Vulnetix
Try Vulnetix Request Demo
CVE-2020-14145 REJECTED

The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.

EPSS 1.25% · 79.3th percentile

Risk Scores

EPSS Score
1.25%
79.3th percentile

Affected Products

VendorProductVersions
Ubuntu:22.04:LTSopenssh-ssh11:7.5p1-13, 1:7.5p1-12build1, 1:7.5p1-12
Ubuntu:Pro:FIPS:16.04:LTSopenssh1:7.2p2-4ubuntu2.fips.2.10.2, 1:7.2p2-4ubuntu2.fips.2.10.1, 1:7.2p2-4ubuntu2.fips.2.8.1
Ubuntu:22.04:LTSopenssh1:8.9p1-3ubuntu0.1, 1:8.7p1-2build1, 1:8.7p1-4
Ubuntu:Pro:FIPS:20.04:LTSopenssh1:8.2p1-4ubuntu0.fips.0.2.1, 0
Ubuntu:Pro:FIPS:18.04:LTSopenssh0, 1:7.9p1-10~ubuntu18.04.fips.0.1, 1:7.9p1-10~ubuntu18.04.fips.0.2
Ubuntu:Pro:FIPS-updates:20.04:LTSopenssh1:8.2p1-4ubuntu0.fips.0.5.0, 1:8.2p1-4ubuntu0.fips.0.13, 1:8.2p1-4ubuntu0.fips.0.12
Ubuntu:Pro:16.04:LTSopenssh1:7.2p2-4ubuntu2.10+esm4, 1:7.2p2-4ubuntu2.10+esm5, 1:7.2p2-4ubuntu2.10+esm6
Ubuntu:Pro:20.04:LTSopenssh-ssh10, 1:7.5p1-11build1
Ubuntu:Pro:14.04:LTSopenssh1:6.6p1-2ubuntu2.8, 1:6.2p2-6, 1:6.2p2-6ubuntu1
Ubuntu:Pro:20.04:LTSopenssh1:8.2p1-4ubuntu0.2, 1:8.2p1-4ubuntu0.3, 1:8.2p1-4ubuntu0.4
Ubuntu:Pro:18.04:LTSopenssh0, 1:7.6p1-4ubuntu0.7+esm4, 1:7.6p1-4ubuntu0.7+esm3
Ubuntu:Pro:FIPS-updates:18.04:LTSopenssh1:7.9p1-10~ubuntu18.04.fips.0.2, 1:7.9p1-10~ubuntu18.04.fips.0.1, 0
Ubuntu:Pro:18.04:LTSopenssh-ssh11:7.5p1-9build1, 1:7.5p1-8, 0

Timeline

References

Open in Interactive Console →