CVE-2019-6110
OpenSSH SCP Client - Write Arbitrary Files
Severity Score
6.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.
En OpenSSH 7.9, debido a la aceptación y la nuestra de salidas stderr arbitrarias del servidor, un servidor malicioso (o atacante Man-in-the-Middle) puede manipular la salida del cliente, por ejemplo, para emplear códigos de control de ANSI para ocultar los archivos adicionales que se están transfiriendo.
SCP clients have an issue where additional files can be copied over without your knowledge.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2019-01-10 CVE Reserved
- 2019-01-11 First Exploit
- 2019-01-16 CVE Published
- 2024-06-23 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-838: Inappropriate Encoding for Output Context
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.c | Release Notes | |
| https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c | Release Notes | |
| https://security.netapp.com/advisory/ntap-20190213-0001 | Third Party Advisory |
|
| https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/46516 | 2019-01-11 | |
| https://www.exploit-db.com/exploits/46193 | 2024-08-04 |
| URL | Date | SRC |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf | 2023-02-23 |
| URL | Date | SRC |
|---|---|---|
| https://security.gentoo.org/glsa/201903-16 | 2023-02-23 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Siemens Search vendor "Siemens" | Scalance X204rna Firmware Search vendor "Siemens" for product "Scalance X204rna Firmware" | < 3.2.7 Search vendor "Siemens" for product "Scalance X204rna Firmware" and version " < 3.2.7" | - |
Affected
| in | Siemens Search vendor "Siemens" | Scalance X204rna Search vendor "Siemens" for product "Scalance X204rna" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | Scalance X204rna Eec Firmware Search vendor "Siemens" for product "Scalance X204rna Eec Firmware" | < 3.2.7 Search vendor "Siemens" for product "Scalance X204rna Eec Firmware" and version " < 3.2.7" | - |
Affected
| in | Siemens Search vendor "Siemens" | Scalance X204rna Eec Search vendor "Siemens" for product "Scalance X204rna Eec" | - | - |
Safe
|
| Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | <= 7.9 Search vendor "Openbsd" for product "Openssh" and version " <= 7.9" | - |
Affected
| ||||||
| Winscp Search vendor "Winscp" | Winscp Search vendor "Winscp" for product "Winscp" | <= 5.13 Search vendor "Winscp" for product "Winscp" and version " <= 5.13" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Element Software Search vendor "Netapp" for product "Element Software" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Ontap Select Deploy Search vendor "Netapp" for product "Ontap Select Deploy" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Storage Automation Store Search vendor "Netapp" for product "Storage Automation Store" | - | - |
Affected
| ||||||