CVE-2018-1000520

{"id": "CVE-2018-1000520", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2018-06-26T16:29:01.353", "references": [{"url": "https://github.com/ARMmbed/mbedtls/issues/1561", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-295"}]}], "descriptions": [{"lang": "en", "value": "ARM mbedTLS version 2.7.0 and earlier contains a Ciphersuite Allows Incorrectly Signed Certificates vulnerability in mbedtls_ssl_get_verify_result() that can result in ECDSA-signed certificates are accepted, when only RSA-signed ones should be.. This attack appear to be exploitable via Peers negotiate a TLS-ECDH-RSA-* ciphersuite. Any of the peers can then provide an ECDSA-signed certificate, when only an RSA-signed one should be accepted.."}, {"lang": "es", "value": "ARM mbedTLS, en versiones 2.7.0 y anteriores, contiene una vulnerabilidad de conjunto de cifrado que permite certificados firmados de forma incorrecta en mbedtls_ssl_get_verify_result(). Esto puede resultar en que se acepten certificados firmados por ECDSA, aunque solo deber\u00edan aceptarse los firmados por RSA. Este ataque parece ser explotable mediante peers que negocien un conjunto de cifrado TLS-ECDH-RSA-*. Cualquier peer puede proporcionar un certificado firmado por ECDSA, aunque solo deber\u00edan aceptarse los firmados por RSA."}], "lastModified": "2020-11-05T15:42:28.790", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E9DA3007-4C0D-4EDE-B7CE-233FD9214A0E", "versionEndIncluding": "2.7.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}