CVE-2020-36478

moderate-risk
Published 2021-08-23

An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). A NULL algorithm parameters entry looks identical to an array of REAL (size zero) and thus the certificate is considered valid. However, if the parameters do not match in any way, then the certificate should be considered invalid.

Do I need to act?

-
0.52% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (9)

Logo\! Cmr2020 Firmware
Logo\! Cmr2040 Firmware
Simatic Rtu3031C Firmware
Simatic Rtu3041C Firmware
Simatic Rtu3030C Firmware
Simatic Rtu3000C Firmware

Affected Vendors

Debian Siemens Arm

References (14)

Patch https://cert-portal.siemens.com/productcert/pdf/ssa-756638.pdf
Exploit https://github.com/ARMmbed/mbedtls/issues/3629
Release Notes https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.9
Release Notes https://github.com/ARMmbed/mbedtls/releases/tag/v2.25.0
Release Notes https://github.com/ARMmbed/mbedtls/releases/tag/v2.7.18
Mailing List https://lists.debian.org/debian-lts-announce/2021/11/msg00021.html
Mailing List https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html
Patch https://cert-portal.siemens.com/productcert/pdf/ssa-756638.pdf
Exploit https://github.com/ARMmbed/mbedtls/issues/3629
Release Notes https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.9
Release Notes https://github.com/ARMmbed/mbedtls/releases/tag/v2.25.0
Release Notes https://github.com/ARMmbed/mbedtls/releases/tag/v2.7.18
Mailing List https://lists.debian.org/debian-lts-announce/2021/11/msg00021.html
Mailing List https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html
43
/ 100
moderate-risk
Severity 26/34 · High
Exploitability 2/34 · Minimal
Exposure 15/34 · Moderate