Vulnerability identifier: #VU32937
Vulnerability risk: Medium
CVSSv3.1: 4.8 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:W/RC:C]
CVE-ID:
CWE-ID:
CWE-327
Exploitation vector: Local network
Exploit availability: No
Vulnerable software:
OpenSSH
Server applications /
Remote management servers, RDP, SSH
Vendor: OpenSSH
Description
The vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists in openssh client during algorithm negotiation due to observable discrepancy. A remote attacker can perform a Man-in-the-Middle (MitM) attack.
Mitigation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Partial mitigation against this issue was included in OpenSSH 8.4
Vulnerable software versions
OpenSSH: 5.7 - 8.3p1
External links
http://github.com/openssh/openssh-portable/compare/V_8_3_P1...V_8_4_P1
http://security.netapp.com/advisory/ntap-20200709-0004/
http://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-2-ausnutzung-eines-informationslecks-fuer-gezielte-mitm-angriffe-auf-ssh-clients/
http://anongit.mindrot.org/openssh.git/commit/?id=b3855ff053f5078ec3d3c653cdaedefaa5fc362d
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.