First published: Mon Jun 29 2020(Updated: )
OpenSSH is vulnerable to a man-in-the-middle attack, caused by an observable discrepancy flaw. An attacker could exploit this vulnerability to launch a man-in-the-middle attack and gain access to the communication channel between endpoints to obtain sensitive information or further compromise the system.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
IBM Security Guardium Insights | <=2.0.2 | |
Openbsd Openssh | >=5.7<8.4 | |
Openbsd Openssh | =8.4 | |
Openbsd Openssh | =8.5 | |
Openbsd Openssh | =8.6 | |
Netapp Aff A700s Firmware | ||
NetApp AFF A700s | ||
Netapp Active Iq Unified Manager Vmware Vsphere | >=9.5 | |
Netapp Hci Management Node | ||
NetApp ONTAP Select Deploy administration utility | ||
Netapp Solidfire | ||
Netapp Steelstore Cloud Integrated Storage | ||
Netapp Hci Compute Node | ||
Netapp Hci Storage Node |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-14145 is a vulnerability in OpenSSH that allows man-in-the-middle attackers to target initial connection attempts.
CVE-2020-14145 has a severity rating of 5.9 (medium).
CVE-2020-14145 affects OpenSSH versions 5.7 through 8.4.
Yes, IBM Security Guardium Insights version 2.0.2 is affected by CVE-2020-14145.
To fix CVE-2020-14145 in OpenSSH, you should update to a version higher than 8.4.