ID CVE-2020-14002
Summary PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client).
References
Vulnerable Configurations
  • cpe:2.3:a:putty:putty:0.68:*:*:*:*:*:*:*
    cpe:2.3:a:putty:putty:0.68:*:*:*:*:*:*:*
  • cpe:2.3:a:putty:putty:0.69:*:*:*:*:*:*:*
    cpe:2.3:a:putty:putty:0.69:*:*:*:*:*:*:*
  • cpe:2.3:a:putty:putty:0.70:*:*:*:*:*:*:*
    cpe:2.3:a:putty:putty:0.70:*:*:*:*:*:*:*
  • cpe:2.3:a:putty:putty:0.71:*:*:*:*:*:*:*
    cpe:2.3:a:putty:putty:0.71:*:*:*:*:*:*:*
  • cpe:2.3:a:putty:putty:0.72:*:*:*:*:*:*:*
    cpe:2.3:a:putty:putty:0.72:*:*:*:*:*:*:*
  • cpe:2.3:a:putty:putty:0.73:*:*:*:*:*:*:*
    cpe:2.3:a:putty:putty:0.73:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:oncommand_unified_manager_core_package:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:oncommand_unified_manager_core_package:-:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 03-05-2022 - 13:59)
Impact:
Exploitability:
CWE CWE-203
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:N/A:N
refmap via4
confirm https://security.netapp.com/advisory/ntap-20200717-0003/
fedora
  • FEDORA-2020-35442ce9b7
  • FEDORA-2020-f4dba093f1
misc
Last major update 03-05-2022 - 13:59
Published 29-06-2020 - 18:15
Last modified 03-05-2022 - 13:59
Back to Top