#VU10943 Remote code execution in mbed TLS - CVE-2018-0488


| Updated: 2018-03-13

Vulnerability identifier: #VU10943

Vulnerability risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2018-0488

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
mbed TLS
Universal components / Libraries / Libraries used by multiple products

Vendor: ARM

Description
The vulnerability allows a remote unauthenticated attacker to execute arbitrary code on the target system.

The weakness exists due to improper processing of crafted packets when using the truncated HMAC extension and CBC. A remote attacker can send a specially crafted input and execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation
Update to versions 1.3.22, 2.1.10 or 2.7.0.

Vulnerable software versions

mbed TLS: 1.3.0 - 1.3.21, 2.1.0 - 2.1.9, 2.4.0 - 2.4.2

External links
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-01

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Ubuntu update for ARM mbed TLS
Remote code execution in mbedtls (Alpine package)
Gentoo update for mbed TLS
Debian update for polarssl
Debian update for mbedtls
Fedora 27 update for mbedtls
Fedora 26 update for mbedtls
Fedora EPEL 7 update for mbedtls
Fedora EPEL 6 update for mbedtls
Remote code execution in ARM mbed TLS