VDB

CVE-2020-14145

CVE-2020-14145 REJECTED

The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.

EPSS 1.25% · 79.7th percentile

Risk Scores

EPSS Score
1.25%
79.7th percentile

Affected Products

VendorProductVersions
Ubuntu:22.04:LTSopenssh-ssh11:7.5p1-12, 1:7.5p1-12build1, 1:7.5p1-13
Ubuntu:Pro:FIPS:16.04:LTSopenssh1:7.2p2-4ubuntu2.fips.2.10.3, 1:7.2p2-4ubuntu2.fips.2.10.1, 1:7.2p2-4ubuntu2.fips.2.8.1
Ubuntu:22.04:LTSopenssh1:8.7p1-4, *, *
Ubuntu:Pro:FIPS:20.04:LTSopenssh0, 1:8.2p1-4ubuntu0.fips.0.2.1
Ubuntu:Pro:FIPS:18.04:LTSopenssh1:7.9p1-10~ubuntu18.04.fips.0.2, *, 0
Ubuntu:Pro:FIPS-updates:20.04:LTSopenssh1:8.2p1-4ubuntu0.fips.0.8, 1:8.2p1-4ubuntu0.fips.0.9, *
Ubuntu:Pro:16.04:LTSopenssh*, 1:6.9p1-3, 1:7.1p1-1
Ubuntu:Pro:20.04:LTSopenssh-ssh10, 1:7.5p1-11build1
Ubuntu:Pro:14.04:LTSopenssh1:6.6p1-1, 1:6.6p1-2, 1:6.6p1-2ubuntu1
Ubuntu:Pro:20.04:LTSopenssh*, 0, 1:8.1p1-1
Ubuntu:Pro:18.04:LTSopenssh1:7.6p1-4ubuntu0.1, 1:7.6p1-4ubuntu0.3, 1:7.6p1-4ubuntu0.2
Ubuntu:Pro:FIPS-updates:18.04:LTSopenssh1:7.9p1-10~ubuntu18.04.fips.0.10, 0, 1:7.9p1-10~ubuntu18.04.fips.0.1
Ubuntu:Pro:18.04:LTSopenssh-ssh11:7.5p1-9, 1:7.5p1-9build1, *

Exploit Intelligence

…and 11 more exploits

Timeline

  • Jun 29, 2020 CVE Published
  • Apr 14, 2021 EPSS Score
  • Jun 23, 2021 EPSS Score
  • Oct 26, 2021 EPSS Score
  • Dec 27, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Feb 28, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • May 1, 2022 EPSS Score
  • Jul 3, 2022 EPSS Score
  • Nov 6, 2022 EPSS Score
  • Jan 8, 2023 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›