CVE-2020-13614 : An issue was discovered in ssl.c in Axel before 2.17.8. The TLS implementation l

An issue was discovered in ssl.c in Axel before 2.17.8. The TLS implementation lacks hostname verification.

Published 2020-05-26 23:15:10

Updated 2022-11-14 19:51:39

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2020-13614

Fedoraproject » Fedora » Version: 33
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 34
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
Matching versions
Opensuse » Leap » Version: 15.1
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
Matching versions
Opensuse » Backports Sle » Version: 15.0 Update SP1
cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*
Matching versions
Axel Project » Axel
Versions before (<) 2.17.8
cpe:2.3:a:axel_project:axel:*:*:*:*:*:*:*:*
Matching versions

EPSS FAQ

0.58%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 66 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.3	MEDIUM	AV:N/AC:M/Au:N/C:P/I:N/A:N	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
5.9	MEDIUM	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N	2.2	3.6	NIST
Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None

CWE-295 Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

Assigned by: nvd@nist.gov (Primary)

http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00010.html

[security-announce] openSUSE-SU-2020:0785-1: moderate: Security update f
Mailing List;Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LPZUQSDGV5XDBJGHBWBHWJIBE47Q4QIB/

[SECURITY] Fedora 34 Update: axel-2.17.10-1.fc34 - package-announce - Fedora Mailing-Lists
Mailing List;Third Party Advisory
https://github.com/axel-download-accelerator/axel/releases/tag/v2.17.8

Release Version 2.17.8 · axel-download-accelerator/axel · GitHub
Release Notes;Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00006.html

[security-announce] openSUSE-SU-2020:0778-1: moderate: Security update f
Mailing List;Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S3ECAKIZA2TGBYLUQTLGRMXUFIOGRHG3/

[SECURITY] Fedora 33 Update: axel-2.17.10-1.fc33 - package-announce - Fedora Mailing-Lists
Mailing List;Third Party Advisory
https://github.com/axel-download-accelerator/axel/issues/262

Axel may not verify server certificate CN/SAN/hostname (allowing SSL interception) · Issue #262 · axel-download-accelerator/axel · GitHub
Exploit;Third Party Advisory

Jump to