Lucene search
Ubuntu.comUB:CVE-2024-5814HistoryAug 27, 2024 - 12:00 a.m.
CVE-2024-5814
2024-08-2700:00:00
ubuntu.com
ubuntu.com
1
tls1.2
tls1.3
ciphersuite
server hello
downgrade capability
CVSS4
5.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
ACTIVE
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/SC:N/VI:N/SI:N/VA:N/SA:N/AU:Y/U:Green/V:D/RE:M
AI Score
6.9
Confidence
Low
A malicious TLS1.2 server can force a TLS1.3 client with downgrade
capability to use a ciphersuite that it did not agree to and achieve a
successful connection. This is because, aside from the extensions, the
client was skipping fully parsing the server hello.
https://doi.org/10.46586/tches.v2024.i1.457-500
Related
cvelist
cvelist
CVE-2024-5814 Unverifed Ciphersuite used on a client-side TLS1.3 Downgrade
2024-08-27 18:38:08
nvd
nvd
CVE-2024-5814
2024-08-27 19:15:17
osv
osv
CVE-2024-5814
2024-08-27 19:15:17
vulnrichment
vulnrichment
CVE-2024-5814 Unverifed Ciphersuite used on a client-side TLS1.3 Downgrade
2024-08-27 18:38:08
debiancve
debiancve
CVE-2024-5814
2024-08-27 19:15:17
cve
cve
CVE-2024-5814
2024-08-27 19:15:17
alpinelinux
alpinelinux
CVE-2024-5814
2024-08-27 19:15:17
freebsd
freebsd
netatalk3 -- multiple WolfSSL vulnerabilities
2024-09-08 00:00:00
slackware
slackware
[slackware-security] netatalk
2024-09-09 17:33:03
openvas
openvas
Slackware: Security Advisory (SSA:2024-253-01)
2024-09-10 00:00:00
nessus
nessus
CVSS4
5.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
ACTIVE
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/SC:N/VI:N/SI:N/VA:N/SA:N/AU:Y/U:Green/V:D/RE:M
AI Score
6.9
Confidence
Low
Related for UB:CVE-2024-5814