ID CVE-2018-19608
Summary Arm Mbed TLS before 2.14.1, before 2.7.8, and before 2.1.17 allows a local unprivileged attacker to recover the plaintext of RSA decryption, which is used in RSA-without-(EC)DH(E) cipher suites.
References
Vulnerable Configurations
  • ARM mbed TLS 2.1.0
    cpe:2.3:a:arm:mbed_tls:2.1.0
  • ARM mbed TLS 2.1.1
    cpe:2.3:a:arm:mbed_tls:2.1.1
  • ARM mbed TLS 2.1.2
    cpe:2.3:a:arm:mbed_tls:2.1.2
  • ARM mbed TLS 2.1.3
    cpe:2.3:a:arm:mbed_tls:2.1.3
  • ARM mbed TLS 2.1.4
    cpe:2.3:a:arm:mbed_tls:2.1.4
  • ARM mbed TLS 2.1.5
    cpe:2.3:a:arm:mbed_tls:2.1.5
  • ARM mbed TLS 2.1.6
    cpe:2.3:a:arm:mbed_tls:2.1.6
  • ARM mbed TLS 2.1.7
    cpe:2.3:a:arm:mbed_tls:2.1.7
  • ARM mbed TLS 2.1.7 Release Candidate 1
    cpe:2.3:a:arm:mbed_tls:2.1.7:rc1
  • ARM mbed TLS 2.1.8
    cpe:2.3:a:arm:mbed_tls:2.1.8
  • ARM mbed TLS 2.1.9
    cpe:2.3:a:arm:mbed_tls:2.1.9
  • ARM mbed TLS 2.1.9 Release Candidate 1
    cpe:2.3:a:arm:mbed_tls:2.1.9:rc1
  • ARM mbed TLS 2.1.10
    cpe:2.3:a:arm:mbed_tls:2.1.10
  • ARM mbed TLS 2.1.10 Release Candidate 1
    cpe:2.3:a:arm:mbed_tls:2.1.10:rc1
  • ARM mbed TLS 2.1.11
    cpe:2.3:a:arm:mbed_tls:2.1.11
  • ARM mbed TLS 2.1.11 Release Candidate 1
    cpe:2.3:a:arm:mbed_tls:2.1.11:rc1
  • ARM mbed TLS 2.1.12
    cpe:2.3:a:arm:mbed_tls:2.1.12
  • ARM mbed TLS 2.1.13
    cpe:2.3:a:arm:mbed_tls:2.1.13
  • ARM mbed TLS 2.1.14
    cpe:2.3:a:arm:mbed_tls:2.1.14
  • ARM mbed TLS 2.7.0
    cpe:2.3:a:arm:mbed_tls:2.7.0
  • ARM mbed TLS 2.7.0 Release Candidate 1
    cpe:2.3:a:arm:mbed_tls:2.7.0:rc1
  • ARM mbed TLS 2.7.1
    cpe:2.3:a:arm:mbed_tls:2.7.1
  • ARM mbed TLS 2.7.2
    cpe:2.3:a:arm:mbed_tls:2.7.2
  • ARM mbed TLS 2.7.2 Release Candidate 1
    cpe:2.3:a:arm:mbed_tls:2.7.2:rc1
  • ARM mbed TLS 2.7.3
    cpe:2.3:a:arm:mbed_tls:2.7.3
  • ARM mbed TLS 2.7.4
    cpe:2.3:a:arm:mbed_tls:2.7.4
  • ARM mbed TLS 2.7.5
    cpe:2.3:a:arm:mbed_tls:2.7.5
CVSS
Base: 1.9
Impact:
Exploitability:
CWE CWE-310
CAPEC
  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
nessus via4
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_293F40A0FFA111E8B2580011D823EEBD.NASL
    description Janos Follath reports : An attacker who can run code on the same machine that is performing an RSA decryption can potentially recover the plaintext through a Bleichenbacher-like oracle.
    last seen 2019-02-21
    modified 2019-02-06
    plugin id 119698
    published 2018-12-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119698
    title FreeBSD : Mbed TLS -- Local timing attack on RSA decryption (293f40a0-ffa1-11e8-b258-0011d823eebd)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-571EA64F3D.NASL
    description - Update to 2.14.1 - CVE-2018-19608 (#1656784) Release notes: https://tls.mbed.org/tech-updates/releases/mbedtls-2.14.1-2.7.8-and-2. 1.17-released Security Advisory: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security -advisory-2018-03 ---- - Update to 2.14.0 Release notes: https://tls.mbed.org/tech-updates/releases/mbedtls-2.14.0-2.7.7-and-2. 1.16-released Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-02-06
    plugin id 120439
    published 2019-01-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=120439
    title Fedora 29 : mbedtls (2018-571ea64f3d)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-1F6CA69276.NASL
    description - Update to 2.14.1 - CVE-2018-19608 (#1656784) Release notes: https://tls.mbed.org/tech-updates/releases/mbedtls-2.14.1-2.7.8-and-2. 1.17-released Security Advisory: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security -advisory-2018-03 ---- - Update to 2.14.0 Release notes: https://tls.mbed.org/tech-updates/releases/mbedtls-2.14.0-2.7.7-and-2. 1.16-released Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-02-06
    plugin id 120281
    published 2019-01-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=120281
    title Fedora 28 : mbedtls (2018-1f6ca69276)
refmap via4
confirm
misc http://cat.eyalro.net/
Last major update 05-12-2018 - 17:29
Published 05-12-2018 - 17:29
Last modified 05-02-2019 - 09:19
Back to Top