Wind River Support Network

HomeDefectsLIN1018-6392
Fixed

LIN1018-6392 : Security Advisory - openssh - CVE-2020-14145

Created: Jun 29, 2020    Updated: Aug 3, 2023
Resolved Date: May 21, 2023
Found In Version: 10.18.44.1
Fix Version: 10.18.44.30
Severity: Standard
Applicable for: Wind River Linux LTS 18
Component/s: Userspace

Description

The client side in OpenSSH 5.7 through 8.3 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client).

CREATE(Triage):(User=admin) CVE-2020-14145 (https://nvd.nist.gov/vuln/detail/CVE-2020-14145)

CVEs


Live chat
Online