How severe is CVE-2020-10932?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.7 out of 10.

What type of vulnerability is CVE-2020-10932?

This is classified as CWE-203, which is a common weakness in software security.

CVE-2020-10932

MEDIUM Year: 2020

CVSS v3 Score

4.7

Medium

CVSS v2 Score

1.9

Low

Weakness Type

CWE-203

View all →

Vulnerability Description

An issue was discovered in Arm Mbed TLS before 2.16.6 and 2.7.x before 2.7.15. An attacker that can get precise enough side-channel measurements can recover the long-term ECDSA private key by (1) reconstructing the projective coordinate of the result of scalar multiplication by exploiting side channels in the conversion to affine coordinates; (2) using an attack described by Naccache, Smart, and Stern in 2003 to recover a few bits of the ephemeral scalar from those projective coordinates via several measurements; and (3) using a lattice attack to get from there to the long-term ECDSA private key used for the signatures. Typically an attacker would have sufficient access when attacking an SGX enclave and controlling the untrusted OS.

CVE-2018-0495

MEDIUM

CVSS:4.7(Medium)

Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_e...

CWE-2032018

CVE-2018-16868

MEDIUM

CVSS:4.7(Medium)

A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same ph...

CWE-2032018

CVE-2018-16869

MEDIUM

CVSS:4.7(Medium)

A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run a process on the ...

CWE-2032018

CVE-2019-13628

MEDIUM

CVSS:4.7(Medium)

wolfSSL and wolfCrypt 4.0.0 and earlier (when configured without --enable-fpecc, --enable-sp, or --enable-sp-math) contain a timing side channel in ECDSA signature generation. This allows a local atta...

CWE-2032019

CVE-2019-15809

MEDIUM

CVSS:4.7(Medium)

Smart cards from the Athena SCS manufacturer, based on the Atmel Toolbox 00.03.11.05 and the AT90SC chip, contain a timing side channel in ECDSA signature generation. This allows a local attacker, abl...

CWE-2032019

CVE-2019-18222

MEDIUM

CVSS:4.7(Medium)

The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS through 2.19.1 does not reduce the blinded scalar before computing the inverse, which allows a local attacker to recov...

CWE-2032019

CVE-2020-10932

Vulnerability Description

Related Vulnerabilities

CVE-2018-0495

CVE-2018-16868

CVE-2018-16869

CVE-2019-13628

CVE-2019-15809

CVE-2019-18222