#VU34604 Missing Encryption of Sensitive Data in mbed Crypto - CVE-2020-10941 

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Vulnerabilities #VU34604

#VU34604 Missing Encryption of Sensitive Data in mbed Crypto - CVE-2020-10941

Published: March 24, 2020 / Updated: August 8, 2020


Vulnerability identifier: #VU34604
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2020-10941
CWE-ID: CWE-311
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vulnerable software:
mbed Crypto
Software vendor:
ARM

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

Arm Mbed TLS before 2.6.15 allows attackers to obtain sensitive information (an RSA private key) by measuring cache usage during an import.


Remediation

Install update from vendor's website.

External links