CVE-2020-14002 — MEDIUM (5.9)

Q: How severe is CVE-2020-14002?

CVE-2020-14002 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-14002?

Check the references section above for vendor advisories and patch information. Affected products include: Putty Putty, Netapp Oncommand Unified Manager Core Package, Fedoraproject Fedora.

Vulnerability Description

PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client).

CVSS Score

5.9

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Putty	Putty	>= 0.68, <= 0.73
Netapp	Oncommand Unified Manager Core Package	-
Fedoraproject	Fedora	31

Related Weaknesses (CWE)

CWE-203

References

https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://lists.tartarus.org/pipermail/putty-announce/Third Party Advisory
https://security.netapp.com/advisory/ntap-20200717-0003/Third Party Advisory
https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.htmlRelease NotesThird Party Advisory
https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-2-ausnutzung-eines-inThird Party Advisory
https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://lists.tartarus.org/pipermail/putty-announce/Third Party Advisory
https://security.netapp.com/advisory/ntap-20200717-0003/Third Party Advisory
https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.htmlRelease NotesThird Party Advisory
https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-2-ausnutzung-eines-inThird Party Advisory

FAQ

What is CVE-2020-14002?

CVE-2020-14002 is a vulnerability with a CVSS score of 5.9 (MEDIUM). PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where ...

How severe is CVE-2020-14002?

CVE-2020-14002 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-14002?

Check the references section above for vendor advisories and patch information. Affected products include: Putty Putty, Netapp Oncommand Unified Manager Core Package, Fedoraproject Fedora.