CVE-2024-28960 is a vulnerability identified in the Mbed TLS cryptographic library, specifically affecting versions 2.18.0 through 2.28.x prior to 2.28.8 and 3.x prior to 3.6.0, as well as Mbed Crypto. The issue arises from the PSA Crypto API's mishandling of shared memory, which is a critical component in cryptographic operations for secure key management and cryptographic computations. Shared memory mishandling can lead to unauthorized access or leakage of sensitive cryptographic material, thereby compromising confidentiality. The vulnerability is classified under CWE-284 (Improper Access Control), indicating that the flaw allows unauthorized access to protected resources. The CVSS 3.1 base score of 8.2 reflects a high severity, with an attack vector of network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), and no user interaction (UI:N). The scope is unchanged (S:U), meaning the impact is confined to the vulnerable component. The impact metrics indicate high confidentiality impact (C:H), low integrity impact (I:L), and no availability impact (A:N). No known exploits have been reported in the wild yet, but the vulnerability poses a significant risk to systems relying on Mbed TLS for cryptographic security, especially embedded systems, IoT devices, and secure communications infrastructure. The lack of patch links suggests that fixes may be available in newer versions (2.28.8 and 3.6.0) but should be verified and applied promptly.

For European organizations, this vulnerability threatens the confidentiality of cryptographic keys and sensitive data processed by Mbed TLS and Mbed Crypto libraries. Many European industries, including automotive, manufacturing, telecommunications, and critical infrastructure, rely on embedded systems and IoT devices that use Mbed TLS for secure communications and cryptographic functions. Exploitation could lead to unauthorized disclosure of cryptographic keys, enabling attackers to decrypt sensitive communications, impersonate devices, or bypass security controls. Although the integrity and availability impacts are limited, the breach of confidentiality can have severe consequences such as intellectual property theft, disruption of secure communications, and undermining trust in security systems. The risk is heightened in sectors with stringent data protection requirements under GDPR and other regulations. Organizations using affected versions in network-facing devices or cloud services are particularly vulnerable to remote exploitation without user interaction or authentication.

European organizations should immediately identify all instances of Mbed TLS and Mbed Crypto in their environments, including embedded devices, IoT endpoints, and software stacks. They must upgrade to Mbed TLS version 2.28.8 or later, or 3.6.0 or later, where the vulnerability is patched. Where immediate upgrade is not feasible, organizations should implement network segmentation and strict access controls to limit exposure of vulnerable components. Conduct thorough code audits to detect improper shared memory usage in cryptographic APIs and apply secure coding practices to prevent similar issues. Employ runtime protections such as memory isolation and hardware security modules (HSMs) to safeguard cryptographic keys. Monitor network traffic for anomalous activity that could indicate exploitation attempts. Additionally, coordinate with device manufacturers and vendors to ensure timely firmware updates and security patches. Incorporate vulnerability scanning for Mbed TLS versions into regular security assessments and penetration tests.