Vulnerabilities > CVE-2020-14145 - Information Exposure Through Discrepancy vulnerability in multiple products

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

openbsd

netapp

CWE-203

NVD

Published: 2020-06-29

Updated: 2022-04-28

Summary

The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.

Vulnerable Configurations

Part	Description	Count
Application	Openbsd Openbsd Openssh 8.4 Openbsd Openssh 5.7 Openbsd Openssh 5.8 Openbsd Openssh 5.8P2 Openbsd Openssh 5.9 Openbsd Openssh 6.0 Openbsd Openssh 6.1 Openbsd Openssh 6.2 Openbsd Openssh 6.3 Openbsd Openssh 6.4 Openbsd Openssh 6.5 Openbsd Openssh 6.6 Openbsd Openssh 6.7 Openbsd Openssh 6.8 Openbsd Openssh 6.9 Openbsd Openssh 7.0 Openbsd Openssh 7.1 Openbsd Openssh 7.2 Openbsd Openssh 7.3 Openbsd Openssh 7.4 Openbsd Openssh 7.5 Openbsd Openssh 7.6 Openbsd Openssh 7.7 Openbsd Openssh 7.8 Openbsd Openssh 7.9 Openbsd Openssh 8.0 Openbsd Openssh 8.1 Openbsd Openssh 8.2 Openbsd Openssh 8.3 Openbsd Openssh 8.5 Openbsd Openssh 8.6	81
Application	Netapp Netapp Steelstore Cloud Integrated Storage - Netapp Ontap Select Deploy Administration Utility - Netapp Active IQ Unified Manager 9.5 Netapp Solidfire - Netapp HCI Management Node -	5
OS	Netapp Netapp AFF A700S Firmware -	1
Hardware	Netapp Netapp AFF A700S - Netapp HCI Storage Node - Netapp HCI Compute Node -	3

Common Weakness Enumeration (CWE)

CWE-203 - Information Exposure Through Discrepancy

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References