https://security.gentoo.org/glsa/202105-35 No Types Assigned

https://security.gentoo.org/glsa/202105-35 Third Party Advisory

CWE-200

CWE-203

https://security.gentoo.org/glsa/202105-35 [No Types Assigned]

OR
     *cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:* versions from (including) 5.7 up to (excluding) 8.4
     *cpe:2.3:a:openbsd:openssh:8.4:-:*:*:*:*:*:*

OR
     *cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:* versions from (including) 5.7 up to (excluding) 8.4
     *cpe:2.3:a:openbsd:openssh:8.4:-:*:*:*:*:*:*
     *cpe:2.3:a:openbsd:openssh:8.5:-:*:*:*:*:*:*
     *cpe:2.3:a:openbsd:openssh:8.6:-:*:*:*:*:*:*

The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client).

The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.

https://docs.ssh-mitm.at/CVE-2020-14145.html No Types Assigned

https://docs.ssh-mitm.at/CVE-2020-14145.html Third Party Advisory

https://github.com/ssh-mitm/ssh-mitm/blob/master/ssh_proxy_server/plugins/session/cve202014145.py No Types Assigned

https://github.com/ssh-mitm/ssh-mitm/blob/master/ssh_proxy_server/plugins/session/cve202014145.py Third Party Advisory

The client side in OpenSSH 5.7 through 8.3 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client).

The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client).

https://docs.ssh-mitm.at/CVE-2020-14145.html [No Types Assigned]

https://github.com/ssh-mitm/ssh-mitm/blob/master/ssh_proxy_server/plugins/session/cve202014145.py [No Types Assigned]

OR
     *cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:* versions from (including) 5.7 up to (including) 8.4

OR
     *cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:* versions from (including) 5.7 up to (excluding) 8.4
     *cpe:2.3:a:openbsd:openssh:8.4:-:*:*:*:*:*:*

AND
     OR
          *cpe:2.3:o:netapp:aff_a700s_firmware:-:*:*:*:*:*:*:*
     OR
          cpe:2.3:h:netapp:aff_a700s:-:*:*:*:*:*:*:*

OR
     *cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:* versions from (including) 9.5
     *cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
     *cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
     *cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
     *cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
     *cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*
     *cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*

OR
     *cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:* versions from (including) 5.7 up to (including) 8.3

OR
     *cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:* versions from (including) 5.7 up to (including) 8.4

http://www.openwall.com/lists/oss-security/2020/12/02/1 No Types Assigned

http://www.openwall.com/lists/oss-security/2020/12/02/1 Mailing List, Patch, Third Party Advisory

https://anongit.mindrot.org/openssh.git/commit/?id=b3855ff053f5078ec3d3c653cdaedefaa5fc362d No Types Assigned

https://anongit.mindrot.org/openssh.git/commit/?id=b3855ff053f5078ec3d3c653cdaedefaa5fc362d Patch, Third Party Advisory

https://security.netapp.com/advisory/ntap-20200709-0004/ No Types Assigned

https://security.netapp.com/advisory/ntap-20200709-0004/ Third Party Advisory

https://anongit.mindrot.org/openssh.git/commit/?id=b3855ff053f5078ec3d3c653cdaedefaa5fc362d [No Types Assigned]

http://www.openwall.com/lists/oss-security/2020/12/02/1 [No Types Assigned]

https://security.netapp.com/advisory/ntap-20200709-0004/ [No Types Assigned]

OR
     *cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:* versions from (including) 5.7 up to (including) 8.3

NIST (AV:N/AC:M/Au:N/C:P/I:N/A:N)

NIST AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

NIST CWE-200

https://github.com/openssh/openssh-portable/compare/V_8_3_P1...V_8_4_P1 No Types Assigned

https://github.com/openssh/openssh-portable/compare/V_8_3_P1...V_8_4_P1 Patch, Third Party Advisory

https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-2-ausnutzung-eines-informationslecks-fuer-gezielte-mitm-angriffe-auf-ssh-clients/ No Types Assigned

https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-2-ausnutzung-eines-informationslecks-fuer-gezielte-mitm-angriffe-auf-ssh-clients/ Third Party Advisory