VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-82um-cbtw-zqac

Essentials
Severities (35)
References (9)
Severity details (8)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-82um-cbtw-zqac
Aliases	CVE-2024-28755
Summary	An issue was discovered in Mbed TLS 3.5.x before 3.6.0. When an SSL context was reset with the mbedtls_ssl_session_reset() API, the maximum TLS version to be negotiated was not restored to the configured one. An attacker was able to prevent an Mbed TLS server from establishing any TLS 1.3 connection, potentially resulting in a Denial of Service or forced version downgrade from TLS 1.3 to TLS 1.2.
Status	Published
Exploitability	0.5
Weighted Severity	5.9
Risk	3.0
Affected and Fixed Packages	Package Details

Weaknesses (0)

There are no known CWE.

System	Score	Found at
epss	0.00127	https://api.first.org/data/v1/epss?cve=CVE-2024-28755
epss	0.00127	https://api.first.org/data/v1/epss?cve=CVE-2024-28755
epss	0.00127	https://api.first.org/data/v1/epss?cve=CVE-2024-28755
epss	0.00127	https://api.first.org/data/v1/epss?cve=CVE-2024-28755
epss	0.00127	https://api.first.org/data/v1/epss?cve=CVE-2024-28755
epss	0.00127	https://api.first.org/data/v1/epss?cve=CVE-2024-28755
epss	0.00127	https://api.first.org/data/v1/epss?cve=CVE-2024-28755
epss	0.00127	https://api.first.org/data/v1/epss?cve=CVE-2024-28755
epss	0.00127	https://api.first.org/data/v1/epss?cve=CVE-2024-28755
epss	0.00127	https://api.first.org/data/v1/epss?cve=CVE-2024-28755
epss	0.00127	https://api.first.org/data/v1/epss?cve=CVE-2024-28755
epss	0.00127	https://api.first.org/data/v1/epss?cve=CVE-2024-28755
epss	0.00127	https://api.first.org/data/v1/epss?cve=CVE-2024-28755
epss	0.00127	https://api.first.org/data/v1/epss?cve=CVE-2024-28755
epss	0.00127	https://api.first.org/data/v1/epss?cve=CVE-2024-28755
epss	0.00127	https://api.first.org/data/v1/epss?cve=CVE-2024-28755
epss	0.00127	https://api.first.org/data/v1/epss?cve=CVE-2024-28755
epss	0.00127	https://api.first.org/data/v1/epss?cve=CVE-2024-28755
epss	0.00127	https://api.first.org/data/v1/epss?cve=CVE-2024-28755
epss	0.00127	https://api.first.org/data/v1/epss?cve=CVE-2024-28755
epss	0.00127	https://api.first.org/data/v1/epss?cve=CVE-2024-28755
epss	0.00127	https://api.first.org/data/v1/epss?cve=CVE-2024-28755
epss	0.00127	https://api.first.org/data/v1/epss?cve=CVE-2024-28755
epss	0.00127	https://api.first.org/data/v1/epss?cve=CVE-2024-28755
epss	0.00127	https://api.first.org/data/v1/epss?cve=CVE-2024-28755
epss	0.00127	https://api.first.org/data/v1/epss?cve=CVE-2024-28755
epss	0.00127	https://api.first.org/data/v1/epss?cve=CVE-2024-28755
cvssv3.1	6.5	https://github.com/hey3e
ssvc	Track	https://github.com/hey3e
cvssv3.1	6.5	https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.6.0
ssvc	Track	https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.6.0
cvssv3.1	6.5	https://hey3e.github.io
ssvc	Track	https://hey3e.github.io
cvssv3.1	6.5	https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/
ssvc	Track	https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2024-28755
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28755
1077686		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077686
cpe:2.3:a:arm:mbed_tls::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:arm:mbed_tls::::::::
CVE-2024-28755		https://nvd.nist.gov/vuln/detail/CVE-2024-28755
hey3e		https://github.com/hey3e
hey3e.github.io		https://hey3e.github.io
security-advisories		https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/
v3.6.0		https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.6.0

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L Found at https://github.com/hey3e

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-29T15:04:39Z/ Found at https://github.com/hey3e

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L Found at https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.6.0

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-29T15:04:39Z/ Found at https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.6.0

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L Found at https://hey3e.github.io

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-29T15:04:39Z/ Found at https://hey3e.github.io

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L Found at https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-29T15:04:39Z/ Found at https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/

Exploit Prediction Scoring System (EPSS)

Percentile	0.32992
EPSS Score	0.00127
Published At	July 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:58:38.323631+00:00	Vulnrichment	Import	https://github.com/cisagov/vulnrichment/blob/develop/2024/28xxx/CVE-2024-28755.json	37.0.0