Remote File Access Bypass in OpenSSH Client by Vendor
CVE-2018-20685

5.3MEDIUM

Key Information:

Vendor
OpenBSD
Status
Openssh
Winscp
Vendor
CVE Published:
10 January 2019

Summary

The OpenSSH client, specifically in version 7.9, contains a vulnerability in its SCP functionality that allows remote SSH servers to exploit filename handling. By using a filename of '.' or leaving the filename empty, attackers can circumvent normal access restrictions. This manipulation may enable unauthorized changes to the target directory's permissions on the client side, posing a significant security risk to users.

References

https://www.debian.org/security/2019/dsa-4387
vendor-advisory
https://usn.ubuntu.com/3885-1/
vendor-advisory
https://github.com/openssh/openssh-portable/commit/6010c0...

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.