CVE-2020-14145 - The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information l

CVE-2020-14145

Summary

The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.

References

Vulnerable Configurations

cpe:2.3:a:openbsd:openssh:8.4:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:8.4:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.7:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.7:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.7:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.7:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.7:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.7:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.8:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.8:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.8:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.8:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.8:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.8:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.8:p2:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.8:p2:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.8p2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.8p2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.9:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.9:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.9:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.9:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.9:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.9:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.0:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.0:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.0:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.0:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.0:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.0:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.1:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.1:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.1:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.1:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.2:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.2:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.2:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.2:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.2:p2:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.2:p2:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.3:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.3:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.3:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.3:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.3:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.3:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.4:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.4:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.4:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.4:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.4:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.4:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.5:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.5:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.5:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.5:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.5:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.5:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.6:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.6:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.6:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.6:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.6:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.6:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.7:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.7:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.7:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.7:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.7:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.7:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.8:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.8:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.8:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.8:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.8:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.8:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.9:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.9:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.9:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.9:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.9:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.9:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:7.0:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:7.0:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:7.0:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:7.0:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:7.0:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:7.0:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:7.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:7.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:7.1:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:7.1:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:7.1:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:7.1:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:7.1:p2:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:7.1:p2:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:7.2:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:7.2:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:7.2:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:7.2:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:7.2:p2:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:7.2:p2:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:7.3:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:7.3:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:7.3:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:7.3:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:7.3:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:7.3:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:7.4:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:7.4:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:7.4:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:7.4:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:7.4:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:7.4:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:7.5:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:7.5:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:7.5:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:7.5:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:7.5:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:7.5:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:7.6:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:7.6:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:7.6:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:7.6:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:7.7:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:7.7:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:7.7:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:7.7:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:7.8:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:7.8:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:7.8:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:7.8:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:7.9:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:7.9:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:7.9:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:7.9:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:8.0:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:8.0:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:8.0:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:8.0:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:8.1:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:8.1:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:8.1:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:8.1:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:8.2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:8.2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:8.3:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:8.3:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:8.3:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:8.3:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:8.3:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:8.3:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:8.4:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:8.4:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:8.5:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:8.5:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:8.6:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:8.6:-:*:*:*:*:*:*
cpe:2.3:o:netapp:aff_a700s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:aff_a700s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:aff_a700s:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:aff_a700s:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:9.5:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:9.5:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 28-04-2022 - 19:34)
Impact:
Exploitability:

CWE

CWE-203

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:N/A:N

refmap via4

confirm	https://security.netapp.com/advisory/ntap-20200709-0004/
misc	https://anongit.mindrot.org/openssh.git/commit/?id=b3855ff053f5078ec3d3c653cdaedefaa5fc362d https://github.com/openssh/openssh-portable/compare/V_8_3_P1...V_8_4_P1 https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-2-ausnutzung-eines-informationslecks-fuer-gezielte-mitm-angriffe-auf-ssh-clients/
mlist	[oss-security] 20201202 Some mitigation for openssh CVE-2020-14145

Last major update

28-04-2022 - 19:34

Published

29-06-2020 - 18:15

Last modified

28-04-2022 - 19:34