CVE-2024-23170

Summary

CVE-2024-23170 is a newly discovered vulnerability affecting Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. This issue involves a timing side channel in RSA private operations, which can be exploited by a local attacker to potentially recover the plaintext. The exploit requires the attacker to send a large volume of messages for decryption, as outlined in the research paper "Everlasting ROBOT: the Marvin Attack" by Hubert Kario. This side channel attack could pose a significant risk to systems using the affected versions of Mbed TLS. Organizations utilizing these versions are encouraged to upgrade to the latest patches to mitigate this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.