Home > Vulnerability Database > CVE-2017-14032

Mend.io Vulnerability Database

CVE-2017-14032

Good to know:

Date: August 30, 2017

ARM mbed TLS before 1.3.21 and 2.x before 2.1.9, if optional authentication is configured, allows remote attackers to bypass peer authentication via an X.509 certificate chain with many intermediates. NOTE: although mbed TLS was formerly known as PolarSSL, the releases shipped with the PolarSSL name are not affected.

Language: C

Severity Score

5.6

Related Resources (7)

Url: https://nvd.nist.gov/vuln/detail/CVE-2017-14032

Url: https://bugs.debian.org/873557

Url: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-02

Url: https://github.com/ARMmbed/mbedtls/commit/31458a18788b0cf0b722acda9bb2f2fe13a3fb32

Url: http://www.debian.org/security/2017/dsa-3967

Url: https://github.com/ARMmbed/mbedtls/commit/d15795acd5074e0b44e71f7ede8bdfe1b48591fc

Url: https://www.mend.io/vulnerability-database/CVE-2017-14032

Severity Score

5.6

Weakness Type (CWE)

Authentication Issues

CWE-287

Top Fix

Upgrade Version

Upgrade to version 1.3.21,2.1.9

Learn More

CVSS v3.1

Base Score:	5.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

CVSS v2

Base Score:	6.8
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2017-14032

Good to know:

Date: August 30, 2017

Language: C

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?