Sign In

CVE-2020-14145

ADVISORY - nist

Summary

The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.

EPSS Score: 0.00321 (0.711)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-203

Observable Discrepancy

ADVISORY - redhat

CWE-203

Observable Discrepancy

Impacted images

Advisories

NIST

CREATED

UPDATED

ADVISORY IDCVE-2020-14145
EXPLOITABILITY SCORE

2.2

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-203

CVSS SCORE

5.9medium

Alpine

CREATED

UPDATED

ADVISORY IDCVE-2020-14145
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

Debian

CREATED

UPDATED

ADVISORY IDCVE-2020-14145
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Ubuntu

CREATED

UPDATED

ADVISORY IDCVE-2020-14145
EXPLOITABILITY SCORE

2.2

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

5.9low

Alma

CREATED

UPDATED

ADVISORY IDALSA-2021:4368
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Red Hat

CREATED

UPDATED

ADVISORY IDCVE-2020-14145
EXPLOITABILITY SCORE

2.2

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-203

CVSS SCORE

5.9medium

Rocky

CREATED

UPDATED

ADVISORY IDRLSA-2021:4368
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

SUSE

CREATED

UPDATED

ADVISORY IDCVE-2020-14145
EXPLOITABILITY SCORE

2.2

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

5.9medium

Oracle

CREATED

UPDATED

ADVISORY IDELSA-2021-4368
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium