4.3
CVSSv2

CVE-2020-14145

Published: 29/06/2020 Updated: 09/07/2020
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Vulnerability Summary

The client side in OpenSSH 5.7 up to and including 8.3 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle malicious users to target initial connection attempts (where no host key for the server has been cached by the client).

Vulnerability Trend

Affected Products

Vendor Product Versions
OpenbsdOpenssh5.7, 5.8, 5.8p2, 5.9, 6.0, 6.1, 6.2, 6.3, 6.4, 6.5, 6.6, 6.7, 6.8, 6.9, 7.0, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3