// For flags

CVE-2002-1469

SCPOnly 2.3/2.4 - SSH Environment Shell Escaping

Severity Score

7.5
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

3
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

scponly does not properly verify the path when finding the (1) scp or (2) sftp-server programs, which could allow remote authenticated users to bypass access controls by uploading malicious programs and modifying the PATH variable in $HOME/.ssh/environment to locate those programs.

scponly no verifica adecuadamente la ruta de los programas scp o sftp-server, lo que podrĂ­a permitir a usuarios remotos autenticados eludir los controles de acceso cargando programas maliciosos y modificando la variable PATH en el entorno $HOME/.ssh/ para localizar esos programas.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2002-08-20 First Exploit
  • 2003-02-05 CVE Reserved
  • 2003-04-22 CVE Published
  • 2024-03-09 EPSS Updated
  • 2024-08-08 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Scponly
Search vendor "Scponly"
 Scponly
Search vendor "Scponly" for product "Scponly"
 2.3
Search vendor "Scponly" for product "Scponly" and version "2.3"
-
Affected
Scponly
Search vendor "Scponly"
 Scponly
Search vendor "Scponly" for product "Scponly"
 2.4
Search vendor "Scponly" for product "Scponly" and version "2.4"
-
Affected