Exploit for #VU28557 Man-in-the-Middle (MitM) attack in GnuTLS

Exploit for #VU28557 Man-in-the-Middle (MitM) attack in GnuTLS

Published: 2020-06-10 | Updated: 2020-07-15

Vulnerability identifier: #VU28557

Vulnerability risk: Medium

CVSSv3.1: 5.5 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2020-13777

CWE-ID: CWE-300

Exploitation vector: Local network

Exploits in database: 3

July 15, 2020
- PoC_TLS1_3_CVE-2020-13777 () [Github]
June 19, 2020
- challenge_CVE-2020-13777 (Challange CVE-2020-13777 ) [Github]
June 10, 2020
- cve-2020-13777 (Zeek script to detect servers vulnerable to CVE-2020-13777) [Github]

Impact: Information disclosure and data manipulation

Vulnerable software:
GnuTLS
Universal components / Libraries / Libraries used by multiple products

Vendor: GnuTLS