Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.
From VID-6190C0CD-B945-11EA-9401-2DCF562DAA69:
Simon Tatham reports:
[Release 0.74] fixes the following security issues:
New configuration option to disable PuTTY's default policy of
changing its host key algorithm preferences to prefer keys it
already knows. (There is a theoretical information leak in this
policy.) [CVE-2020-14002]
In some situations an SSH server could cause PuTTY to access freed
mdmory by pretending to accept an SSH key and then refusing the
actual signature. It can only happen if you're using an SSH agent.
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center