Local Attack Vulnerability in Arm Mbed TLS Affecting Encryption Security
CVE-2018-19608

4.7MEDIUM

Key Information:

Vendor

Arm
Status
Mbed Tls
Vendor
CVE Published:
5 December 2018

What is CVE-2018-19608?

Arm Mbed TLS, prior to versions 2.14.1, 2.7.8, and 2.1.17, has a vulnerability that allows local unprivileged attackers to potentially recover plaintext data that was encrypted with RSA. This poses significant risks, particularly for applications relying on RSA-without-(EC)DH(E) cipher suites. As RSA decryption is used widely in secure communications, addressing this vulnerability is crucial for maintaining the integrity and confidentiality of sensitive data.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://tls.mbed.org/tech-updates/security-advisories/mbe...
x_refsource_CONFIRM
http://cat.eyalro.net/
x_refsource_MISC
https://tls.mbed.org/tech-updates/releases/mbedtls-2.14.1...
x_refsource_CONFIRM

CVSS V3.1

Score:
4.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.