TLS ECDH-RSA Ciphersuite Vulnerability in ARM mbedTLS
CVE-2018-1000520

7.5HIGH

Key Information:

Vendor: Arm
Status: Mbed Tls
Vendor: CVE Published:; 26 June 2018

What is CVE-2018-1000520?

ARM mbedTLS versions 2.7.0 and earlier contain a vulnerability in the mbedtls_ssl_get_verify_result() function, which incorrectly accepts ECDSA-signed certificates when only RSA-signed certificates should be permitted. This vulnerability occurs when peers negotiate a TLS-ECDH-RSA-* ciphersuite, allowing any peer to present an ECDSA-signed certificate that should otherwise be rejected. This flaw can lead to security risks over secure communications.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://github.com/ARMmbed/mbedtls/issues/1561

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 26, 2018
Vulnerability Reserved
May 1, 2018

JSON

Arm

What is CVE-2018-1000520?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.