Search for vulnerabilities
Vulnerability details: VCID-s62q-xa3g-wkea
Vulnerability ID VCID-s62q-xa3g-wkea
Aliases CVE-2021-24119
Summary In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-203 Observable Discrepancy
System Score Found at
epss 0.00294 https://api.first.org/data/v1/epss?cve=CVE-2021-24119
epss 0.00294 https://api.first.org/data/v1/epss?cve=CVE-2021-24119
epss 0.00294 https://api.first.org/data/v1/epss?cve=CVE-2021-24119
epss 0.00294 https://api.first.org/data/v1/epss?cve=CVE-2021-24119
epss 0.00294 https://api.first.org/data/v1/epss?cve=CVE-2021-24119
epss 0.00294 https://api.first.org/data/v1/epss?cve=CVE-2021-24119
epss 0.00294 https://api.first.org/data/v1/epss?cve=CVE-2021-24119
epss 0.00294 https://api.first.org/data/v1/epss?cve=CVE-2021-24119
epss 0.00294 https://api.first.org/data/v1/epss?cve=CVE-2021-24119
epss 0.00354 https://api.first.org/data/v1/epss?cve=CVE-2021-24119
epss 0.00354 https://api.first.org/data/v1/epss?cve=CVE-2021-24119
epss 0.00354 https://api.first.org/data/v1/epss?cve=CVE-2021-24119
epss 0.00354 https://api.first.org/data/v1/epss?cve=CVE-2021-24119
epss 0.00354 https://api.first.org/data/v1/epss?cve=CVE-2021-24119
epss 0.00354 https://api.first.org/data/v1/epss?cve=CVE-2021-24119
epss 0.00354 https://api.first.org/data/v1/epss?cve=CVE-2021-24119
epss 0.00354 https://api.first.org/data/v1/epss?cve=CVE-2021-24119
epss 0.00354 https://api.first.org/data/v1/epss?cve=CVE-2021-24119
epss 0.00354 https://api.first.org/data/v1/epss?cve=CVE-2021-24119
epss 0.00354 https://api.first.org/data/v1/epss?cve=CVE-2021-24119
epss 0.00354 https://api.first.org/data/v1/epss?cve=CVE-2021-24119
epss 0.00354 https://api.first.org/data/v1/epss?cve=CVE-2021-24119
epss 0.00354 https://api.first.org/data/v1/epss?cve=CVE-2021-24119
epss 0.00354 https://api.first.org/data/v1/epss?cve=CVE-2021-24119
epss 0.00354 https://api.first.org/data/v1/epss?cve=CVE-2021-24119
epss 0.00354 https://api.first.org/data/v1/epss?cve=CVE-2021-24119
cvssv2 4.0 https://nvd.nist.gov/vuln/detail/CVE-2021-24119
cvssv3.1 4.9 https://nvd.nist.gov/vuln/detail/CVE-2021-24119
archlinux Medium https://security.archlinux.org/AVG-2153
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2021-24119
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24119
https://github.com/ARMmbed/mbedtls/releases
https://github.com/UzL-ITS/util-lookup/blob/main/cve-vulnerability-publication.md
https://lists.debian.org/debian-lts-announce/2021/11/msg00021.html
https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DRRVY7DMTX3ECFNZKDYTSFEG5AI2HBC6/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EYJW7HAW3TDV2YMDFYXP3HD6WRQRTLJW/
ASA-202107-27 https://security.archlinux.org/ASA-202107-27
AVG-2153 https://security.archlinux.org/AVG-2153
cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
CVE-2021-24119 https://nvd.nist.gov/vuln/detail/CVE-2021-24119
No exploits are available.
Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2021-24119
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2021-24119
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.52286
EPSS Score 0.00294
Published At Sept. 9, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T10:17:53.149974+00:00 NVD Importer Import https://nvd.nist.gov/vuln/detail/CVE-2021-24119 37.0.0