Vulnerabilites related to siemens - scalance_x204rna
Vulnerability from fkie_nvd
Published
2019-01-31 18:29
Modified
2024-11-21 04:45
Severity ?
Summary
In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openbsd | openssh | * | |
| winscp | winscp | * | |
| netapp | element_software | - | |
| netapp | ontap_select_deploy | - | |
| netapp | storage_automation_store | - | |
| siemens | scalance_x204rna_firmware | * | |
| siemens | scalance_x204rna | - | |
| siemens | scalance_x204rna_eec_firmware | * | |
| siemens | scalance_x204rna_eec | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*", matchCriteriaId: "52D09A55-B853-43B5-8397-E2AC6CD0EBBC", versionEndIncluding: "7.9", vulnerable: true, }, { criteria: "cpe:2.3:a:winscp:winscp:*:*:*:*:*:*:*:*", matchCriteriaId: "3D0A98E2-B715-4EF5-9CF8-07500E119271", versionEndIncluding: "5.13", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", matchCriteriaId: "85DF4B3F-4BBC-42B7-B729-096934523D63", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:ontap_select_deploy:-:*:*:*:*:*:*:*", matchCriteriaId: "7E968916-8CE0-4165-851F-14E37ECEA948", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*", matchCriteriaId: "7B7A6697-98CC-4E36-93DB-B7160F8399F9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:scalance_x204rna_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0D3A0312-1249-4257-98F1-57E8959989C5", versionEndExcluding: "3.2.7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:scalance_x204rna:-:*:*:*:*:*:*:*", matchCriteriaId: "EA8B483F-0FD2-49F8-A86A-672A6E007949", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:scalance_x204rna_eec_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FC0C9671-47BB-43CB-8906-9BC2B86B3229", versionEndExcluding: "3.2.7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:scalance_x204rna_eec:-:*:*:*:*:*:*:*", matchCriteriaId: "C834C295-D600-44E8-9783-49A319084F5A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.", }, { lang: "es", value: "En OpenSSH 7.9, debido a la aceptación y la nuestra de salidas stderr arbitrarias del servidor, un servidor malicioso (o atacante Man-in-the-Middle) puede manipular la salida del cliente, por ejemplo, para emplear códigos de control de ANSI para ocultar los archivos adicionales que se están transfiriendo.", }, ], id: "CVE-2019-6110", lastModified: "2024-11-21T04:45:57.737", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 4.9, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-01-31T18:29:00.807", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", }, { source: "cve@mitre.org", tags: [ "Release Notes", ], url: "https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.c", }, { source: "cve@mitre.org", tags: [ "Release Notes", ], url: "https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201903-16", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190213-0001/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/46193/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.c", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201903-16", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190213-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/46193/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-838", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-01-10 21:29
Modified
2024-11-21 04:01
Severity ?
Summary
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*", matchCriteriaId: "52D09A55-B853-43B5-8397-E2AC6CD0EBBC", versionEndIncluding: "7.9", vulnerable: true, }, { criteria: "cpe:2.3:a:winscp:winscp:*:*:*:*:*:*:*:*", matchCriteriaId: "3D0A98E2-B715-4EF5-9CF8-07500E119271", versionEndIncluding: "5.13", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", matchCriteriaId: "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", matchCriteriaId: "85DF4B3F-4BBC-42B7-B729-096934523D63", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:ontap_select_deploy:-:*:*:*:*:*:*:*", matchCriteriaId: "7E968916-8CE0-4165-851F-14E37ECEA948", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*", matchCriteriaId: "7B7A6697-98CC-4E36-93DB-B7160F8399F9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", matchCriteriaId: "B5A6F2F3-4894-4392-8296-3B8DD2679084", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", matchCriteriaId: "07C312A0-CD2C-4B9C-B064-6409B25C278F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "142AD0DD-4CF3-4D74-9442-459CE3347E3A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*", matchCriteriaId: "92BC9265-6959-4D37-BE5E-8C45E98992F8", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*", matchCriteriaId: "831F0F47-3565-4763-B16F-C87B1FF2035E", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*", matchCriteriaId: "0E3F09B5-569F-4C58-9FCA-3C0953D107B5", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "6C3741B8-851F-475D-B428-523F4F722350", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*", matchCriteriaId: "6897676D-53F9-45B3-B27F-7FF9A4C58D33", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*", matchCriteriaId: "E28F226A-CBC7-4A32-BE58-398FA5B42481", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "76C24D94-834A-4E9D-8F73-624AFA99AAA2", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*", matchCriteriaId: "B09ACF2D-D83F-4A86-8185-9569605D8EE1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*", matchCriteriaId: "AC10D919-57FD-4725-B8D2-39ECB476902F", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "1272DF03-7674-4BD4-8E64-94004B195448", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*", matchCriteriaId: "964B57CD-CB8A-4520-B358-1C93EC5EF2DC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "271CACEB-10F5-4CA8-9C99-3274F18EE62D", versionEndExcluding: "xcp2361", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:fujitsu:m10-1:-:*:*:*:*:*:*:*", matchCriteriaId: "983D27DE-BC89-454E-AE47-95A26A3651E2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "433EEE1B-134C-48F9-8688-23C5F1ABBF0F", versionEndExcluding: "xcp2361", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*", matchCriteriaId: "5825AEE1-B668-40BD-86A9-2799430C742C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "47FFEE5C-5DAE-4FAD-9651-7983DE092120", versionEndExcluding: "xcp2361", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*", matchCriteriaId: "3DA2D526-BDCF-4A65-914A-B3BA3A0CD613", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2FD8BD3B-C35B-4C44-B5A1-FA4646ACB374", versionEndExcluding: "xcp2361", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*", matchCriteriaId: "EE0CF40B-E5BD-4558-9321-184D58EF621D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "66D6EF49-7094-41D9-BDF5-AE5846E37418", versionEndExcluding: "xcp2361", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*", matchCriteriaId: "0F3C9C09-7B2B-4DB6-8BE0-35302ED35776", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6593DA00-EE33-4223-BEAE-8DC629E79287", versionEndExcluding: "xcp2361", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*", matchCriteriaId: "95503CE5-1D06-4092-A60D-D310AADCAFB1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "67E048EC-4A4F-4F0A-B0B5-F234700293DA", versionEndExcluding: "xcp3070", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:fujitsu:m10-1:-:*:*:*:*:*:*:*", matchCriteriaId: "983D27DE-BC89-454E-AE47-95A26A3651E2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FF6FAFAE-EBA5-43D2-9CA8-ECF3DD3B285E", versionEndExcluding: "xcp3070", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*", matchCriteriaId: "5825AEE1-B668-40BD-86A9-2799430C742C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "665502CB-FCC8-4619-B673-408F7190252A", versionEndExcluding: "xcp3070", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*", matchCriteriaId: "3DA2D526-BDCF-4A65-914A-B3BA3A0CD613", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "665502CB-FCC8-4619-B673-408F7190252A", versionEndExcluding: "xcp3070", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*", matchCriteriaId: "3DA2D526-BDCF-4A65-914A-B3BA3A0CD613", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "483F5457-7E06-46F3-A808-194289B98AFF", versionEndExcluding: "xcp3070", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*", matchCriteriaId: "EE0CF40B-E5BD-4558-9321-184D58EF621D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D5644E3E-941A-429A-9AFB-C1023659C1C2", versionEndExcluding: "xcp3070", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*", matchCriteriaId: "0F3C9C09-7B2B-4DB6-8BE0-35302ED35776", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0C1318DD-6AF4-490D-A4AE-079BA544EF8F", versionEndExcluding: "xcp3070", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*", matchCriteriaId: "95503CE5-1D06-4092-A60D-D310AADCAFB1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:scalance_x204rna_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0D3A0312-1249-4257-98F1-57E8959989C5", versionEndExcluding: "3.2.7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:scalance_x204rna:-:*:*:*:*:*:*:*", matchCriteriaId: "EA8B483F-0FD2-49F8-A86A-672A6E007949", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:scalance_x204rna_eec_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FC0C9671-47BB-43CB-8906-9BC2B86B3229", versionEndExcluding: "3.2.7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:scalance_x204rna_eec:-:*:*:*:*:*:*:*", matchCriteriaId: "C834C295-D600-44E8-9783-49A319084F5A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.", }, { lang: "es", value: "En OpenSSH 7.9, scp.c en el cliente scp permite que los servidores SSH omitan las restricciones de acceso planeadas mediante un nombre de archivo \".\" o un nombre de archivo vacío. El impacto consiste en modificar los permisos del directorio objetivo en el lado del cliente.", }, ], id: "CVE-2018-20685", lastModified: "2024-11-21T04:01:59.800", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.6, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 4.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-01-10T21:29:00.377", references: [ { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://www.securityfocus.com/bid/106531", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3702", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/scp.c.diff?r1=1.197&r2=1.198&f=h", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201903-16", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202007-53", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190215-0001/", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3885-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4387", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.securityfocus.com/bid/106531", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3702", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/scp.c.diff?r1=1.197&r2=1.198&f=h", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201903-16", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202007-53", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190215-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3885-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4387", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-863", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-01-31 18:29
Modified
2024-11-21 04:45
Severity ?
