CVE-2017-14032

ARM mbed TLS before 1.3.21 and 2.x before 2.1.9, if optional authentication is configured, allows remote attackers to bypass peer authentication via an X.509 certificate chain with many intermediates. NOTE: although mbed TLS was formerly known as PolarSSL, the releases shipped with the PolarSSL name are not affected.

Published: Aug 30, 2017
Updated: Nov 9, 2025
CVE: CVE-2017-14032
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-287

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
arm / mbed_tls	1.3.16	1.3.16.x
arm / mbed_tls	1.3.15	1.3.15.x
arm / mbed_tls	2.1.4	2.1.4.x
arm / mbed_tls	2.4.2	2.4.2.x
arm / mbed_tls	1.3.10	1.3.10.x
arm / mbed_tls	2.1.9	2.1.9.x
arm / mbed_tls	2.5.1	2.5.1.x
arm / mbed_tls	1.3.18	1.3.18.x
arm / mbed_tls	2.1.2	2.1.2.x
arm / mbed_tls	2.1.7	2.1.7.x
arm / mbed_tls	2.0.0	2.0.0.x
arm / mbed_tls	2.3.0	2.3.0.x
arm / mbed_tls	2.2.1	2.2.1.x
arm / mbed_tls	2.1.8	2.1.8.x
arm / mbed_tls	1.3.11	1.3.11.x
arm / mbed_tls	2.2.0	2.2.0.x
arm / mbed_tls	1.3.13	1.3.13.x
arm / mbed_tls	1.3.20	1.3.20.x
arm / mbed_tls	1.3.14	1.3.14.x
arm / mbed_tls	2.1.1	2.1.1.x
arm / mbed_tls	2.1.5	2.1.5.x
arm / mbed_tls	2.1.0	2.1.0.x
arm / mbed_tls	2.1.3	2.1.3.x
arm / mbed_tls	1.3.12	1.3.12.x
arm / mbed_tls	1.3.21	1.3.21.x
arm / mbed_tls	2.6.2	2.6.2.x
arm / mbed_tls	2.1.6	2.1.6.x
arm / mbed_tls	2.4.0	2.4.0.x
arm / mbed_tls	1.3.19	1.3.19.x
arm / mbed_tls	1.3.17	1.3.17.x

Vulnerability Database

313,825

CVE-2017-14032

Deep Security Visibility Without the Complexity