4.3
CVSSv2

CVE-2020-14145

Published: 29/06/2020 Updated: 25/02/2021
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Vulnerability Summary

The client side in OpenSSH 5.7 up to and including 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle malicious users to target initial connection attempts (where no host key for the server has been cached by the client).

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

openbsd openssh

openbsd openssh 8.4

netapp aff_a700s_firmware -

netapp active iq unified manager

netapp hci management node -

netapp ontap select deploy administration utility -

netapp solidfire -

netapp steelstore cloud integrated storage -

netapp hci compute node -

netapp hci storage node -

Vendor Advisories

IBM Security Guardium Insights has addressed the following vulnerabilities ...

Mailing Lists

Hi, We reviewed the openssh CVE-2020-14145 and the openssh team commited a partial mitigation of this issue which is included in openssh 84 anongitmindrotorg/opensshgit/commit/?id=b3855ff053f5078ec3d3c653cdaedefaa5fc362d I filed a CVE update request to include above That said, "key/certificate pinning on first connect" is still tr ...

Github Repositories

################################################################################################## QUESTÃO 1: ################################################################################################## analyst@router: eth0 1722403 Mask 2552552550 Bcast 172240255 Subnet 1722400/24 eth1 1722503 Mask 2552552550 Bcast 1722