Lucene search

MitreCVE-2020-36478

HistoryAug 23, 2021 - 2:15 a.m.

CVE-2020-36478

2021-08-2302:15:07

CWE-295

mitre

web.nvd.nist.gov

mbed tls

cve-2020-36478

vulnerability

certificate validation

nvd

security advisory

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

7.3

Confidence

High

EPSS

0.003

Percentile

71.2%

JSON

An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). A NULL algorithm parameters entry looks identical to an array of REAL (size zero) and thus the certificate is considered valid. However, if the parameters do not match in any way, then the certificate should be considered invalid.

Affected configurations

Nvd

Node

armmbed_tlsRange<2.7.18

armmbed_tlsRange2.8.0–2.16.9

armmbed_tlsRange2.17.0–2.25.0

Node

siemenslogo\!_cmr2020Match-

AND

siemenslogo\!_cmr2020_firmwareRange<2.2

Node

siemenslogo\!_cmr2040Match-

AND

siemenslogo\!_cmr2040_firmwareRange<2.2

Node

siemenssimatic_rtu3031c_firmware

AND

siemenssimatic_rtu3031cMatch-

Node

siemenssimatic_rtu3041c_firmware

AND

siemenssimatic_rtu3041cMatch-

Node

siemenssimatic_rtu3030c_firmware

AND

siemenssimatic_rtu3030cMatch-

Node

siemenssimatic_rtu3000c_firmware

AND

siemenssimatic_rtu3000cMatch-

Node

debiandebian_linuxMatch9.0

debiandebian_linuxMatch10.0

VendorProductVersionCPE
armmbed_tls*cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*
siemenslogo\!_cmr2020-cpe:2.3:h:siemens:logo\!_cmr2020:-:*:*:*:*:*:*:*
siemenslogo\!_cmr2020_firmware*cpe:2.3:o:siemens:logo\!_cmr2020_firmware:*:*:*:*:*:*:*:*
siemenslogo\!_cmr2040-cpe:2.3:h:siemens:logo\!_cmr2040:-:*:*:*:*:*:*:*
siemenslogo\!_cmr2040_firmware*cpe:2.3:o:siemens:logo\!_cmr2040_firmware:*:*:*:*:*:*:*:*
siemenssimatic_rtu3031c_firmware*cpe:2.3:o:siemens:simatic_rtu3031c_firmware:*:*:*:*:*:*:*:*
siemenssimatic_rtu3031c-cpe:2.3:h:siemens:simatic_rtu3031c:-:*:*:*:*:*:*:*
siemenssimatic_rtu3041c_firmware*cpe:2.3:o:siemens:simatic_rtu3041c_firmware:*:*:*:*:*:*:*:*
siemenssimatic_rtu3041c-cpe:2.3:h:siemens:simatic_rtu3041c:-:*:*:*:*:*:*:*
siemenssimatic_rtu3030c_firmware*cpe:2.3:o:siemens:simatic_rtu3030c_firmware:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
arm	mbed_tls	*	cpe:2.3:a:arm:mbed_tls::::::::
siemens	logo\!_cmr2020	-	cpe:2.3:h:siemens:logo\!_cmr2020:-:::::::*
siemens	logo\!_cmr2020_firmware	*	cpe:2.3:o:siemens:logo\!_cmr2020_firmware::::::::
siemens	logo\!_cmr2040	-	cpe:2.3:h:siemens:logo\!_cmr2040:-:::::::*
siemens	logo\!_cmr2040_firmware	*	cpe:2.3:o:siemens:logo\!_cmr2040_firmware::::::::
siemens	simatic_rtu3031c_firmware	*	cpe:2.3:o:siemens:simatic_rtu3031c_firmware::::::::
siemens	simatic_rtu3031c	-	cpe:2.3:h:siemens:simatic_rtu3031c:-:::::::*
siemens	simatic_rtu3041c_firmware	*	cpe:2.3:o:siemens:simatic_rtu3041c_firmware::::::::
siemens	simatic_rtu3041c	-	cpe:2.3:h:siemens:simatic_rtu3041c:-:::::::*
siemens	simatic_rtu3030c_firmware	*	cpe:2.3:o:siemens:simatic_rtu3030c_firmware::::::::