Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2019-6111

An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file).

  • Published: Jan 31, 2019
  • Updated: Apr 13, 2023
  • CVE: CVE-2019-6111
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 5.9
  • AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS v2:

  • Severity: Medium
  • Score: 5.8
  • AV:N/AC:M/Au:N/C:N/I:P/A:P

CWEs:

OWASP TOP 10:

Software From Fixed in
openbsd / openssh - 7.9.x
winscp / winscp - 5.1.3.x
canonical / ubuntu_linux 16.04 16.04.x
canonical / ubuntu_linux 14.04 14.04.x
canonical / ubuntu_linux 18.04 18.04.x
canonical / ubuntu_linux 18.10 18.10.x
debian / debian_linux 8.0 8.0.x
debian / debian_linux 9.0 9.0.x
redhat / enterprise_linux 7.0 7.0.x
redhat / enterprise_linux 8.0 8.0.x
redhat / enterprise_linux_eus 8.1 8.1.x
redhat / enterprise_linux_eus 8.2 8.2.x
redhat / enterprise_linux_server_tus 8.2 8.2.x
redhat / enterprise_linux_server_aus 8.2 8.2.x
redhat / enterprise_linux_server_tus 8.4 8.4.x
redhat / enterprise_linux_eus 8.4 8.4.x
redhat / enterprise_linux_server_aus 8.4 8.4.x
redhat / enterprise_linux_server_aus 8.6 8.6.x
redhat / enterprise_linux_server_tus 8.6 8.6.x
redhat / enterprise_linux_eus 8.6 8.6.x
fedoraproject / fedora 30 30.x
apache / mina_sshd 2.2.0 2.2.0.x
freebsd / freebsd 12.0-p1 12.0-p1.x
freebsd / freebsd 12.0 12.0.x
freebsd / freebsd 12.0-p3 12.0-p3.x
freebsd / freebsd 12.0-p2 12.0-p2.x
freebsd / freebsd - 12.0
fujitsu / m10-1_firmware - xcp2361
fujitsu / m10-4_firmware - xcp2361
fujitsu / m10-4s_firmware - xcp2361
fujitsu / m12-1_firmware - xcp2361
fujitsu / m12-2_firmware - xcp2361
fujitsu / m12-2s_firmware - xcp2361
fujitsu / m10-1_firmware - xcp3070
fujitsu / m10-4_firmware - xcp3070
fujitsu / m10-4s_firmware - xcp3070
fujitsu / m12-1_firmware - xcp3070
fujitsu / m12-2_firmware - xcp3070
fujitsu / m12-2s_firmware - xcp3070
siemens / scalance_x204rna_firmware - 3.2.7
siemens / scalance_x204rna_eec_firmware - 3.2.7