CVE-2018-0498 - OpenCVE

ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows local users to achieve partial plaintext recovery (for a CBC based ciphersuite) via a cache-based side-channel attack.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:M/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Arm	Mbed Tls
Debian	Debian Linux

Configuration 1 [-]

OR	cpe:2.3:a:arm:mbed_tls::::::::
	cpe:2.3:a:arm:mbed_tls::::::::
	cpe:2.3:a:arm:mbed_tls::::::::

Configuration 2 [-]

OR	cpe:2.3:o:debian:debian_linux:8.0:::::::*
	cpe:2.3:o:debian:debian_linux:9.0:::::::*

No data.

References

Link	Providers
https://lists.debian.org/debian-lts-announce/2018/09/msg00029.html
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-02
https://usn.ubuntu.com/4267-1/
https://www.debian.org/security/2018/dsa-4296

History

No history.

MITRE

Status: PUBLISHED

Assigner: debian

Published: 2018-07-28T17:00:00

Updated: 2024-08-05T03:28:10.856Z

Reserved: 2017-11-27T00:00:00

Link: CVE-2018-0498

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-07-28T17:29:00.287

Modified: 2020-02-10T16:15:13.687

Link: CVE-2018-0498

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14", "vendor": "n/a", "versions": [{"status": "affected", "version": "ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14"}]}], "datePublic": "2018-07-28T00:00:00", "descriptions": [{"lang": "en", "value": "ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows local users to achieve partial plaintext recovery (for a CBC based ciphersuite) via a cache-based side-channel attack."}], "problemTypes": [{"descriptions": [{"description": "plaintext recovery", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-02-10T15:06:13", "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "shortName": "debian"}, "references": [{"name": "[debian-lts-announce] 20180925 [SECURITY] [DLA 1518-1] polarssl security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00029.html"}, {"name": "DSA-4296", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2018/dsa-4296"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-02"}, {"name": "USN-4267-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4267-1/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@debian.org", "ID": "CVE-2018-0498", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14", "version": {"version_data": [{"version_value": "ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows local users to achieve partial plaintext recovery (for a CBC based ciphersuite) via a cache-based side-channel attack."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "plaintext recovery"}]}]}, "references": {"reference_data": [{"name": "[debian-lts-announce] 20180925 [SECURITY] [DLA 1518-1] polarssl security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00029.html"}, {"name": "DSA-4296", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4296"}, {"name": "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-02", "refsource": "CONFIRM", "url": "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-02"}, {"name": "USN-4267-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4267-1/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T03:28:10.856Z"}, "title": "CVE Program Container", "references": [{"name": "[debian-lts-announce] 20180925 [SECURITY] [DLA 1518-1] polarssl security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00029.html"}, {"name": "DSA-4296", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2018/dsa-4296"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-02"}, {"name": "USN-4267-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4267-1/"}]}]}, "cveMetadata": {"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "assignerShortName": "debian", "cveId": "CVE-2018-0498", "datePublished": "2018-07-28T17:00:00", "dateReserved": "2017-11-27T00:00:00", "dateUpdated": "2024-08-05T03:28:10.856Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*", "matchCriteriaId": "71452E8B-F845-4575-8D58-7D6FE48759B8", "versionEndExcluding": "2.1.14", "vulnerable": true}, {"criteria": "cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*", "matchCriteriaId": "971334EF-0D28-4569-86F6-F69A22F01E0A", "versionEndExcluding": "2.7.5", "versionStartIncluding": "2.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*", "matchCriteriaId": "4CFF4D8F-4789-4E5E-B741-C511FABFD5A4", "versionEndExcluding": "2.12.0", "versionStartIncluding": "2.8.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows local users to achieve partial plaintext recovery (for a CBC based ciphersuite) via a cache-based side-channel attack."}, {"lang": "es", "value": "ARM mbed TLS en versiones anteriores a la 2.12.0, en versiones anteriores a la 2.7.5 y en versiones anteriores a la 2.1.14 permite a los usuarios locales lograr una recuperaci\u00f3n parcial de texto plano (para un ciphersuite basado en CBC) mediante un ataque de canal lateral basado en cach\u00e9."}], "id": "CVE-2018-0498", "lastModified": "2020-02-10T16:15:13.687", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 1.9, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 1.0, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-07-28T17:29:00.287", "references": [{"source": "security@debian.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00029.html"}, {"source": "security@debian.org", "tags": ["Mitigation", "Third Party Advisory"], "url": "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-02"}, {"source": "security@debian.org", "url": "https://usn.ubuntu.com/4267-1/"}, {"source": "security@debian.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2018/dsa-4296"}], "sourceIdentifier": "security@debian.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}