Vulnerability identifier: #VU32937

Vulnerability risk: Medium

CVSSv3.1: 4.8 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:W/RC:C]

CVE-ID: CVE-2020-14145

CWE-ID: CWE-327

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
OpenSSH
Server applications / Remote management servers, RDP, SSH

Vendor: OpenSSH

Description

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists in openssh client during algorithm negotiation due to observable discrepancy. A remote attacker can perform a Man-in-the-Middle (MitM) attack.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Partial mitigation against this issue was included in OpenSSH 8.4

Vulnerable software versions

OpenSSH: 5.7 - 8.3p1

---

External links
http://github.com/openssh/openssh-portable/compare/V_8_3_P1...V_8_4_P1
http://security.netapp.com/advisory/ntap-20200709-0004/
http://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-2-ausnutzung-eines-informationslecks-fuer-gezielte-mitm-angriffe-auf-ssh-clients/
http://anongit.mindrot.org/openssh.git/commit/?id=b3855ff053f5078ec3d3c653cdaedefaa5fc362d

---

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.