VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-fhf5-dwz2-97g3

Essentials
Severities (87)
References (7)
Severity details (9)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-fhf5-dwz2-97g3
Aliases	CVE-2024-45157
Summary	An issue was discovered in Mbed TLS before 2.28.9 and 3.x before 3.6.1, in which the user-selected algorithm is not used. Unlike previously documented, enabling MBEDTLS_PSA_HMAC_DRBG_MD_TYPE does not cause the PSA subsystem to use HMAC_DRBG: it uses HMAC_DRBG only when MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG and MBEDTLS_CTR_DRBG_C are disabled.
Status	Published
Exploitability	0.5
Weighted Severity	4.6
Risk	2.3
Affected and Fixed Packages	Package Details

Weaknesses (0)

There are no known CWE.

System	Score	Found at
epss	0.00012	https://api.first.org/data/v1/epss?cve=CVE-2024-45157
epss	0.00012	https://api.first.org/data/v1/epss?cve=CVE-2024-45157
epss	0.00012	https://api.first.org/data/v1/epss?cve=CVE-2024-45157
epss	0.00012	https://api.first.org/data/v1/epss?cve=CVE-2024-45157
epss	0.00012	https://api.first.org/data/v1/epss?cve=CVE-2024-45157
epss	0.00012	https://api.first.org/data/v1/epss?cve=CVE-2024-45157
epss	0.00012	https://api.first.org/data/v1/epss?cve=CVE-2024-45157
epss	0.00012	https://api.first.org/data/v1/epss?cve=CVE-2024-45157
epss	0.00012	https://api.first.org/data/v1/epss?cve=CVE-2024-45157
epss	0.00012	https://api.first.org/data/v1/epss?cve=CVE-2024-45157
epss	0.00012	https://api.first.org/data/v1/epss?cve=CVE-2024-45157
epss	0.00012	https://api.first.org/data/v1/epss?cve=CVE-2024-45157
epss	0.00012	https://api.first.org/data/v1/epss?cve=CVE-2024-45157
epss	0.00012	https://api.first.org/data/v1/epss?cve=CVE-2024-45157
epss	0.00012	https://api.first.org/data/v1/epss?cve=CVE-2024-45157
epss	0.00012	https://api.first.org/data/v1/epss?cve=CVE-2024-45157
epss	0.00012	https://api.first.org/data/v1/epss?cve=CVE-2024-45157
epss	0.00012	https://api.first.org/data/v1/epss?cve=CVE-2024-45157
epss	0.00012	https://api.first.org/data/v1/epss?cve=CVE-2024-45157
epss	0.00012	https://api.first.org/data/v1/epss?cve=CVE-2024-45157
epss	0.00012	https://api.first.org/data/v1/epss?cve=CVE-2024-45157
epss	0.00012	https://api.first.org/data/v1/epss?cve=CVE-2024-45157
epss	0.00012	https://api.first.org/data/v1/epss?cve=CVE-2024-45157
epss	0.00012	https://api.first.org/data/v1/epss?cve=CVE-2024-45157
epss	0.00012	https://api.first.org/data/v1/epss?cve=CVE-2024-45157
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2024-45157
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2024-45157
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2024-45157
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2024-45157
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2024-45157
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2024-45157
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2024-45157
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2024-45157
epss	0.00015	https://api.first.org/data/v1/epss?cve=CVE-2024-45157
epss	0.00015	https://api.first.org/data/v1/epss?cve=CVE-2024-45157
epss	0.00015	https://api.first.org/data/v1/epss?cve=CVE-2024-45157
epss	0.00015	https://api.first.org/data/v1/epss?cve=CVE-2024-45157
epss	0.00015	https://api.first.org/data/v1/epss?cve=CVE-2024-45157
epss	0.00015	https://api.first.org/data/v1/epss?cve=CVE-2024-45157
epss	0.00015	https://api.first.org/data/v1/epss?cve=CVE-2024-45157
epss	0.00015	https://api.first.org/data/v1/epss?cve=CVE-2024-45157
epss	0.00015	https://api.first.org/data/v1/epss?cve=CVE-2024-45157
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2024-45157
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2024-45157
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2024-45157
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2024-45157
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2024-45157
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2024-45157
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2024-45157
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2024-45157
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2024-45157
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2024-45157
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2024-45157
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2024-45157
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2024-45157
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2024-45157
epss	0.00036	https://api.first.org/data/v1/epss?cve=CVE-2024-45157
epss	0.00036	https://api.first.org/data/v1/epss?cve=CVE-2024-45157
epss	0.00041	https://api.first.org/data/v1/epss?cve=CVE-2024-45157
epss	0.00041	https://api.first.org/data/v1/epss?cve=CVE-2024-45157
epss	0.00041	https://api.first.org/data/v1/epss?cve=CVE-2024-45157
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2024-45157
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2024-45157
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2024-45157
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2024-45157
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2024-45157
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2024-45157
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2024-45157
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2024-45157
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2024-45157
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2024-45157
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2024-45157
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2024-45157
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2024-45157
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2024-45157
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2024-45157
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2024-45157
epss	0.0009	https://api.first.org/data/v1/epss?cve=CVE-2024-45157
cvssv3.1	5.1	https://github.com/Mbed-TLS/mbedtls/releases/
ssvc	Track	https://github.com/Mbed-TLS/mbedtls/releases/
cvssv3.1	5.1	https://mbed-tls.readthedocs.io/en/latest/security-advisories/
cvssv3.1	5.1	https://mbed-tls.readthedocs.io/en/latest/security-advisories/
ssvc	Track	https://mbed-tls.readthedocs.io/en/latest/security-advisories/
cvssv3.1	5.1	https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-08-1/
ssvc	Track	https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-08-1/
cvssv3	5.1	https://nvd.nist.gov/vuln/detail/CVE-2024-45157
cvssv3.1	5.1	https://nvd.nist.gov/vuln/detail/CVE-2024-45157

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2024-45157
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45157
		https://github.com/Mbed-TLS/mbedtls/releases/
		https://mbed-tls.readthedocs.io/en/latest/security-advisories/
		https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-08-1/
cpe:2.3:a:arm:mbed_tls::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:arm:mbed_tls::::::::
CVE-2024-45157		https://nvd.nist.gov/vuln/detail/CVE-2024-45157

No exploits are available.

Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/Mbed-TLS/mbedtls/releases/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T20:29:47Z/ Found at https://github.com/Mbed-TLS/mbedtls/releases/

Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://mbed-tls.readthedocs.io/en/latest/security-advisories/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://mbed-tls.readthedocs.io/en/latest/security-advisories/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T20:29:47Z/ Found at https://mbed-tls.readthedocs.io/en/latest/security-advisories/

Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-08-1/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T20:29:47Z/ Found at https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-08-1/

Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2024-45157

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2024-45157

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.00798
EPSS Score	0.00012
Published At	April 6, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2024-09-17T19:11:22.388121+00:00	NVD Importer	Import	https://nvd.nist.gov/vuln/detail/CVE-2024-45157	34.0.1