External risk intelligence

Mbed TLS TLS 1.3 Client Certificate Validation Flaw

CVE advisorySeverity: CRITICAL (CVSS 9.8)

CVE-2024-45159

Mbed TLS's TLS 1.3 implementation contains a flaw where servers with optional client authentication might incorrectly accept client certificates not intended for that purpose. This could allow an attacker to impersonate a legitimate client, potentially gaining unauthorized access. It is crucial to identify deployments

4Halo Surface Signal

Trustedfirmware Mbed Tls

3.2.0 to before 3.6.1

External exposure likelihood

Halo Surface Signal score for CVE-2024-45159

Mbed TLS is a widely used cryptographic library embedded in numerous internet-facing services, appliances, and network-connected devices. Because this vulnerability affects the TLS 1.3 handshake process in server deployments, it impacts services that act as public-facing endpoints or gateways, making the vulnerable functionality commonly reachable from the internet.

PCI scan relevance

PCI Relevance for CVE-2024-45159

Yes

CVE-2024-45159 — Halo PCI Relevance: Yes. Under typical PCI ASV external scan criteria, this issue may be flagged for scan prioritization.

This vulnerability allows attackers to bypass client authentication using a fraudulent certificate, potentially leading to a PCI scan failure.

Scan-prioritization guidance only—not a PCI DSS certification or ASV attestation.

Horizon Alert

Summary of the vulnerability and why it matters

This advisory addresses a critical vulnerability in Mbed TLS affecting its TLS 1.3 implementation when optional client authentication is enabled. The flaw could allow an attacker with a certificate valid for other purposes to use it for TLS client authentication, potentially compromising secure connections. The main concern is confirming relevance and exposure within your environment.

Flaw permits unauthenticated client certificate use.
Critical for servers using TLS 1.3 optional authentication.
Confirm relevance and exposure in your network.

Attack Path

How an attacker could exploit the issue

An attacker can initiate a TLS 1.3 connection to a server using Mbed TLS. If the server has optional client authentication enabled, the attacker can present a certificate that is not properly validated for TLS client authentication. This allows the attacker to establish a connection as an authenticated client, potentially leading to a compromise of the server.

Unauthenticated network access required.
Attacker uses a malformed certificate.
Enables unauthorized authenticated access.

Live Threat

Current exploitation, exposure, and threat context

When TLS 1.3 is used with optional client authentication, a server might incorrectly accept a client certificate that is not valid for client authentication. This could allow an attacker to impersonate a legitimate client, potentially accessing services or data.

Server authentication certificates.
Malicious client certificates accepted.
Unauthorized access to services.

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

This vulnerability in Mbed TLS affects TLS 1.3 servers that enable optional client authentication. Identifying where Mbed TLS is deployed, specifically for TLS 1.3 server roles with optional client authentication, is the critical first step. Infrastructure and platform teams are likely responsible for managing the library, while network and security teams should assess external exposure. Confirming the presence and role of the affected technology will guide the accountable owner in planning remediation based on risk.

Identify Mbed TLS TLS 1.3 server deployments.
Verify TLS 1.3 server optional client authentication.
Plan remediation based on exposure and risk.

Frequently asked questions

What is Mbed TLS used for in cybersecurity?

Mbed TLS is a widely used open-source cryptographic library that provides TLS and SSL protocols. It's commonly embedded in various devices and applications to secure network communications, protect data, and ensure authentication. It's a foundational component for secure embedded systems and network services.

What kind of weakness does CVE-2024-45159 represent?

CVE-2024-45159 is an example of a CWE-295 Improper Validation of Certificate With Negative Consequences vulnerability. This means that Mbed TLS failed to properly validate certain aspects of a client's certificate during a TLS 1.3 handshake, specifically related to key usage extensions.

What are the attacker's preconditions to exploit CVE-2024-45159?

An attacker needs to initiate a TLS 1.3 connection to a server running the vulnerable Mbed TLS version. The server must also have optional client authentication enabled, and the attacker must possess a certificate that is valid for purposes other than TLS client authentication but is not correctly validated by the server.

Who should be concerned about this Mbed TLS vulnerability?

Organizations that use Mbed TLS for their internet-facing services or network-connected devices that act as public-facing endpoints should be concerned. If these services employ TLS 1.3 with optional client authentication, they are potentially exposed.

What is the first step for responding to this Mbed TLS threat?

The crucial first step is to identify all instances where Mbed TLS is deployed as a TLS 1.3 server and whether optional client authentication is enabled. This involves inventorying your network devices and services to pinpoint the affected technology and its role.

References

Written by Nicholas Merritt

External-surface CVE analysis and Halo Surface Signal prioritization for Halo Threat Intelligence.