Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2018-1000520

ARM mbedTLS version 2.7.0 and earlier contains a Ciphersuite Allows Incorrectly Signed Certificates vulnerability in mbedtls_ssl_get_verify_result() that can result in ECDSA-signed certificates are accepted, when only RSA-signed ones should be.. This attack appear to be exploitable via Peers negotiate a TLS-ECDH-RSA-* ciphersuite. Any of the peers can then provide an ECDSA-signed certificate, when only an RSA-signed one should be accepted..
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 29.6%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
Products affected by CVE-2018-1000520
  • Arm » Mbed Tls » Version: N/A
    cpe:2.3:a:arm:mbed_tls:-
  • Arm » Mbed Tls » Version: 1.3.0
    cpe:2.3:a:arm:mbed_tls:1.3.0
  • Arm » Mbed Tls » Version: 1.3.1
    cpe:2.3:a:arm:mbed_tls:1.3.1
  • Arm » Mbed Tls » Version: 1.3.10
    cpe:2.3:a:arm:mbed_tls:1.3.10
  • Arm » Mbed Tls » Version: 1.3.11
    cpe:2.3:a:arm:mbed_tls:1.3.11
  • Arm » Mbed Tls » Version: 1.3.12
    cpe:2.3:a:arm:mbed_tls:1.3.12
  • Arm » Mbed Tls » Version: 1.3.13
    cpe:2.3:a:arm:mbed_tls:1.3.13
  • Arm » Mbed Tls » Version: 1.3.14
    cpe:2.3:a:arm:mbed_tls:1.3.14
  • Arm » Mbed Tls » Version: 1.3.15
    cpe:2.3:a:arm:mbed_tls:1.3.15
  • Arm » Mbed Tls » Version: 1.3.16
    cpe:2.3:a:arm:mbed_tls:1.3.16
  • Arm » Mbed Tls » Version: 1.3.17
    cpe:2.3:a:arm:mbed_tls:1.3.17
  • Arm » Mbed Tls » Version: 1.3.18
    cpe:2.3:a:arm:mbed_tls:1.3.18
  • Arm » Mbed Tls » Version: 1.3.19
    cpe:2.3:a:arm:mbed_tls:1.3.19
  • Arm » Mbed Tls » Version: 1.3.2
    cpe:2.3:a:arm:mbed_tls:1.3.2
  • Arm » Mbed Tls » Version: 1.3.20
    cpe:2.3:a:arm:mbed_tls:1.3.20
  • Arm » Mbed Tls » Version: 1.3.21
    cpe:2.3:a:arm:mbed_tls:1.3.21
  • Arm » Mbed Tls » Version: 1.3.22
    cpe:2.3:a:arm:mbed_tls:1.3.22
  • Arm » Mbed Tls » Version: 1.3.3
    cpe:2.3:a:arm:mbed_tls:1.3.3
  • Arm » Mbed Tls » Version: 1.3.4
    cpe:2.3:a:arm:mbed_tls:1.3.4
  • Arm » Mbed Tls » Version: 1.3.5
    cpe:2.3:a:arm:mbed_tls:1.3.5
  • Arm » Mbed Tls » Version: 1.3.6
    cpe:2.3:a:arm:mbed_tls:1.3.6
  • Arm » Mbed Tls » Version: 1.3.7
    cpe:2.3:a:arm:mbed_tls:1.3.7
  • Arm » Mbed Tls » Version: 1.3.8
    cpe:2.3:a:arm:mbed_tls:1.3.8
  • Arm » Mbed Tls » Version: 1.3.9
    cpe:2.3:a:arm:mbed_tls:1.3.9
  • Arm » Mbed Tls » Version: 2.0.0
    cpe:2.3:a:arm:mbed_tls:2.0.0