Summary
An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file).
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*", matchCriteriaId: "52D09A55-B853-43B5-8397-E2AC6CD0EBBC", versionEndIncluding: "7.9", vulnerable: true, }, { criteria: "cpe:2.3:a:winscp:winscp:*:*:*:*:*:*:*:*", matchCriteriaId: "D93F5251-820D-4345-8DDE-CCBBE069A9C1", versionEndIncluding: "5.1.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", matchCriteriaId: "B5A6F2F3-4894-4392-8296-3B8DD2679084", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", matchCriteriaId: "07C312A0-CD2C-4B9C-B064-6409B25C278F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "142AD0DD-4CF3-4D74-9442-459CE3347E3A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*", matchCriteriaId: "92BC9265-6959-4D37-BE5E-8C45E98992F8", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*", matchCriteriaId: "831F0F47-3565-4763-B16F-C87B1FF2035E", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*", matchCriteriaId: "0E3F09B5-569F-4C58-9FCA-3C0953D107B5", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "6C3741B8-851F-475D-B428-523F4F722350", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*", matchCriteriaId: "6897676D-53F9-45B3-B27F-7FF9A4C58D33", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*", matchCriteriaId: "E28F226A-CBC7-4A32-BE58-398FA5B42481", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "76C24D94-834A-4E9D-8F73-624AFA99AAA2", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*", matchCriteriaId: "B09ACF2D-D83F-4A86-8185-9569605D8EE1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*", matchCriteriaId: "AC10D919-57FD-4725-B8D2-39ECB476902F", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "1272DF03-7674-4BD4-8E64-94004B195448", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:mina_sshd:2.2.0:*:*:*:*:*:*:*", matchCriteriaId: "EF6C1E77-7C54-4825-A35C-5AE7369267F5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*", matchCriteriaId: "986856F8-40BE-412F-A4F0-902D4820C3E3", versionEndExcluding: "12.0", vulnerable: true, }, { criteria: "cpe:2.3:o:freebsd:freebsd:12.0:-:*:*:*:*:*:*", matchCriteriaId: "826B53C2-517F-4FC6-92E8-E7FCB24F91B4", vulnerable: true, }, { criteria: "cpe:2.3:o:freebsd:freebsd:12.0:p1:*:*:*:*:*:*", matchCriteriaId: "93F10A46-AEF2-4FDD-92D6-0CF07B70F986", vulnerable: true, }, { criteria: "cpe:2.3:o:freebsd:freebsd:12.0:p2:*:*:*:*:*:*", matchCriteriaId: "E1AD57A9-F53A-4E40-966E-F2F50852C5E4", vulnerable: true, }, { criteria: "cpe:2.3:o:freebsd:freebsd:12.0:p3:*:*:*:*:*:*", matchCriteriaId: "C4029113-130F-4A33-A8A0-BC3E74000378", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "271CACEB-10F5-4CA8-9C99-3274F18EE62D", versionEndExcluding: "xcp2361", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:fujitsu:m10-1:-:*:*:*:*:*:*:*", matchCriteriaId: "983D27DE-BC89-454E-AE47-95A26A3651E2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "433EEE1B-134C-48F9-8688-23C5F1ABBF0F", versionEndExcluding: "xcp2361", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*", matchCriteriaId: "5825AEE1-B668-40BD-86A9-2799430C742C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "47FFEE5C-5DAE-4FAD-9651-7983DE092120", versionEndExcluding: "xcp2361", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*", matchCriteriaId: "3DA2D526-BDCF-4A65-914A-B3BA3A0CD613", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2FD8BD3B-C35B-4C44-B5A1-FA4646ACB374", versionEndExcluding: "xcp2361", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*", matchCriteriaId: "EE0CF40B-E5BD-4558-9321-184D58EF621D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "66D6EF49-7094-41D9-BDF5-AE5846E37418", versionEndExcluding: "xcp2361", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*", matchCriteriaId: "0F3C9C09-7B2B-4DB6-8BE0-35302ED35776", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6593DA00-EE33-4223-BEAE-8DC629E79287", versionEndExcluding: "xcp2361", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*", matchCriteriaId: "95503CE5-1D06-4092-A60D-D310AADCAFB1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "67E048EC-4A4F-4F0A-B0B5-F234700293DA", versionEndExcluding: "xcp3070", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:fujitsu:m10-1:-:*:*:*:*:*:*:*", matchCriteriaId: "983D27DE-BC89-454E-AE47-95A26A3651E2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FF6FAFAE-EBA5-43D2-9CA8-ECF3DD3B285E", versionEndExcluding: "xcp3070", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*", matchCriteriaId: "5825AEE1-B668-40BD-86A9-2799430C742C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "665502CB-FCC8-4619-B673-408F7190252A", versionEndExcluding: "xcp3070", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*", matchCriteriaId: "3DA2D526-BDCF-4A65-914A-B3BA3A0CD613", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "483F5457-7E06-46F3-A808-194289B98AFF", versionEndExcluding: "xcp3070", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*", matchCriteriaId: "EE0CF40B-E5BD-4558-9321-184D58EF621D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D5644E3E-941A-429A-9AFB-C1023659C1C2", versionEndExcluding: "xcp3070", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*", matchCriteriaId: "0F3C9C09-7B2B-4DB6-8BE0-35302ED35776", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0C1318DD-6AF4-490D-A4AE-079BA544EF8F", versionEndExcluding: "xcp3070", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*", matchCriteriaId: "95503CE5-1D06-4092-A60D-D310AADCAFB1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:scalance_x204rna_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0D3A0312-1249-4257-98F1-57E8959989C5", versionEndExcluding: "3.2.7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:scalance_x204rna:-:*:*:*:*:*:*:*", matchCriteriaId: "EA8B483F-0FD2-49F8-A86A-672A6E007949", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:scalance_x204rna_eec_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FC0C9671-47BB-43CB-8906-9BC2B86B3229", versionEndExcluding: "3.2.7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:scalance_x204rna_eec:-:*:*:*:*:*:*:*", matchCriteriaId: "C834C295-D600-44E8-9783-49A319084F5A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file).", }, { lang: "es", value: "Se ha descubierto un problema en OpenSSH 7.9. Debido a que la implementación de SCP deriva del rcp 1983, el servidor elige qué archivos/directorios se están enviando al cliente. Sin embargo, el cliente scp solo realiza la validación superficial del nombre de objeto devuelto (solo se evitan los ataques de salto de directorio). Un servidor scp malicioso (o atacante Man-in-the-Middle) puede sobrescribir archivos arbitrarios en el directorio objetivo del cliente scp. Si se realiza la operación recursiva (-r), el servidor también puede manipular subdirectorios (por ejemplo, para sobrescribir el archivo .ssh/authorized_keys)", }, ], id: "CVE-2019-6111", lastModified: "2024-11-21T04:45:57.900", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5.8, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-01-31T18:29:00.867", references: [ { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2019/04/18/1", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2022/08/02/1", }, { source: "cve@mitre.org", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/106741", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3702", }, { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1677794", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", }, { source: "cve@mitre.org", tags: [ "Release Notes", ], url: "https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/c45d9bc90700354b58fb7455962873c44229841880dcb64842fa7d23%40%3Cdev.mina.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/c7301cab36a86825359e1b725fc40304d1df56dc6d107c1fe885148b%40%3Cdev.mina.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/d540139359de999b0f1c87d05b715be4d7d4bec771e1ae55153c5c7a%40%3Cdev.mina.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/e47597433b351d6e01a5d68d610b4ba195743def9730e49561e8cf3f%40%3Cdev.mina.apache.org%3E", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201903-16", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190213-0001/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3885-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3885-2/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4387", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/46193/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.freebsd.org/security/advisories/FreeBSD-EN-19:10.scp.asc", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2019/04/18/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2022/08/02/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/106741", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3702", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1677794", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/c45d9bc90700354b58fb7455962873c44229841880dcb64842fa7d23%40%3Cdev.mina.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/c7301cab36a86825359e1b725fc40304d1df56dc6d107c1fe885148b%40%3Cdev.mina.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/d540139359de999b0f1c87d05b715be4d7d4bec771e1ae55153c5c7a%40%3Cdev.mina.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/e47597433b351d6e01a5d68d610b4ba195743def9730e49561e8cf3f%40%3Cdev.mina.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201903-16", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190213-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3885-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3885-2/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4387", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/46193/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.freebsd.org/security/advisories/FreeBSD-EN-19:10.scp.asc", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-01-16 16:15
Modified
2024-11-21 04:25
Severity ?
