Vulnerability Name:

CVE-2020-13614 (CCN-182619)

Assigned:2020-03-16
Published:2020-03-16
Updated:2022-11-14
Summary:An issue was discovered in ssl.c in Axel before 2.17.8. The TLS implementation lacks hostname verification.
CVSS v3 Severity:5.9 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
5.2 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): None
Availibility (A): None
5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
4.9 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:S/C:C/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-295
Vulnerability Consequences:Obtain Information
References:Source: MITRE
Type: CNA
CVE-2020-13614

Source: SUSE
Type: Mailing List, Third Party Advisory
openSUSE-SU-2020:0778

Source: SUSE
Type: Mailing List, Third Party Advisory
openSUSE-SU-2020:0785

Source: XF
Type: UNKNOWN
axel-cve202013614-mitm(182619)

Source: CCN
Type: Axel GIT Repository
Axel may not verify server certificate CN/SAN/hostname (allowing SSL interception) #262

Source: MISC
Type: Exploit, Third Party Advisory
https://github.com/axel-download-accelerator/axel/issues/262

Source: MISC
Type: Release Notes, Third Party Advisory
https://github.com/axel-download-accelerator/axel/releases/tag/v2.17.8

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-5214bd8f14

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-90b4716992

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2020-13614

Vulnerable Configuration:Configuration 1:
  • cpe:/a:axel_project:axel:*:*:*:*:*:*:*:* (Version < 2.17.8)

    • Configuration 2:
  • cpe:/o:fedoraproject:fedora:33:*:*:*:*:*:*:*
  • OR cpe:/o:fedoraproject:fedora:34:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/o:opensuse:leap:15.1:*:*:*:*:*:*:*
  • OR cpe:/a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:axel_project:axel:2.17.7:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:202013614
    V
    		CVE-2020-13614
    2022-06-30
    oval:org.opensuse.security:def:93614
    P
    		 (Important)
    2022-06-10
    oval:org.opensuse.security:def:111995
    P
    		axel-2.17.10-1.6 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:64829
    P
    		Security update for p11-kit (Important)
    2021-12-22
    oval:org.opensuse.security:def:105556
    P
    		axel-2.17.10-1.6 on GA media (Moderate)
    2021-10-01
    oval:org.opensuse.security:def:100327
    P
    		 (Important)
    2021-09-03
    oval:org.opensuse.security:def:64557
    P
    		Security update for qemu (Moderate)
    2021-08-20
    oval:org.opensuse.security:def:64717
    P
    		Security update for python-urllib3 (Important)
    2021-06-18
    oval:org.opensuse.security:def:64659
    P
    		Security update for grub2 (Important)
    2021-03-02
    oval:org.opensuse.security:def:64450
    P
    		Security update for webkit2gtk3 (Important)
    2020-12-17
    oval:org.opensuse.security:def:64449
    P
    		Security update for clamav (Moderate)
    2020-12-14
    oval:org.opensuse.security:def:63608
    P
    		argyllcms-1.9.2-2.27 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:62934
    P
    		binutils-devel-32bit-2.32-7.8.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:62902
    P
    		guile-2.0.14-5.3.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:63112
    P
    		aws-cli-1.18.38-8.8.2 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:62906
    P
    		libtidy-devel-5.4.0-1.34 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:63405
    P
    		apache-commons-fileupload-1.4-1.63 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:62909
    P
    		ncurses-devel-32bit-6.1-5.3.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:74904
    P
    		Security update for axel (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:63755
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:63984
    P
    		Security update for libqt5-qtbase (Important)
    2020-12-01
    oval:org.opensuse.security:def:74771
    P
    		Security update for chromium (Important)
    2020-12-01
    oval:org.opensuse.security:def:64313
    P
    		libXvnc1 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:110566
    P
    		Security update for axel (Moderate)
    2020-06-08
    BACK
    axel_project axel *
    fedoraproject fedora 33
    fedoraproject fedora 34
    opensuse leap 15.1
    opensuse backports sle 15.0 sp1
    axel_project axel 2.17.7