CVE-2020-15778

scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows."

Published: Jul 24, 2020
Updated: Nov 8, 2023
CVE: CVE-2020-15778
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.4
AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-78

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
openbsd / openssh	8.3-p1	8.3-p1.x
openbsd / openssh	8.3	8.3.x
openbsd / openssh	-	8.3
netapp / active_iq_unified_manager	9.5	9.5.x

https://access.redhat.com/errata/RHSA-2024:3166
https://github.com/cpandya2909/CVE-2020-15778/
https://news.ycombinator.com/item?id=25005567
https://security.gentoo.org/glsa/202212-06
https://security.netapp.com/advisory/ntap-20200731-0007/
https://www.openssh.com/security.html

Vulnerability Database

CVE-2020-15778

Deep Security Visibility Without the Complexity