Summary
A vulnerability has been identified in SCALANCE X204RNA (HSR), SCALANCE X204RNA (PRP), SCALANCE X204RNA EEC (HSR), SCALANCE X204RNA EEC (PRP), SCALANCE X204RNA EEC (PRP/HSR), SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. Affected devices contain a vulnerability that allows an unauthenticated attacker to violate access-control rules. The vulnerability can be triggered by sending GET request to specific uniform resource locator on the web configuration interface of the device. The security vulnerability could be exploited by an attacker with network access to the affected systems. An attacker could use the vulnerability to obtain sensitive information or change the device configuration. At the time of advisory publication no public exploitation of this security vulnerability was known.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:scalance_x-200rna_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "282096F4-8422-4261-A446-69FFB0933FC1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:scalance_x-200rna:-:*:*:*:*:*:*:*", matchCriteriaId: "4BCF5B82-0766-4711-90E6-C2A6FACE44EE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:scalance_x204rna_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6C435EFA-6C21-41EA-9A3F-136FF7F03776", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:scalance_x204rna:-:*:*:*:*:*:*:*", matchCriteriaId: "EA8B483F-0FD2-49F8-A86A-672A6E007949", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:scalance_x-300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "076F3DDE-2B70-4F53-9B12-7CE3D9641E7E", versionEndExcluding: "4.1.3", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:scalance_x-300:-:*:*:*:*:*:*:*", matchCriteriaId: "B2D0AB50-6F0B-4232-8C8E-1647410D362D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:scalance_xr-300wg_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "02B398C3-3EDD-4FD4-977A-8461DB27CC49", versionEndExcluding: "4.1.3", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:scalance_xr-300wg:-:*:*:*:*:*:*:*", matchCriteriaId: "434BC9BE-C5DB-4DAF-8E07-DFE4EEA0D7FE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:scalance_xr-300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "129E733C-0BF1-4DF0-9772-66009BA3C64D", versionEndExcluding: "4.1.3", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:scalance_xr-300:-:*:*:*:*:*:*:*", matchCriteriaId: "889CF2C0-EE6C-447F-85F1-005730EAD232", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:scalance_x408-2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3B1BAB4A-4F21-4BD7-B474-7675CEF22008", versionEndExcluding: "4.1.3", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:scalance_x408-2:-:*:*:*:*:*:*:*", matchCriteriaId: "0C632B90-EB11-4A4C-8128-DABBE044B9AF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:siplus_net_csm_1277_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EAAC05E1-5FED-4072-906B-9B1289A1E6ED", versionEndExcluding: "4.1.3", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:siplus_net_csm_1277:-:*:*:*:*:*:*:*", matchCriteriaId: "54C4F62C-EF24-434F-800C-07F26968EFBA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability has been identified in SCALANCE X204RNA (HSR), SCALANCE X204RNA (PRP), SCALANCE X204RNA EEC (HSR), SCALANCE X204RNA EEC (PRP), SCALANCE X204RNA EEC (PRP/HSR), SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. Affected devices contain a vulnerability that allows an unauthenticated attacker to violate access-control rules. The vulnerability can be triggered by sending GET request to specific uniform resource locator on the web configuration interface of the device. The security vulnerability could be exploited by an attacker with network access to the affected systems. An attacker could use the vulnerability to obtain sensitive information or change the device configuration. At the time of advisory publication no public exploitation of this security vulnerability was known.", }, { lang: "es", value: "Se ha identificado una vulnerabilidad en la familia de conmutadores SCALANCE X-300 (incl. X408 y variantes SIPLUS NET), SCALANCE X204RNA (HSR), SCALANCE X204RNA (PRP), SCALANCE X204RNA EEC (HSR), SCALANCE X204RNA EEC (PRP), SCALANCE X204RNA EEC (PRP/HSR), SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, revestido), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, revestido), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, revestido), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, revestido), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, revestido), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, revestido), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, revestido), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, revestido), SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, puertos en la parte delantera), SCALANCE XR324-12M (230V, puertos en la parte delantera), SCALANCE XR324-12M (230V, puertos en la parte trasera), SCALANCE XR324-12M (230V, puertos en la parte trasera), SCALANCE XR324-12M (24V, puertos en la parte delantera), SCALANCE XR324-12M (24V, puertos en la parte delantera), SCALANCE XR324-12M (24V, puertos en la parte trasera), SCALANCE XR324-12M (24V, puertos en la parte trasera), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, puertos en la parte delantera), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, puertos en la parte delantera), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, puertos en la parte trasera), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, puertos en la parte trasera), SCALANCE XR324-4M EEC (24V, puertos en la parte delantera), SCALANCE XR324-4M EEC (24V, puertos en la parte delantera), SCALANCE XR324-4M EEC (24V, puertos en la parte trasera), SCALANCE XR324-4M EEC (24V, puertos en la parte trasera), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, puertos en la parte delantera), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, puertos en la parte delantera), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, puertos en la parte trasera), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, puertos en la parte trasera), SCALANCE XR324-4M EEC (2x 24V, puertos en la parte delantera), SCALANCE XR324-4M EEC (2x 24V, puertos en la parte delantera), SCALANCE XR324-4M EEC (2x 24V, puertos en la parte trasera), SCALANCE XR324-4M EEC (2x 24V, puertos en la parte trasera), SCALANCE XR324-4M PoE (230V, puertos en la parte delantera), SCALANCE XR324-4M PoE (230V, puertos en la parte trasera), SCALANCE XR324-4M PoE (24V, puertos en la parte delantera), SCALANCE XR324-4M PoE (24V, puertos en la parte trasera), SCALANCE XR324-4M PoE TS (24V, puertos en la parte delantera), SIPLUS NET SCALANCE X308-2. Los dispositivos afectados contienen una vulnerabilidad que permite a un atacante no autentificado violar las reglas de control de acceso. La vulnerabilidad puede activarse enviando una solicitud GET a un localizador de recursos uniforme específico en la interfaz de configuración web del dispositivo. La vulnerabilidad de seguridad podría ser explotada por un atacante con acceso de red a los sistemas afectados. Un atacante podría utilizar la vulnerabilidad para obtener información sensible o cambiar la configuración del dispositivo. En el momento de la publicación del aviso no se conocía ninguna explotación pública de esta vulnerabilidad de seguridad", }, ], id: "CVE-2019-13933", lastModified: "2024-11-21T04:25:43.537", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 4.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-01-16T16:15:16.187", references: [ { source: "productcert@siemens.com", tags: [ "Vendor Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-443566.pdf", }, { source: "productcert@siemens.com", tags: [ "Third Party Advisory", ], url: "https://www.us-cert.gov/ics/advisories/icsa-20-014-03", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-443566.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.us-cert.gov/ics/advisories/icsa-20-014-03", }, ], sourceIdentifier: "productcert@siemens.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-306", }, ], source: "productcert@siemens.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-306", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-10-09 20:15
Modified
2024-11-21 04:31
Severity ?
Summary
OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an experimental key type, has a pre-authentication integer overflow if a client or server is configured to use a crafted XMSS key. This leads to memory corruption and local code execution because of an error in the XMSS key parsing algorithm. NOTE: the XMSS implementation is considered experimental in all released OpenSSH versions, and there is no supported way to enable it when building portable OpenSSH.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openbsd | openssh | * | |
| openbsd | openssh | * | |
| netapp | cloud_backup | - | |
| netapp | steelstore_cloud_integrated_storage | - | |
| siemens | scalance_x204rna_firmware | * | |
| siemens | scalance_x204rna | - | |
| siemens | scalance_x204rna_ecc_firmware | * | |
| siemens | scalance_x204rna_ecc | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*", matchCriteriaId: "4419F9A7-C91A-49F3-8424-0FC679147627", versionEndIncluding: "7.9", versionStartIncluding: "7.7", vulnerable: true, }, { criteria: "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*", matchCriteriaId: "7EDB383B-BB44-4FEA-917B-1BA5279DB478", versionEndExcluding: "8.1", versionStartIncluding: "8.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", matchCriteriaId: "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:scalance_x204rna_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0D3A0312-1249-4257-98F1-57E8959989C5", versionEndExcluding: "3.2.7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:scalance_x204rna:-:*:*:*:*:*:*:*", matchCriteriaId: "EA8B483F-0FD2-49F8-A86A-672A6E007949", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:scalance_x204rna_ecc_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0F4927F0-F350-431B-9762-009DC7660588", versionEndExcluding: "3.2.7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:scalance_x204rna_ecc:-:*:*:*:*:*:*:*", matchCriteriaId: "230B1F1A-8D69-4C66-8046-7D1DE3BEFEA1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an experimental key type, has a pre-authentication integer overflow if a client or server is configured to use a crafted XMSS key. This leads to memory corruption and local code execution because of an error in the XMSS key parsing algorithm. NOTE: the XMSS implementation is considered experimental in all released OpenSSH versions, and there is no supported way to enable it when building portable OpenSSH.", }, { lang: "es", value: "OpenSSH 7.7 a 7.9 y 8.x anterior de la versión 8.1, cuando se compila con un tipo de clave experimental, tiene un desbordamiento de entero de identificación previa si un cliente o servidor está configurado para usar una clave XMSS especialmente diseñada. Esto conduce a la corrupción de la memoria y la ejecución del código local debido a un error en el algoritmo de análisis de claves XMSS. NOTA: la implementación de XMSS se considera experimental en todas las versiones de OpenSSH lanzadas, y no hay una forma compatible para habilitarla al crear OpenSSH portátil.", }, ], id: "CVE-2019-16905", lastModified: "2024-11-21T04:31:18.910", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.4, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-10-09T20:15:23.503", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://0day.life/exploits/0day-1009.html", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1153537", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshkey-xmss.c", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshkey-xmss.c.diff?r1=1.5&r2=1.6&f=h", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201911-01", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20191024-0003/", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://ssd-disclosure.com/archives/4033/ssd-advisory-openssh-pre-auth-xmss-integer-overflow", }, { source: "cve@mitre.org", tags: [ "Release Notes", ], url: "https://www.openssh.com/releasenotes.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://www.openwall.com/lists/oss-security/2019/10/09/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://0day.life/exploits/0day-1009.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1153537", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshkey-xmss.c", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshkey-xmss.c.diff?r1=1.5&r2=1.6&f=h", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201911-01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20191024-0003/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://ssd-disclosure.com/archives/4033/ssd-advisory-openssh-pre-auth-xmss-integer-overflow", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://www.openssh.com/releasenotes.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://www.openwall.com/lists/oss-security/2019/10/09/1", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-190", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2003-05-12 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openbsd | openssh | * | |
