Vulnerability in Arm Mbed TLS Affects RSA and Diffie-Hellman Key Generation
CVE-2020-36424

4.7MEDIUM

Key Information:

Vendor: Arm
Status: Mbed Tls
Vendor: CVE Published:; 19 July 2021

What is CVE-2020-36424?

An issue has been identified in Arm Mbed TLS, which includes a vulnerability that can be exploited through side-channel attacks during the generation of base blinding/unblinding values. This allows an attacker to recover private keys associated with RSA or static Diffie-Hellman protocols. It is important for users of Mbed TLS versions prior to 2.24.0 to implement necessary updates to mitigate this security risk. The vulnerability highlights the importance of robust cryptographic implementations to prevent potential exploitation.

References

https://tls.mbed.org/tech-updates/security-advisories/mbe...

https://github.com/ARMmbed/mbedtls/releases/tag/v2.7.17

https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.8

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 19, 2021
Vulnerability Reserved
Jul 19, 2021