Search for vulnerabilities
Vulnerability details: VCID-e5m6-uzg2-aaaj
Vulnerability ID VCID-e5m6-uzg2-aaaj
Aliases CVE-2020-13777
GNUTLS-SA-2020-06-03
Summary GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS server always uses wrong data in place of an encryption key derived from an application.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-327 Use of a Broken or Risky Cryptographic Algorithm
CWE-345 Insufficient Verification of Data Authenticity
System Score Found at
generic_textual High http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-13777.html
rhas Important https://access.redhat.com/errata/RHSA-2020:2637
rhas Important https://access.redhat.com/errata/RHSA-2020:2638
rhas Important https://access.redhat.com/errata/RHSA-2020:2639
cvssv3 7.4 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13777.json
epss 0.00324 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.00324 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.00324 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.00324 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.00343 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.00343 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.00343 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.00343 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.00343 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.00343 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.00343 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.00343 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.00343 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.00343 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.00343 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.00343 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.00612 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.00612 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.00612 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.00612 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.00612 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.00612 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.00612 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.00612 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.00612 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.00612 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.00612 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.00612 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.00612 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.00612 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.00612 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.00612 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.00612 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.00612 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.00612 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.00612 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.00612 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.00612 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.00612 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.00612 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.00612 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.00612 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.00612 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.00612 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.00612 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.00612 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.00612 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.00612 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.00612 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.00612 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.00612 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.00612 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.00612 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.00612 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.00612 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.00612 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.0083 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.0083 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.0083 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.0083 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.0083 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.0083 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.0083 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.0083 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.01082 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.01082 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.01082 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.01082 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.01082 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.01082 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.01082 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.01082 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.01082 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.01082 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.01082 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.01082 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.01082 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.01082 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.01082 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.01082 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.01082 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.01082 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.01082 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.01082 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.01082 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.01082 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.0281 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
rhbs high https://bugzilla.redhat.com/show_bug.cgi?id=1843723
generic_textual High https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13777
cvssv3.1 7.4 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
generic_textual High https://gnutls.org/security-new.html#GNUTLS-SA-2020-06-03
cvssv2 5.8 https://nvd.nist.gov/vuln/detail/CVE-2020-13777
cvssv3 7.4 https://nvd.nist.gov/vuln/detail/CVE-2020-13777
cvssv3.1 7.4 https://nvd.nist.gov/vuln/detail/CVE-2020-13777
archlinux High https://security.archlinux.org/AVG-1177
generic_textual High https://ubuntu.com/security/notices/USN-4384-1
generic_textual High https://usn.ubuntu.com/usn/usn-4384-1
Reference id Reference type URL
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00015.html
http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-13777.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13777.json
https://api.first.org/data/v1/epss?cve=CVE-2020-13777
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13777
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://gnutls.org/security-new.html#GNUTLS-SA-2020-06-03
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6C4DHUKV6M6SJ5CV6KVHZNHNF7HCUE5P/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6RTXZOXC4MHTFE2HKY6IAZMF2WHD2WMV/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RRQBFK3UZ7SV76IYDTS4PS6ABS2DSJHK/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VMB3UGI5H5RCFRU6OGRPMNUCNLJGEN7Y/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6C4DHUKV6M6SJ5CV6KVHZNHNF7HCUE5P/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6RTXZOXC4MHTFE2HKY6IAZMF2WHD2WMV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RRQBFK3UZ7SV76IYDTS4PS6ABS2DSJHK/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VMB3UGI5H5RCFRU6OGRPMNUCNLJGEN7Y/
https://security.gentoo.org/glsa/202006-01
https://security.netapp.com/advisory/ntap-20200619-0004/
https://ubuntu.com/security/notices/USN-4384-1
https://usn.ubuntu.com/4384-1/
https://usn.ubuntu.com/usn/usn-4384-1
https://www.debian.org/security/2020/dsa-4697
1843723 https://bugzilla.redhat.com/show_bug.cgi?id=1843723
962289 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962289
ASA-202006-2 https://security.archlinux.org/ASA-202006-2
AVG-1177 https://security.archlinux.org/AVG-1177
cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
CVE-2020-13777 https://nvd.nist.gov/vuln/detail/CVE-2020-13777
RHSA-2020:2637 https://access.redhat.com/errata/RHSA-2020:2637
RHSA-2020:2638 https://access.redhat.com/errata/RHSA-2020:2638
RHSA-2020:2639 https://access.redhat.com/errata/RHSA-2020:2639
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13777.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2020-13777
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2020-13777
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2020-13777
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.70373
EPSS Score 0.00324
Published At Dec. 17, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.