Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2020-14145

Published: 29/06/2020 Updated: 28/04/2022
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Subscribe to Openssh

Vulnerability Summary

The client side in OpenSSH 5.7 up to and including 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle malicious users to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

openbsd openssh 8.4

openbsd openssh

openbsd openssh 8.5

openbsd openssh 8.6

netapp aff_a700s_firmware -

netapp steelstore cloud integrated storage -

netapp ontap select deploy administration utility -

netapp active iq unified manager

netapp solidfire -

netapp hci management node -

netapp hci storage node -

netapp hci compute node -

Vendor Advisories

Red Hat: Important: Red Hat OpenShift GitOps security update
Synopsis Important: Red Hat OpenShift GitOps security update Type/Severity Security Advisory: Important Topic An update for openshift-gitops-applicationset-container, openshift-gitops-container, openshift-gitops-kam-delivery-container, and openshift-gitops-operator-container is now available for Red Hat OpenShift GitOps 12 (GitOps v122)Re ...
Brocade Security Advisories: Access Denied
Menu Log in ...

ICS Advisories

https://ics-cert.us-cert.gov/advisories/fd87a3fc00e025fdc5034360097d2bdf
Critical Infrastructure Sectors: Critical Manufacturing

Github Repositories

https://github.com/VladimirFogel/PRO4

PRO4 - SSH Playground Prerequisites Before starting make sure you have the following programs installed git pip python3-virtualenv Installation Clone this repository using: git clone githubcom/VladimirFogel/PRO4git Navigate to the cloned directory using: cd PRO4 Install the required pac

References

CWE-203https://github.com/openssh/openssh-portable/compare/V_8_3_P1...V_8_4_P1https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-2-ausnutzung-eines-informationslecks-fuer-gezielte-mitm-angriffe-auf-ssh-clients/https://security.netapp.com/advisory/ntap-20200709-0004/http://www.openwall.com/lists/oss-security/2020/12/02/1https://anongit.mindrot.org/openssh.git/commit/?id=b3855ff053f5078ec3d3c653cdaedefaa5fc362dhttps://github.com/ssh-mitm/ssh-mitm/blob/master/ssh_proxy_server/plugins/session/cve202014145.pyhttps://docs.ssh-mitm.at/CVE-2020-14145.htmlhttps://security.gentoo.org/glsa/202105-35https://access.redhat.com/errata/RHSA-2022:0580https://nvd.nist.govhttps://www.cisa.gov/news-events/ics-advisories/icsa-23-348-10
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-47626CVE-2024-3400physicalCVE-2024-31426CVE-2024-22423CVE-2024-22438injectlocal usersCVE-2024-3797
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook