Remote File Access Bypass in OpenSSH Client by Vendor
CVE-2018-20685

5.3MEDIUM

Key Information:

Vendor: OpenBSD
Status: Openssh; Winscp
Vendor: CVE Published:; 10 January 2019

What is CVE-2018-20685?

The OpenSSH client, specifically in version 7.9, contains a vulnerability in its SCP functionality that allows remote SSH servers to exploit filename handling. By using a filename of '.' or leaving the filename empty, attackers can circumvent normal access restrictions. This manipulation may enable unauthorized changes to the target directory's permissions on the client side, posing a significant security risk to users.

References

https://www.debian.org/security/2019/dsa-4387

vendor-advisory

https://usn.ubuntu.com/3885-1/

vendor-advisory

https://github.com/openssh/openssh-portable/commit/6010c0...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 10, 2019
Vulnerability Reserved
Jan 10, 2019

OpenBSD

What is CVE-2018-20685?

References

CVSS V3.1

Timeline