CVE-2024-28755 is a vulnerability identified in the Mbed TLS cryptographic library, specifically affecting versions 3.5.x prior to 3.6.0. The issue arises when the SSL context is reset using the mbedtls_ssl_session_reset() API call. During this reset process, the maximum TLS version that the server is configured to negotiate is not properly restored. As a result, an attacker can exploit this flaw to prevent the server from establishing TLS 1.3 connections. This leads to two primary security concerns: a denial of service (DoS) condition where TLS 1.3 connections fail to establish, and a forced downgrade attack where connections fall back to the less secure TLS 1.2 protocol. The vulnerability does not expose sensitive data directly but undermines the integrity and availability of secure communications. The flaw can be exploited remotely without requiring authentication or user interaction, increasing its risk profile. The CVSS v3.1 base score is 6.5 (medium severity), reflecting network attack vector, low attack complexity, no privileges required, no user interaction, and impact on integrity and availability but not confidentiality. No known exploits have been reported in the wild as of the publication date. The root cause is a failure in state restoration within the SSL context management in Mbed TLS, a widely used open-source TLS library in embedded and IoT devices. The recommended remediation is to upgrade to Mbed TLS version 3.6.0 or later, where this issue has been fixed.

The primary impact of CVE-2024-28755 is on the availability and integrity of TLS-secured communications using vulnerable versions of Mbed TLS. Organizations relying on Mbed TLS for secure server-client communications may experience denial of service conditions where TLS 1.3 connections cannot be established, potentially disrupting critical services. Additionally, the forced downgrade to TLS 1.2 reduces the security posture by exposing communications to known weaknesses in older TLS versions, increasing the risk of interception or manipulation. This can affect embedded systems, IoT devices, and applications that depend on Mbed TLS for secure communications. While confidentiality is not directly compromised, the downgrade attack vector can indirectly facilitate further attacks. The ease of exploitation without authentication or user interaction means attackers can remotely target vulnerable servers, potentially impacting large-scale deployments. The lack of known exploits in the wild currently limits immediate widespread impact, but the vulnerability represents a significant risk if weaponized. Organizations in sectors such as telecommunications, industrial control, healthcare, and consumer IoT are particularly at risk due to their reliance on embedded TLS implementations.

To mitigate CVE-2024-28755, organizations should immediately upgrade all Mbed TLS deployments to version 3.6.0 or later, where the vulnerability is resolved. For environments where immediate upgrade is not feasible, implement strict network-level controls to limit exposure of TLS servers using vulnerable Mbed TLS versions to untrusted networks. Monitor TLS negotiation logs for unusual downgrade patterns or repeated failed TLS 1.3 handshakes that may indicate exploitation attempts. Employ intrusion detection systems (IDS) with signatures or heuristics tailored to detect abnormal TLS version negotiation behaviors. Review and harden TLS configuration to explicitly disable fallback to TLS 1.2 where possible, enforcing minimum TLS 1.3 usage. For embedded and IoT devices, coordinate with vendors to obtain patched firmware or software updates. Conduct thorough testing of TLS session reset functionality post-patching to ensure the maximum TLS version is correctly restored. Maintain an inventory of all systems using Mbed TLS to prioritize remediation efforts. Finally, educate security teams about this vulnerability and its indicators to improve detection and response capabilities.