CVE-2020-14002

CVE Database · CVE-2020-14002

CVE-2020-14002

· MEDIUMModified

CVSS v3.1

5.9

EPSS

3.12%

Published

Jun 29, 2020

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client).

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Weaknesses (CWE)

CWE-203

Affected Products (4)

putty · puttyvulnerable

netapp · oncommand_unified_manager_core_packagevulnerable

fedoraproject · fedoravulnerable

References (14)

https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/26TACCSQYYCPWAJYNAUIXJGZ5RGORJZV/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JPV4A77EDCT4BTFO5BE26ZH72BG4E5IJ/