| openbsd | openssh | 3.6.1 | |
| openpkg | openpkg | 1.2 | |
| openpkg | openpkg | 1.3 | |
| siemens | scalance_x204rna_ecc_firmware | * | |
| siemens | scalance_x204rna_ecc | - | |
| siemens | scalance_x204rna_firmware | * | |
| siemens | scalance_x204rna | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*", matchCriteriaId: "F0420843-E456-48A7-B46F-823090565FBC", versionEndExcluding: "3.6.1", vulnerable: true, }, { criteria: "cpe:2.3:a:openbsd:openssh:3.6.1:p1:*:*:*:*:*:*", matchCriteriaId: "5510F5B6-6505-4656-A3C0-1E8425B0D39D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:openpkg:openpkg:1.2:*:*:*:*:*:*:*", matchCriteriaId: "B6ADD463-E918-4F4D-9FA7-D109EBC98BD8", vulnerable: true, }, { criteria: "cpe:2.3:a:openpkg:openpkg:1.3:*:*:*:*:*:*:*", matchCriteriaId: "46B96764-9241-4586-9FA5-77D8D8EBE3BD", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:scalance_x204rna_ecc_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0F4927F0-F350-431B-9762-009DC7660588", versionEndExcluding: "3.2.7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:scalance_x204rna_ecc:-:*:*:*:*:*:*:*", matchCriteriaId: "230B1F1A-8D69-4C66-8046-7D1DE3BEFEA1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:scalance_x204rna_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0D3A0312-1249-4257-98F1-57E8959989C5", versionEndExcluding: "3.2.7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:scalance_x204rna:-:*:*:*:*:*:*:*", matchCriteriaId: "EA8B483F-0FD2-49F8-A86A-672A6E007949", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack.", }, { lang: "es", value: "OpenSSH-portable (OpenSSH) 3.6.1p1 y anteriores con soporte PAM activado envía inmediatamente un mensaje de error cuando un usuario no existe, lo que permite a atacantes remotos determinar nombres de usuario válidos mediante un ataque de temporización.", }, ], id: "CVE-2003-0190", lastModified: "2025-04-03T01:03:51.193", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2003-05-12T04:00:00.000", references: [ { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://lab.mediaservice.net/advisory/2003-01-openssh.txt", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://lists.grok.org.uk/pipermail/full-disclosure/2003-April/004815.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=105172058404810&w=2", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=106018677302607&w=2", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://www.redhat.com/support/errata/RHSA-2003-222.html", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://www.redhat.com/support/errata/RHSA-2003-224.html", }, { source: "cve@mitre.org", tags: [ "Broken Link", "Exploit", "Patch", "Third Party Advisory", "VDB Entry", "Vendor Advisory", ], url: "http://www.securityfocus.com/bid/7467", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://www.turbolinux.com/security/TLSA-2003-31.txt", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A445", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://lab.mediaservice.net/advisory/2003-01-openssh.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://lists.grok.org.uk/pipermail/full-disclosure/2003-April/004815.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=105172058404810&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=106018677302607&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.redhat.com/support/errata/RHSA-2003-222.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.redhat.com/support/errata/RHSA-2003-224.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Exploit", "Patch", "Third Party Advisory", "VDB Entry", "Vendor Advisory", ], url: "http://www.securityfocus.com/bid/7467", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.turbolinux.com/security/TLSA-2003-31.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A445", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-203", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-08-17 19:29
Modified
2024-11-21 03:50
Severity ?
Summary
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*", matchCriteriaId: "FC6DE0EB-7AC6-47A3-9759-43FFF9268312", versionEndIncluding: "7.7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", matchCriteriaId: "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", matchCriteriaId: "33C068A4-3780-4EAB-A937-6082DF847564", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", matchCriteriaId: "9BBCD86A-E6C7-4444-9D74-F861084090F0", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", matchCriteriaId: "51EF4996-72F4-4FA4-814F-F5991E7A8318", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", matchCriteriaId: "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", matchCriteriaId: "825ECE2D-E232-46E0-A047-074B34DB1E97", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", matchCriteriaId: "B5A6F2F3-4894-4392-8296-3B8DD2679084", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:cn1610_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "EB30733E-68FC-49C4-86C0-7FEE75C366BF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:cn1610:-:*:*:*:*:*:*:*", matchCriteriaId: "6361DAC6-600F-4B15-8797-D67F298F46FB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:aff_baseboard_management_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "5C0ADE5D-F91D-4E0D-B6C5-3511B19665F1", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", matchCriteriaId: "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*", matchCriteriaId: "E0C4B1E5-75BF-43AE-BBAC-0DD4124C71ED", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:fas_baseboard_management_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "6DD5AF44-1C16-4F25-84C1-8AE3CD89B7B1", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*", matchCriteriaId: "7E49ACFC-FD48-4ED7-86E8-68B5B753852C", versionStartIncluding: "9.4", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:ontap_select_deploy:-:*:*:*:*:*:*:*", matchCriteriaId: "7E968916-8CE0-4165-851F-14E37ECEA948", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:service_processor:-:*:*:*:*:*:*:*", matchCriteriaId: "146A767F-DC04-454B-9913-17D3A2B5AAA4", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vsphere:*:*", matchCriteriaId: "066C2961-E9C4-418E-82AF-1A7C35D5C085", versionStartIncluding: "7.2", vulnerable: true, }, { criteria: "cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*", matchCriteriaId: "1FED6CAE-D97F-49E0-9D00-1642A3A427B4", vulnerable: true, }, { criteria: "cpe:2.3:o:netapp:data_ontap:-:*:*:*:*:7-mode:*:*", matchCriteriaId: "392A1364-2739-450D-9E19-DFF93081C2C6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:vasa_provider:*:*:*:*:*:*:*:*", matchCriteriaId: "B65B11A5-728E-4952-824E-051DFC00259B", versionStartIncluding: "7.2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*", matchCriteriaId: "1FED6CAE-D97F-49E0-9D00-1642A3A427B4", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:storage_replication_adapter:*:*:*:*:*:vsphere:*:*", matchCriteriaId: "5717C329-984A-4A42-8FA6-7B4CF1D6F2D3", versionStartIncluding: "7.2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*", matchCriteriaId: "1FED6CAE-D97F-49E0-9D00-1642A3A427B4", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:sun_zfs_storage_appliance_kit:8.8.6:*:*:*:*:*:*:*", matchCriteriaId: "517A2282-C254-49EB-A52D-FC2B45E70ADD", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:scalance_x204rna_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0D3A0312-1249-4257-98F1-57E8959989C5", versionEndExcluding: "3.2.7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:scalance_x204rna:-:*:*:*:*:*:*:*", matchCriteriaId: "EA8B483F-0FD2-49F8-A86A-672A6E007949", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.", }, { lang: "es", value: "OpenSSH hasta la versión 7.7 es propenso a una vulnerabilidad de enumeración de usuarios debido a que no retrasa el rescate de un usuario de autenticación no válido hasta que el paquete que contiene la petición haya sido analizado completamente. Esto está relacionado con auth2-gss.c, auth2-hostbased.c, y auth2-pubkey.c.", }, ], id: "CVE-2018-15473", lastModified: "2024-11-21T03:50:53.157", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-08-17T19:29:00.223", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2018/08/15/5", }, { source: "cve@mitre.org", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/105140", }, { source: "cve@mitre.org", tags: [ "Broken Link", "Patch", "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1041487", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:0711", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:2143", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Mailing List", "Patch", "Third Party Advisory", ], url: "https://bugs.debian.org/906236", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/08/msg00022.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0011", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201810-03", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20181101-0001/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3809-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2018/dsa-4280", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/45210/", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/45233/", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/45939/", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2018/08/15/5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/105140", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Patch", "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1041487", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:0711", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:2143", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Mailing List", "Patch", "Third Party Advisory", ], url: "https://bugs.debian.org/906236", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/08/msg00022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0011", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201810-03", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20181101-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3809-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2018/dsa-4280", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/45210/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/45233/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/45939/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-362", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-06-14 16:29
Modified
2024-11-21 04:07
Severity ?
