Missing Encryption of Sensitive Data in mbed Crypto - CVE-2020-10941

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Vulnerabilities #VU34604

Missing Encryption of Sensitive Data in mbed Crypto - CVE-2020-10941

Published: March 24, 2020 / Updated: August 8, 2020


Vulnerability identifier: #VU34604
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2020-10941
CWE-ID: CWE-311
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: ARM
Affected software:
mbed Crypto

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

Arm Mbed TLS before 2.6.15 allows attackers to obtain sensitive information (an RSA private key) by measuring cache usage during an import.


How to mitigate CVE-2020-10941

Install update from vendor's website.

Sources