Search vendor "Arm" for product "Mbed Tls" | 2.2.0 Search vendor "Arm" for product "Mbed Tls" and version "2.2.0" | - |
Affected
| ||||||
Arm Search vendor "Arm" | Mbed Tls Search vendor "Arm" for product "Mbed Tls" | 2.2.1 Search vendor "Arm" for product "Mbed Tls" and version "2.2.1" | - |
Affected
| ||||||
Arm Search vendor "Arm" | Mbed Tls Search vendor "Arm" for product "Mbed Tls" | 2.3.0 Search vendor "Arm" for product "Mbed Tls" and version "2.3.0" | - |
Affected
| ||||||
Arm Search vendor "Arm" | Mbed Tls Search vendor "Arm" for product "Mbed Tls" | 2.4.0 Search vendor "Arm" for product "Mbed Tls" and version "2.4.0" | - |
Affected
| ||||||
Arm Search vendor "Arm" | Mbed Tls Search vendor "Arm" for product "Mbed Tls" | 2.4.2 Search vendor "Arm" for product "Mbed Tls" and version "2.4.2" | - |
Affected
| ||||||
Arm Search vendor "Arm" | Mbed Tls Search vendor "Arm" for product "Mbed Tls" | 2.5.1 Search vendor "Arm" for product "Mbed Tls" and version "2.5.1" | - |
Affected
| ||||||
Arm Search vendor "Arm" | Mbed Tls Search vendor "Arm" for product "Mbed Tls" | 2.6.2 Search vendor "Arm" for product "Mbed Tls" and version "2.6.2" | - |
Affected
|