Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2020-14145

Опубликовано: 29 июн. 2020
Источник: nvd
CVSS3: 5.9
CVSS2: 4.3
EPSS Низкий

Описание

The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*
Версия от 5.7 (включая) до 8.4 (исключая)
cpe:2.3:a:openbsd:openssh:8.4:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:8.5:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:8.6:-:*:*:*:*:*:*
Конфигурация 2

Одновременно

cpe:2.3:o:netapp:aff_a700s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:aff_a700s:-:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*
Версия от 9.5 (включая)
cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*

EPSS

Процентиль: 79%
0.01254
Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-203
CWE-203

Связанные уязвимости

ubuntu логотип

CVE-2020-14145

CVSS3: 5.9
ubuntu
больше 5 лет назад

The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.

redhat логотип

CVE-2020-14145

CVSS3: 5.9
redhat
больше 5 лет назад

The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.

msrc логотип

CVE-2020-14145

CVSS3: 5.9
msrc
больше 5 лет назад

Описание отсутствует

debian логотип

CVE-2020-14145

CVSS3: 5.9
debian
больше 5 лет назад

The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepan ...

suse-cvrf логотип

openSUSE-SU-2020:2298-1

suse-cvrf
около 5 лет назад

Security update for openssh

EPSS

Процентиль: 79%
0.01254
Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-203
CWE-203