Vulnerabilities > CVE-2020-36421 - Information Exposure Through Discrepancy vulnerability in ARM Mbed TLS

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
arm
CWE-203

Summary

An issue was discovered in Arm Mbed TLS before 2.23.0. Because of a side channel in modular exponentiation, an RSA private key used in a secure enclave could be disclosed.

Vulnerable Configurations

Part Description Count
Application
Arm
135

Common Weakness Enumeration (CWE)