CVE-2020-13777

HIGH

Gnutls < 3.6.14 - Broken Cryptographic Algorithm

Title source: rule
STIX 2.1

Description

GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS server always uses wrong data in place of an encryption key derived from an application.

Exploits (3)

nomisec SCANNER 4 stars
by 0xxon · poc
https://github.com/0xxon/cve-2020-13777
nomisec WRITEUP 2 stars
by shigeki · poc
https://github.com/shigeki/challenge_CVE-2020-13777
nomisec WORKING POC
by prprhyt · poc
https://github.com/prprhyt/PoC_TLS1_3_CVE-2020-13777

References (10)

Core 10
Core References
Vendor Advisory x_refsource_confirm
https://gnutls.org/security-new.html#GNUTLS-SA-2020-06-03
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2020/dsa-4697
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/202006-01
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/4384-1/
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20200619-0004/

Scores

CVSS v3 7.4
EPSS 0.0152
EPSS Percentile 81.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Details

CWE
CWE-327
Status published
Products (6)
canonical/ubuntu_linux 19.10
canonical/ubuntu_linux 20.04
debian/debian_linux 10.0
fedoraproject/fedora 31
fedoraproject/fedora 32
gnu/gnutls 3.6.0 - 3.6.14
Published Jun 04, 2020
Tracked Since Feb 18, 2026