CVE-2020-14145

Published Jun 29, 2020

Last updated 4 months ago

CVSS medium 5.9
Tunneling protocol
Port (22)

Overview

Description
The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.
Source
cve@mitre.org
NVD status
Modified
Products
openssh, aff_a700s_firmware, active_iq_unified_manager, hci_management_node, ontap_select_deploy_administration_utility, solidfire, steelstore_cloud_integrated_storage, hci_compute_node, hci_storage_node

Risk scores

CVSS 3.1

Type
Primary
Base score
5.9
Impact score
3.6
Exploitability score
2.2
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity
MEDIUM

CVSS 2.0

Type
Primary
Base score
4.3
Impact score
2.9
Exploitability score
8.6
Vector string
AV:N/AC:M/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov
CWE-203
134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-203

Social media

Hype score
Not currently trending

  1. [21,22,143,2083,2086,2087,2096],"tags":["starttls"],"vulns":["CVE-2019-16905","CVE-2020-15778","CVE-2007-2768","CVE-2025-26465","CVE-2020-14145","CVE-2023-51385","CVE-2023-51767","CVE-2021-36368","CVE-2021-41617","CVE-2016-20012","CVE-2008-3844","CVE-2023-48795"]} # DEAR ELON

    @BishopXecu74134

    24 May 2025

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network.CVE-2026-33824
  2. Fortinet FortiClient EMS Improper Access Control VulnerabilityCVE-2026-35616
  3. OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority that makes certain use of comma characters.CVE-2026-35414
  4. A malicious SCP server can send unexpected paths that could make the client application override local files outside of working directory. This could be misused to create malicious executable or configuration files and make the user execute them under specific consequences. This is the same issue as in OpenSSH, tracked as CVE-2019-6111.CVE-2026-0964
  5. Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the OpenSSH upstream project itself. The usage of sshpkt_disconnect() on an error, which does not terminate the process, allows an attacker to send an unexpected GSSAPI message type during the GSSAPI key exchange to the server, which will call the underlying function and continue the execution of the program without setting the related connection variables. As the variables are not initialized to NULL the code later accesses those uninitialized variables, accessing random memory, which could lead to undefined behavior. The recommended workaround is to use ssh_packet_disconnect() instead, which does terminate the process. The impact of the vulnerability depends heavily on the compiler flag hardening configuration.CVE-2026-3497

References

Sources include official advisories and independent security research.