  • Arm » Mbed Tls » Version: 2.1.0
    cpe:2.3:a:arm:mbed_tls:2.1.0
  • Arm » Mbed Tls » Version: 2.1.1
    cpe:2.3:a:arm:mbed_tls:2.1.1
  • Arm » Mbed Tls » Version: 2.1.10
    cpe:2.3:a:arm:mbed_tls:2.1.10
  • Arm » Mbed Tls » Version: 2.1.11
    cpe:2.3:a:arm:mbed_tls:2.1.11
  • Arm » Mbed Tls » Version: 2.1.12
    cpe:2.3:a:arm:mbed_tls:2.1.12
  • Arm » Mbed Tls » Version: 2.1.13
    cpe:2.3:a:arm:mbed_tls:2.1.13
  • Arm » Mbed Tls » Version: 2.1.14
    cpe:2.3:a:arm:mbed_tls:2.1.14
  • Arm » Mbed Tls » Version: 2.1.15
    cpe:2.3:a:arm:mbed_tls:2.1.15
  • Arm » Mbed Tls » Version: 2.1.16
    cpe:2.3:a:arm:mbed_tls:2.1.16
  • Arm » Mbed Tls » Version: 2.1.17
    cpe:2.3:a:arm:mbed_tls:2.1.17
  • Arm » Mbed Tls » Version: 2.1.18
    cpe:2.3:a:arm:mbed_tls:2.1.18
  • Arm » Mbed Tls » Version: 2.1.2
    cpe:2.3:a:arm:mbed_tls:2.1.2
  • Arm » Mbed Tls » Version: 2.1.3
    cpe:2.3:a:arm:mbed_tls:2.1.3
  • Arm » Mbed Tls » Version: 2.1.4
    cpe:2.3:a:arm:mbed_tls:2.1.4
  • Arm » Mbed Tls » Version: 2.1.5
    cpe:2.3:a:arm:mbed_tls:2.1.5
  • Arm » Mbed Tls » Version: 2.1.6
    cpe:2.3:a:arm:mbed_tls:2.1.6
  • Arm » Mbed Tls » Version: 2.1.7
    cpe:2.3:a:arm:mbed_tls:2.1.7
  • Arm » Mbed Tls » Version: 2.1.8
    cpe:2.3:a:arm:mbed_tls:2.1.8
  • Arm » Mbed Tls » Version: 2.1.9
    cpe:2.3:a:arm:mbed_tls:2.1.9
  • Arm » Mbed Tls » Version: 2.2.0
    cpe:2.3:a:arm:mbed_tls:2.2.0
  • Arm » Mbed Tls » Version: 2.2.1
    cpe:2.3:a:arm:mbed_tls:2.2.1
  • Arm » Mbed Tls » Version: 2.2.2
    cpe:2.3:a:arm:mbed_tls:2.2.2
  • Arm » Mbed Tls » Version: 2.2.3
    cpe:2.3:a:arm:mbed_tls:2.2.3
  • Arm » Mbed Tls » Version: 2.3.0
    cpe:2.3:a:arm:mbed_tls:2.3.0
  • Arm » Mbed Tls » Version: 2.3.1
    cpe:2.3:a:arm:mbed_tls:2.3.1
  • Arm » Mbed Tls » Version: 2.3.2
    cpe:2.3:a:arm:mbed_tls:2.3.2
  • Arm » Mbed Tls » Version: 2.4.0
    cpe:2.3:a:arm:mbed_tls:2.4.0
  • Arm » Mbed Tls » Version: 2.4.1
    cpe:2.3:a:arm:mbed_tls:2.4.1
  • Arm » Mbed Tls » Version: 2.4.2
    cpe:2.3:a:arm:mbed_tls:2.4.2
  • Arm » Mbed Tls » Version: 2.5.0
    cpe:2.3:a:arm:mbed_tls:2.5.0
  • Arm » Mbed Tls » Version: 2.5.1
    cpe:2.3:a:arm:mbed_tls:2.5.1
  • Arm » Mbed Tls » Version: 2.6.0
    cpe:2.3:a:arm:mbed_tls:2.6.0
  • Arm » Mbed Tls » Version: 2.6.1
    cpe:2.3:a:arm:mbed_tls:2.6.1
  • Arm » Mbed Tls » Version: 2.7.0
    cpe:2.3:a:arm:mbed_tls:2.7.0


Products
Pricing
Contact Us

Shodan ® - All rights reserved