CVE-2019-6110
OpenSSH SCP Client - Write Arbitrary Files
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
3Exploited in Wild
-Decision
Descriptions
In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.
En OpenSSH 7.9, debido a la aceptación y la nuestra de salidas stderr arbitrarias del servidor, un servidor malicioso (o atacante Man-in-the-Middle) puede manipular la salida del cliente, por ejemplo, para emplear códigos de control de ANSI para ocultar los archivos adicionales que se están transfiriendo.
Many scp clients fail to verify if the objects returned by the scp server match those it asked for. This issue dates back to 1983 and rcp, on which scp is based. A separate flaw in the client allows the target directory attributes to be changed arbitrarily. Finally, two vulnerabilities in clients may allow server to spoof the client output.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-01-10 CVE Reserved
- 2019-01-11 First Exploit
- 2019-01-16 CVE Published
- 2024-08-04 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-838: Inappropriate Encoding for Output Context
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.c | Release Notes | |
| https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c | Release Notes | |
| https://security.netapp.com/advisory/ntap-20190213-0001 | Third Party Advisory |
|
| https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://packetstorm.news/files/id/151227 | 2019-01-18 | |
| https://www.exploit-db.com/exploits/46516 | 2019-01-11 | |
| https://www.exploit-db.com/exploits/46193 | 2024-08-04 |
| URL | Date | SRC |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf | 2023-02-23 |
| URL | Date | SRC |
|---|---|---|
| https://security.gentoo.org/glsa/201903-16 | 2023-02-23 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Siemens Search vendor "Siemens" | Scalance X204rna Firmware Search vendor "Siemens" for product "Scalance X204rna Firmware" | < 3.2.7 Search vendor "Siemens" for product "Scalance X204rna Firmware" and version " < 3.2.7" | - |
Affected
| in | Siemens Search vendor "Siemens" | Scalance X204rna Search vendor "Siemens" for product "Scalance X204rna" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | Scalance X204rna Eec Firmware Search vendor "Siemens" for product "Scalance X204rna Eec Firmware" | < 3.2.7 Search vendor "Siemens" for product "Scalance X204rna Eec Firmware" and version " < 3.2.7" | - |
Affected
| in | Siemens Search vendor "Siemens" | Scalance X204rna Eec Search vendor "Siemens" for product "Scalance X204rna Eec" | - | - |
Safe
|
| Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | <= 7.9 Search vendor "Openbsd" for product "Openssh" and version " <= 7.9" | - |
Affected
| ||||||
| Winscp Search vendor "Winscp" | Winscp Search vendor "Winscp" for product "Winscp" | <= 5.13 Search vendor "Winscp" for product "Winscp" and version " <= 5.13" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Element Software Search vendor "Netapp" for product "Element Software" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Ontap Select Deploy Search vendor "Netapp" for product "Ontap Select Deploy" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Storage Automation Store Search vendor "Netapp" for product "Storage Automation Store" | - | - |
Affected
| ||||||