7.4
CVE-2020-13777
- EPSS 1.52%
- Published 04.06.2020 07:15:10
- Last modified 21.11.2024 05:01:50
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS server always uses wrong data in place of an encryption key derived from an application.
Data is provided by the National Vulnerability Database (NVD)
Fedoraproject ≫ Fedora Version31
Fedoraproject ≫ Fedora Version32
Canonical ≫ Ubuntu Linux Version19.10
Canonical ≫ Ubuntu Linux Version20.04 SwEditionlts
Debian ≫ Debian Linux Version10.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.52% | 0.807 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.4 | 2.2 | 5.2 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
|
| nvd@nist.gov | 5.8 | 8.6 | 4.9 |
AV:N/AC:M/Au:N/C:P/I:P/A:N
|
CWE-327 Use of a Broken or Risky Cryptographic Algorithm
The product uses a broken or risky cryptographic algorithm or protocol.