Summary
A vulnerability has been identified in RFID 181EIP (All versions), RUGGEDCOM Win (V4.4, V4.5, V5.0, and V5.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.3), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.4.1), SCALANCE X-200RNA switch family (All versions < V3.2.6), SCALANCE X-300 switch family (incl. SIPLUS NET variants) (All versions < V4.1.3), SCALANCE X408 (All versions < V4.1.3), SCALANCE X414 (All versions), SIMATIC RF182C (All versions). Unprivileged remote attackers located in the same local network segment (OSI Layer 2) could gain remote code execution on the affected products by sending a specially crafted DHCP response to a client's DHCP request.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:rfid_181-eip_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "9BD1CF0F-8773-458A-B895-AD7C28BE95B8", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:rfid_181-eip:-:*:*:*:*:*:*:*", matchCriteriaId: "D6E564B5-8196-46CA-8F31-3D8220C06144", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_wimax_firmware:4.4:*:*:*:*:*:*:*", matchCriteriaId: "DAD0FAEE-28AE-4B56-AAFF-46BEF95D8686", vulnerable: true, }, { criteria: "cpe:2.3:o:siemens:ruggedcom_wimax_firmware:4.5:*:*:*:*:*:*:*", matchCriteriaId: "77A98129-42ED-41BE-94D7-93AB6EDB9E1B", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_wimax:-:*:*:*:*:*:*:*", matchCriteriaId: "88B2BEB2-4A91-4EF1-8541-C2EBB79CCA1F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:scalance_x200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "82699DAE-653E-4892-AABE-BD7EB0D08224", versionEndExcluding: "5.2.3", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:scalance_x200:-:*:*:*:*:*:*:*", matchCriteriaId: "A59C91EA-5D1B-4970-8C36-BD76BA420B12", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:scalance_x200irt_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7AA7D616-B6B3-4883-9EC2-ED08C8F22D99", versionEndExcluding: "5.4.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:scalance_x200irt:-:*:*:*:*:*:*:*", matchCriteriaId: "B4201AF3-421F-4FD2-9449-2D89D2194250", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:scalance_x204rna_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "233B6B4C-1EB6-47AB-8485-7BB585641407", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:scalance_x204rna:-:*:*:*:*:*:*:*", matchCriteriaId: "EA8B483F-0FD2-49F8-A86A-672A6E007949", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:scalance_x300_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "6E05BF7A-928C-4BF3-963F-7168037DFD51", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:scalance_x300:-:*:*:*:*:*:*:*", matchCriteriaId: "E3F6299B-D7E3-4750-B016-7DCBC83C2287", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:scalance_x408_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "C003438B-9750-42D9-8DAE-93506BC023C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:scalance_x408:-:*:*:*:*:*:*:*", matchCriteriaId: "47F713E4-4B75-476E-BC21-92CA10198AE9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:scalance_x414_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "4EDB94AE-1ADF-468A-93BB-7DC0A2086AC2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:scalance_x414:-:*:*:*:*:*:*:*", matchCriteriaId: "7E4C1BEF-D6B4-4260-9AC5-6F903EF6F4B1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:simatic_rf182c_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "029686AF-F3F7-4A61-8DD0-22B9D357C614", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:simatic_rf182c:-:*:*:*:*:*:*:*", matchCriteriaId: "7540DAD9-2AAC-46A9-B1C5-BB1AC4FCE710", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability has been identified in RFID 181EIP (All versions), RUGGEDCOM Win (V4.4, V4.5, V5.0, and V5.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.3), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.4.1), SCALANCE X-200RNA switch family (All versions < V3.2.6), SCALANCE X-300 switch family (incl. SIPLUS NET variants) (All versions < V4.1.3), SCALANCE X408 (All versions < V4.1.3), SCALANCE X414 (All versions), SIMATIC RF182C (All versions). Unprivileged remote attackers located in the same local network segment (OSI Layer 2) could gain remote code execution on the affected products by sending a specially crafted DHCP response to a client's DHCP request.", }, { lang: "es", value: "Se ha identificado una vulnerabilidad en RFID 181-EIP (Todas las versiones), RUGGEDCOM Win (V4.4, V4.5, V5.0, and V5.1), familia de switches SCALANCE X-200 (incluidas las variantes SIPLUS NET) (Todas las versiones anteriores a la V5.2.3), familia de switches SCALANCE X-200IRT (incluidas las variantes SIPLUS NET) (Todas las versiones anteriores a V5.4.1), familia de switches SCALANCE X-200RNA (Todas las versiones anteriores a la V3.2.6), familia de switches SCALANCE X-300 (incluidas las variantes SIPLUS NET) (Todas las versiones anteriores a la V4.1.3), SCALANCE X408 (Todas las versiones anteriores a la V4.1.3), SCALANCE X414 (Todas las versiones), SIMATIC RF182C (Todas las versiones). Los atacantes remotos no privilegiados ubicados en el mismo segmento de red local (capa 2 de OSI) podrían obtener la ejecución remota de código en los productos afectados enviando una respuesta DHCP especialmente diseñada a la solicitud DHCP de un cliente.", }, ], id: "CVE-2018-4833", lastModified: "2024-11-21T04:07:32.737", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:A/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 6.5, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-06-14T16:29:00.333", references: [ { source: "productcert@siemens.com", tags: [ "Vendor Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-181018.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-181018.pdf", }, ], sourceIdentifier: "productcert@siemens.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-122", }, ], source: "productcert@siemens.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2019-01-31 18:29
Modified
2024-11-21 04:45
Severity ?
Summary
An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*", matchCriteriaId: "52D09A55-B853-43B5-8397-E2AC6CD0EBBC", versionEndIncluding: "7.9", vulnerable: true, }, { criteria: "cpe:2.3:a:winscp:winscp:*:*:*:*:*:*:*:*", matchCriteriaId: "3D0A98E2-B715-4EF5-9CF8-07500E119271", versionEndIncluding: "5.13", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", matchCriteriaId: "B5A6F2F3-4894-4392-8296-3B8DD2679084", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", matchCriteriaId: "07C312A0-CD2C-4B9C-B064-6409B25C278F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", matchCriteriaId: "85DF4B3F-4BBC-42B7-B729-096934523D63", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:ontap_select_deploy:-:*:*:*:*:*:*:*", matchCriteriaId: "7E968916-8CE0-4165-851F-14E37ECEA948", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*", matchCriteriaId: "7B7A6697-98CC-4E36-93DB-B7160F8399F9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*", matchCriteriaId: "92BC9265-6959-4D37-BE5E-8C45E98992F8", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*", matchCriteriaId: "831F0F47-3565-4763-B16F-C87B1FF2035E", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*", matchCriteriaId: "0E3F09B5-569F-4C58-9FCA-3C0953D107B5", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "6C3741B8-851F-475D-B428-523F4F722350", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*", matchCriteriaId: "6897676D-53F9-45B3-B27F-7FF9A4C58D33", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*", matchCriteriaId: "E28F226A-CBC7-4A32-BE58-398FA5B42481", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "76C24D94-834A-4E9D-8F73-624AFA99AAA2", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*", matchCriteriaId: "B09ACF2D-D83F-4A86-8185-9569605D8EE1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*", matchCriteriaId: "AC10D919-57FD-4725-B8D2-39ECB476902F", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "1272DF03-7674-4BD4-8E64-94004B195448", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:scalance_x204rna_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0D3A0312-1249-4257-98F1-57E8959989C5", versionEndExcluding: "3.2.7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:scalance_x204rna:-:*:*:*:*:*:*:*", matchCriteriaId: "EA8B483F-0FD2-49F8-A86A-672A6E007949", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:scalance_x204rna_eec_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FC0C9671-47BB-43CB-8906-9BC2B86B3229", versionEndExcluding: "3.2.7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:scalance_x204rna_eec:-:*:*:*:*:*:*:*", matchCriteriaId: "C834C295-D600-44E8-9783-49A319084F5A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "271CACEB-10F5-4CA8-9C99-3274F18EE62D", versionEndExcluding: "xcp2361", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:fujitsu:m10-1:-:*:*:*:*:*:*:*", matchCriteriaId: "983D27DE-BC89-454E-AE47-95A26A3651E2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "433EEE1B-134C-48F9-8688-23C5F1ABBF0F", versionEndExcluding: "xcp2361", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*", matchCriteriaId: "5825AEE1-B668-40BD-86A9-2799430C742C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "47FFEE5C-5DAE-4FAD-9651-7983DE092120", versionEndExcluding: "xcp2361", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*", matchCriteriaId: "3DA2D526-BDCF-4A65-914A-B3BA3A0CD613", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2FD8BD3B-C35B-4C44-B5A1-FA4646ACB374", versionEndExcluding: "xcp2361", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*", matchCriteriaId: "EE0CF40B-E5BD-4558-9321-184D58EF621D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "66D6EF49-7094-41D9-BDF5-AE5846E37418", versionEndExcluding: "xcp2361", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*", matchCriteriaId: "0F3C9C09-7B2B-4DB6-8BE0-35302ED35776", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6593DA00-EE33-4223-BEAE-8DC629E79287", versionEndExcluding: "xcp2361", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*", matchCriteriaId: "95503CE5-1D06-4092-A60D-D310AADCAFB1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "67E048EC-4A4F-4F0A-B0B5-F234700293DA", versionEndExcluding: "xcp3070", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:fujitsu:m10-1:-:*:*:*:*:*:*:*", matchCriteriaId: "983D27DE-BC89-454E-AE47-95A26A3651E2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FF6FAFAE-EBA5-43D2-9CA8-ECF3DD3B285E", versionEndExcluding: "xcp3070", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*", matchCriteriaId: "5825AEE1-B668-40BD-86A9-2799430C742C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "665502CB-FCC8-4619-B673-408F7190252A", versionEndExcluding: "xcp3070", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*", matchCriteriaId: "3DA2D526-BDCF-4A65-914A-B3BA3A0CD613", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "483F5457-7E06-46F3-A808-194289B98AFF", versionEndExcluding: "xcp3070", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*", matchCriteriaId: "EE0CF40B-E5BD-4558-9321-184D58EF621D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D5644E3E-941A-429A-9AFB-C1023659C1C2", versionEndExcluding: "xcp3070", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*", matchCriteriaId: "0F3C9C09-7B2B-4DB6-8BE0-35302ED35776", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0C1318DD-6AF4-490D-A4AE-079BA544EF8F", versionEndExcluding: "xcp3070", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*", matchCriteriaId: "95503CE5-1D06-4092-A60D-D310AADCAFB1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c.", }, { lang: "es", value: "Se ha descubierto un problema en OpenSSH 7.9. Debido a la falta de cifrado de caracteres en la pantalla de progreso, un servidor malicioso (o atacante Man-in-the-Middle) puede emplear nombres de objeto manipulados para manipular la salida del cliente, por ejemplo, empleando códigos de control de ANSI para ocultar los archivos adicionales que se están transfiriendo. Esto afecta a refresh_progress_meter() en progressmeter.c.", }, ], id: "CVE-2019-6109", lastModified: "2024-11-21T04:45:57.517", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 4.9, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-01-31T18:29:00.710", references: [ { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3702", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.c", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201903-16", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190213-0001/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3885-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4387", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3702", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.c", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201903-16", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190213-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3885-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4387", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-116", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
cve-2018-4833
Vulnerability from cvelistv5
Published
2018-06-14 16:00
Modified
2024-08-05 05:18
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in RFID 181EIP (All versions), RUGGEDCOM Win (V4.4, V4.5, V5.0, and V5.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.3), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.4.1), SCALANCE X-200RNA switch family (All versions < V3.2.6), SCALANCE X-300 switch family (incl. SIPLUS NET variants) (All versions < V4.1.3), SCALANCE X408 (All versions < V4.1.3), SCALANCE X414 (All versions), SIMATIC RF182C (All versions). Unprivileged remote attackers located in the same local network segment (OSI Layer 2) could gain remote code execution on the affected products by sending a specially crafted DHCP response to a client's DHCP request.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-181018.pdf | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | RFID 181EIP |
Version: All versions |
|||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T05:18:26.432Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-181018.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "RFID 181EIP", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { product: "RUGGEDCOM Win", vendor: "Siemens", versions: [ { status: "affected", version: "V4.4, V4.5, V5.0, and V5.1", }, ], }, { product: "SCALANCE X-200 switch family (incl. SIPLUS NET variants)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V5.2.3", }, ], }, { product: "SCALANCE X-200IRT switch family (incl. SIPLUS NET variants)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V5.4.1", }, ], }, { product: "SCALANCE X-200RNA switch family", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V3.2.6", }, ], }, { product: "SCALANCE X-300 switch family (incl. SIPLUS NET variants)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.1.3", }, ], }, { product: "SCALANCE X408", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.1.3", }, ], }, { product: "SCALANCE X414", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { product: "SIMATIC RF182C", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, ], datePublic: "2018-06-12T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability has been identified in RFID 181EIP (All versions), RUGGEDCOM Win (V4.4, V4.5, V5.0, and V5.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.3), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.4.1), SCALANCE X-200RNA switch family (All versions < V3.2.6), SCALANCE X-300 switch family (incl. SIPLUS NET variants) (All versions < V4.1.3), SCALANCE X408 (All versions < V4.1.3), SCALANCE X414 (All versions), SIMATIC RF182C (All versions). Unprivileged remote attackers located in the same local network segment (OSI Layer 2) could gain remote code execution on the affected products by sending a specially crafted DHCP response to a client's DHCP request.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2020-12-14T21:05:17", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-181018.pdf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "productcert@siemens.com", ID: "CVE-2018-4833", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "RFID 181EIP", version: { version_data: [ { version_value: "All versions", }, ], }, }, { product_name: "RUGGEDCOM Win", version: { version_data: [ { version_value: "V4.4, V4.5, V5.0, and V5.1", }, ], }, }, { product_name: "SCALANCE X-200 switch family (incl. SIPLUS NET variants)", version: { version_data: [ { version_value: "All versions < V5.2.3", }, ], }, }, { product_name: "SCALANCE X-200IRT switch family (incl. SIPLUS NET variants)", version: { version_data: [ { version_value: "All versions < V5.4.1", }, ], }, }, { product_name: "SCALANCE X-200RNA switch family", version: { version_data: [ { version_value: "All versions < V3.2.6", }, ], }, }, { product_name: "SCALANCE X-300 switch family (incl. SIPLUS NET variants)", version: { version_data: [ { version_value: "All versions < V4.1.3", }, ], }, }, { product_name: "SCALANCE X408", version: { version_data: [ { version_value: "All versions < V4.1.3", }, ], }, }, { product_name: "SCALANCE X414", version: { version_data: [ { version_value: "All versions", }, ], }, }, { product_name: "SIMATIC RF182C", version: { version_data: [ { version_value: "All versions", }, ], }, }, ], }, vendor_name: "Siemens", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability has been identified in RFID 181EIP (All versions), RUGGEDCOM Win (V4.4, V4.5, V5.0, and V5.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.3), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.4.1), SCALANCE X-200RNA switch family (All versions < V3.2.6), SCALANCE X-300 switch family (incl. SIPLUS NET variants) (All versions < V4.1.3), SCALANCE X408 (All versions < V4.1.3), SCALANCE X414 (All versions), SIMATIC RF182C (All versions). Unprivileged remote attackers located in the same local network segment (OSI Layer 2) could gain remote code execution on the affected products by sending a specially crafted DHCP response to a client's DHCP request.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-122: Heap-based Buffer Overflow", }, ], }, ], }, references: { reference_data: [ { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-181018.pdf", refsource: "MISC", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-181018.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2018-4833", datePublished: "2018-06-14T16:00:00", dateReserved: "2018-01-02T00:00:00", dateUpdated: "2024-08-05T05:18:26.432Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-6111
Vulnerability from cvelistv5
Published
2019-01-31 00:00
Modified
2024-08-04 20:16
Severity ?
EPSS score ?
Summary
An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file).
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T20:16:23.623Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "DSA-4387", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2019/dsa-4387", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20190213-0001/", }, { name: "106741", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securityfocus.com/bid/106741", }, { tags: [ "x_transferred", ], url: "https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c", }, { name: "USN-3885-1", tags: [ "vendor-advisory", "x_transferred", ], url: "https://usn.ubuntu.com/3885-1/", }, { name: "USN-3885-2", tags: [ "vendor-advisory", "x_transferred", ], url: "https://usn.ubuntu.com/3885-2/", }, { tags: [ "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1677794", }, { tags: [ "x_transferred", ], url: "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt", }, { name: "46193", tags: [ "exploit", "x_transferred", ], url: "https://www.exploit-db.com/exploits/46193/", }, { name: "GLSA-201903-16", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/201903-16", }, { name: "[debian-lts-announce] 20190325 [SECURITY] [DLA 1728-1] openssh security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html", }, { name: "[oss-security] 20190417 Announce: OpenSSH 8.0 released", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2019/04/18/1", }, { name: "FEDORA-2019-0f4190cdb0", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G/", }, { name: "[mina-dev] 20190620 [jira] [Created] (SSHD-925) See if SCP vulnerability CVE-2019-6111 applies and mitigate it if so", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/c45d9bc90700354b58fb7455962873c44229841880dcb64842fa7d23%40%3Cdev.mina.apache.org%3E", }, { name: "[mina-dev] 20190623 [jira] [Comment Edited] (SSHD-925) See if SCP vulnerability CVE-2019-6111 applies and mitigate it if so", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/c7301cab36a86825359e1b725fc40304d1df56dc6d107c1fe885148b%40%3Cdev.mina.apache.org%3E", }, { name: "[mina-dev] 20190623 [jira] [Commented] (SSHD-925) See if SCP vulnerability CVE-2019-6111 applies and mitigate it if so", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/e47597433b351d6e01a5d68d610b4ba195743def9730e49561e8cf3f%40%3Cdev.mina.apache.org%3E", }, { name: "openSUSE-SU-2019:1602", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.html", }, { name: "FreeBSD-EN-19:10", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.freebsd.org/security/advisories/FreeBSD-EN-19:10.scp.asc", }, { name: "[mina-dev] 20190820 [jira] [Resolved] (SSHD-925) See if SCP vulnerability CVE-2019-6111 applies and mitigate it if so", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/d540139359de999b0f1c87d05b715be4d7d4bec771e1ae55153c5c7a%40%3Cdev.mina.apache.org%3E", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, { name: "RHSA-2019:3702", tags: [ "vendor-advisory", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:3702", }, { name: "[oss-security] 20220802 CVE-2022-29154: Rsync client-side arbitrary file write vulnerability.", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/08/02/1", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2019-01-31T00:00:00", descriptions: [ { lang: "en", value: "An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file).", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-13T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "DSA-4387", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2019/dsa-4387", }, { url: "https://security.netapp.com/advisory/ntap-20190213-0001/", }, { name: "106741", tags: [ "vdb-entry", ], url: "http://www.securityfocus.com/bid/106741", }, { url: "https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c", }, { name: "USN-3885-1", tags: [ "vendor-advisory", ], url: "https://usn.ubuntu.com/3885-1/", }, { name: "USN-3885-2", tags: [ "vendor-advisory", ], url: "https://usn.ubuntu.com/3885-2/", }, { url: "https://bugzilla.redhat.com/show_bug.cgi?id=1677794", }, { url: "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt", }, { name: "46193", tags: [ "exploit", ], url: "https://www.exploit-db.com/exploits/46193/", }, { name: "GLSA-201903-16", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/201903-16", }, { name: "[debian-lts-announce] 20190325 [SECURITY] [DLA 1728-1] openssh security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html", }, { name: "[oss-security] 20190417 Announce: OpenSSH 8.0 released", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2019/04/18/1", }, { name: "FEDORA-2019-0f4190cdb0", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G/", }, { name: "[mina-dev] 20190620 [jira] [Created] (SSHD-925) See if SCP vulnerability CVE-2019-6111 applies and mitigate it if so", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/c45d9bc90700354b58fb7455962873c44229841880dcb64842fa7d23%40%3Cdev.mina.apache.org%3E", }, { name: "[mina-dev] 20190623 [jira] [Comment Edited] (SSHD-925) See if SCP vulnerability CVE-2019-6111 applies and mitigate it if so", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/c7301cab36a86825359e1b725fc40304d1df56dc6d107c1fe885148b%40%3Cdev.mina.apache.org%3E", }, { name: "[mina-dev] 20190623 [jira] [Commented] (SSHD-925) See if SCP vulnerability CVE-2019-6111 applies and mitigate it if so", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/e47597433b351d6e01a5d68d610b4ba195743def9730e49561e8cf3f%40%3Cdev.mina.apache.org%3E", }, { name: "openSUSE-SU-2019:1602", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.html", }, { name: "FreeBSD-EN-19:10", tags: [ "vendor-advisory", ], url: "https://www.freebsd.org/security/advisories/FreeBSD-EN-19:10.scp.asc", }, { name: "[mina-dev] 20190820 [jira] [Resolved] (SSHD-925) See if SCP vulnerability CVE-2019-6111 applies and mitigate it if so", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/d540139359de999b0f1c87d05b715be4d7d4bec771e1ae55153c5c7a%40%3Cdev.mina.apache.org%3E", }, { url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, { name: "RHSA-2019:3702", tags: [ "vendor-advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3702", }, { name: "[oss-security] 20220802 CVE-2022-29154: Rsync client-side arbitrary file write vulnerability.", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2022/08/02/1", }, { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-6111", datePublished: "2019-01-31T00:00:00", dateReserved: "2019-01-10T00:00:00", dateUpdated: "2024-08-04T20:16:23.623Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-16905
Vulnerability from cvelistv5
Published
2019-10-09 00:00
Modified
2024-08-05 01:24
Severity ?
EPSS score ?
Summary
OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an experimental key type, has a pre-authentication integer overflow if a client or server is configured to use a crafted XMSS key. This leads to memory corruption and local code execution because of an error in the XMSS key parsing algorithm. NOTE: the XMSS implementation is considered experimental in all released OpenSSH versions, and there is no supported way to enable it when building portable OpenSSH.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T01:24:48.454Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.openssh.com/releasenotes.html", }, { tags: [ "x_transferred", ], url: "https://www.openwall.com/lists/oss-security/2019/10/09/1", }, { tags: [ "x_transferred", ], url: "https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshkey-xmss.c.diff?r1=1.5&r2=1.6&f=h", }, { tags: [ "x_transferred", ], url: "https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshkey-xmss.c", }, { tags: [ "x_transferred", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1153537", }, { tags: [ "x_transferred", ], url: "https://0day.life/exploits/0day-1009.html", }, { tags: [ "x_transferred", ], url: "https://ssd-disclosure.com/archives/4033/ssd-advisory-openssh-pre-auth-xmss-integer-overflow", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20191024-0003/", }, { name: "GLSA-201911-01", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/201911-01", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an experimental key type, has a pre-authentication integer overflow if a client or server is configured to use a crafted XMSS key. This leads to memory corruption and local code execution because of an error in the XMSS key parsing algorithm. NOTE: the XMSS implementation is considered experimental in all released OpenSSH versions, and there is no supported way to enable it when building portable OpenSSH.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-13T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://www.openssh.com/releasenotes.html", }, { url: "https://www.openwall.com/lists/oss-security/2019/10/09/1", }, { url: "https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshkey-xmss.c.diff?r1=1.5&r2=1.6&f=h", }, { url: "https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshkey-xmss.c", }, { url: "https://bugzilla.suse.com/show_bug.cgi?id=1153537", }, { url: "https://0day.life/exploits/0day-1009.html", }, { url: "https://ssd-disclosure.com/archives/4033/ssd-advisory-openssh-pre-auth-xmss-integer-overflow", }, { url: "https://security.netapp.com/advisory/ntap-20191024-0003/", }, { name: "GLSA-201911-01", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/201911-01", }, { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-16905", datePublished: "2019-10-09T00:00:00", dateReserved: "2019-09-26T00:00:00", dateUpdated: "2024-08-05T01:24:48.454Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-20685
Vulnerability from cvelistv5
Published
2019-01-10 00:00
Modified
2024-08-05 12:05
Severity ?
EPSS score ?
Summary
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T12:05:17.712Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "DSA-4387", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2019/dsa-4387", }, { name: "USN-3885-1", tags: [ "vendor-advisory", "x_transferred", ], url: "https://usn.ubuntu.com/3885-1/", }, { tags: [ "x_transferred", ], url: "https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2", }, { tags: [ "x_transferred", ], url: "https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/scp.c.diff?r1=1.197&r2=1.198&f=h", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20190215-0001/", }, { name: "106531", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securityfocus.com/bid/106531", }, { tags: [ "x_transferred", ], url: "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt", }, { name: "GLSA-201903-16", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/201903-16", }, { name: "[debian-lts-announce] 20190325 [SECURITY] [DLA 1728-1] openssh security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, { name: "RHSA-2019:3702", tags: [ "vendor-advisory", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:3702", }, { name: "GLSA-202007-53", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202007-53", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2019-01-10T00:00:00", descriptions: [ { lang: "en", value: "In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-13T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "DSA-4387", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2019/dsa-4387", }, { name: "USN-3885-1", tags: [ "vendor-advisory", ], url: "https://usn.ubuntu.com/3885-1/", }, { url: "https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2", }, { url: "https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/scp.c.diff?r1=1.197&r2=1.198&f=h", }, { url: "https://security.netapp.com/advisory/ntap-20190215-0001/", }, { name: "106531", tags: [ "vdb-entry", ], url: "http://www.securityfocus.com/bid/106531", }, { url: "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt", }, { name: "GLSA-201903-16", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/201903-16", }, { name: "[debian-lts-announce] 20190325 [SECURITY] [DLA 1728-1] openssh security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html", }, { url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, { name: "RHSA-2019:3702", tags: [ "vendor-advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3702", }, { name: "GLSA-202007-53", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202007-53", }, { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-20685", datePublished: "2019-01-10T00:00:00", dateReserved: "2019-01-10T00:00:00", dateUpdated: "2024-08-05T12:05:17.712Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2003-0190
Vulnerability from cvelistv5
Published
2003-05-02 00:00
Modified
2024-08-08 01:43
Severity ?
EPSS score ?
Summary
OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T01:43:36.108Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2003:222", tags: [ "vendor-advisory", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2003-222.html", }, { name: "20030430 OpenSSH/PAM timing attack allows remote users identification", tags: [ "mailing-list", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=105172058404810&w=2", }, { name: "7467", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securityfocus.com/bid/7467", }, { name: "20030806 [OpenPKG-SA-2003.035] OpenPKG Security Advisory (openssh)", tags: [ "mailing-list", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=106018677302607&w=2", }, { name: "RHSA-2003:224", tags: [ "vendor-advisory", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2003-224.html", }, { name: "oval:org.mitre.oval:def:445", tags: [ "vdb-entry", "signature", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A445", }, { tags: [ "x_transferred", ], url: "http://lab.mediaservice.net/advisory/2003-01-openssh.txt", }, { name: "TLSA-2003-31", tags: [ "vendor-advisory", "x_transferred", ], url: "http://www.turbolinux.com/security/TLSA-2003-31.txt", }, { name: "20030430 OpenSSH/PAM timing attack allows remote users identification", tags: [ "mailing-list", "x_transferred", ], url: "http://lists.grok.org.uk/pipermail/full-disclosure/2003-April/004815.html", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2003-04-30T00:00:00", descriptions: [ { lang: "en", value: "OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-13T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "RHSA-2003:222", tags: [ "vendor-advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2003-222.html", }, { name: "20030430 OpenSSH/PAM timing attack allows remote users identification", tags: [ "mailing-list", ], url: "http://marc.info/?l=bugtraq&m=105172058404810&w=2", }, { name: "7467", tags: [ "vdb-entry", ], url: "http://www.securityfocus.com/bid/7467", }, { name: "20030806 [OpenPKG-SA-2003.035] OpenPKG Security Advisory (openssh)", tags: [ "mailing-list", ], url: "http://marc.info/?l=bugtraq&m=106018677302607&w=2", }, { name: "RHSA-2003:224", tags: [ "vendor-advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2003-224.html", }, { name: "oval:org.mitre.oval:def:445", tags: [ "vdb-entry", "signature", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A445", }, { url: "http://lab.mediaservice.net/advisory/2003-01-openssh.txt", }, { name: "TLSA-2003-31", tags: [ "vendor-advisory", ], url: "http://www.turbolinux.com/security/TLSA-2003-31.txt", }, { name: "20030430 OpenSSH/PAM timing attack allows remote users identification", tags: [ "mailing-list", ], url: "http://lists.grok.org.uk/pipermail/full-disclosure/2003-April/004815.html", }, { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2003-0190", datePublished: "2003-05-02T00:00:00", dateReserved: "2003-04-01T00:00:00", dateUpdated: "2024-08-08T01:43:36.108Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-6109
Vulnerability from cvelistv5
Published
2019-01-31 00:00
Modified
2024-08-04 20:16
Severity ?
EPSS score ?
Summary
An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T20:16:24.501Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "DSA-4387", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2019/dsa-4387", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20190213-0001/", }, { tags: [ "x_transferred", ], url: "https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c", }, { name: "USN-3885-1", tags: [ "vendor-advisory", "x_transferred", ], url: "https://usn.ubuntu.com/3885-1/", }, { tags: [ "x_transferred", ], url: "https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.c", }, { tags: [ "x_transferred", ], url: "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt", }, { name: "GLSA-201903-16", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/201903-16", }, { name: "[debian-lts-announce] 20190325 [SECURITY] [DLA 1728-1] openssh security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html", }, { name: "FEDORA-2019-0f4190cdb0", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G/", }, { name: "openSUSE-SU-2019:1602", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.html", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, { name: "RHSA-2019:3702", tags: [ "vendor-advisory", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:3702", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2019-01-31T00:00:00", descriptions: [ { lang: "en", value: "An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-13T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "DSA-4387", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2019/dsa-4387", }, { url: "https://security.netapp.com/advisory/ntap-20190213-0001/", }, { url: "https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c", }, { name: "USN-3885-1", tags: [ "vendor-advisory", ], url: "https://usn.ubuntu.com/3885-1/", }, { url: "https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.c", }, { url: "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt", }, { name: "GLSA-201903-16", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/201903-16", }, { name: "[debian-lts-announce] 20190325 [SECURITY] [DLA 1728-1] openssh security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html", }, { name: "FEDORA-2019-0f4190cdb0", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G/", }, { name: "openSUSE-SU-2019:1602", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.html", }, { url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, { name: "RHSA-2019:3702", tags: [ "vendor-advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3702", }, { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-6109", datePublished: "2019-01-31T00:00:00", dateReserved: "2019-01-10T00:00:00", dateUpdated: "2024-08-04T20:16:24.501Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-15473
Vulnerability from cvelistv5
Published
2018-08-17 00:00
Modified
2024-08-05 09:54
Severity ?
EPSS score ?
Summary
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T09:54:03.508Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "GLSA-201810-03", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/201810-03", }, { name: "1041487", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securitytracker.com/id/1041487", }, { name: "45233", tags: [ "exploit", "x_transferred", ], url: "https://www.exploit-db.com/exploits/45233/", }, { tags: [ "x_transferred", ], url: "https://bugs.debian.org/906236", }, { name: "45210", tags: [ "exploit", "x_transferred", ], url: "https://www.exploit-db.com/exploits/45210/", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20181101-0001/", }, { tags: [ "x_transferred", ], url: "https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0", }, { name: "USN-3809-1", tags: [ "vendor-advisory", "x_transferred", ], url: "https://usn.ubuntu.com/3809-1/", }, { name: "[debian-lts-announce] 20180821 [SECURITY] [DLA-1474-1] openssh security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2018/08/msg00022.html", }, { name: "105140", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securityfocus.com/bid/105140", }, { name: "DSA-4280", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2018/dsa-4280", }, { name: "45939", tags: [ "exploit", "x_transferred", ], url: "https://www.exploit-db.com/exploits/45939/", }, { tags: [ "x_transferred", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0011", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2018/08/15/5", }, { name: "RHSA-2019:0711", tags: [ "vendor-advisory", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:0711", }, { name: "RHSA-2019:2143", tags: [ "vendor-advisory", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:2143", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-08-17T00:00:00", descriptions: [ { lang: "en", value: "OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-13T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "GLSA-201810-03", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/201810-03", }, { name: "1041487", tags: [ "vdb-entry", ], url: "http://www.securitytracker.com/id/1041487", }, { name: "45233", tags: [ "exploit", ], url: "https://www.exploit-db.com/exploits/45233/", }, { url: "https://bugs.debian.org/906236", }, { name: "45210", tags: [ "exploit", ], url: "https://www.exploit-db.com/exploits/45210/", }, { url: "https://security.netapp.com/advisory/ntap-20181101-0001/", }, { url: "https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0", }, { name: "USN-3809-1", tags: [ "vendor-advisory", ], url: "https://usn.ubuntu.com/3809-1/", }, { name: "[debian-lts-announce] 20180821 [SECURITY] [DLA-1474-1] openssh security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2018/08/msg00022.html", }, { name: "105140", tags: [ "vdb-entry", ], url: "http://www.securityfocus.com/bid/105140", }, { name: "DSA-4280", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2018/dsa-4280", }, { name: "45939", tags: [ "exploit", ], url: "https://www.exploit-db.com/exploits/45939/", }, { url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0011", }, { url: "http://www.openwall.com/lists/oss-security/2018/08/15/5", }, { name: "RHSA-2019:0711", tags: [ "vendor-advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:0711", }, { name: "RHSA-2019:2143", tags: [ "vendor-advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:2143", }, { url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-15473", datePublished: "2018-08-17T00:00:00", dateReserved: "2018-08-17T00:00:00", dateUpdated: "2024-08-05T09:54:03.508Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-13933
Vulnerability from cvelistv5
Published
2020-01-16 00:00
Modified
2024-08-05 00:05
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SCALANCE X204RNA (HSR), SCALANCE X204RNA (PRP), SCALANCE X204RNA EEC (HSR), SCALANCE X204RNA EEC (PRP), SCALANCE X204RNA EEC (PRP/HSR), SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. Affected devices contain a vulnerability that allows an unauthenticated attacker to violate access-control rules. The vulnerability can be triggered by sending GET request to specific uniform resource locator on the web configuration interface of the device. The security vulnerability could be exploited by an attacker with network access to the affected systems. An attacker could use the vulnerability to obtain sensitive information or change the device configuration. At the time of advisory publication no public exploitation of this security vulnerability was known.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T00:05:43.965Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-443566.pdf", }, { tags: [ "x_transferred", ], url: "https://www.us-cert.gov/ics/advisories/icsa-20-014-03", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "SCALANCE X204RNA (HSR)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V3.2.7", }, ], }, { product: "SCALANCE X204RNA (PRP)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V3.2.7", }, ], }, { product: "SCALANCE X204RNA EEC (HSR)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V3.2.7", }, ], }, { product: "SCALANCE X204RNA EEC (PRP)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V3.2.7", }, ], }, { product: "SCALANCE X204RNA EEC (PRP/HSR)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V3.2.7", }, ], }, { product: "SCALANCE X302-7 EEC (230V)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.1.3", }, ], }, { product: "SCALANCE X302-7 EEC (230V, coated)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.1.3", }, ], }, { product: "SCALANCE X302-7 EEC (24V)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.1.3", }, ], }, { product: "SCALANCE X302-7 EEC (24V, coated)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.1.3", }, ], }, { product: "SCALANCE X302-7 EEC (2x 230V)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.1.3", }, ], }, { product: "SCALANCE X302-7 EEC (2x 230V, coated)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.1.3", }, ], }, { product: "SCALANCE X302-7 EEC (2x 24V)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.1.3", }, ], }, { product: "SCALANCE X302-7 EEC (2x 24V, coated)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.1.3", }, ], }, { product: "SCALANCE X304-2FE", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.1.3", }, ], }, { product: "SCALANCE X306-1LD FE", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.1.3", }, ], }, { product: "SCALANCE X307-2 EEC (230V)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.1.3", }, ], }, { product: "SCALANCE X307-2 EEC (230V, coated)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.1.3", }, ], }, { product: "SCALANCE X307-2 EEC (24V)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.1.3", }, ], }, { product: "SCALANCE X307-2 EEC (24V, coated)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.1.3", }, ], }, { product: "SCALANCE X307-2 EEC (2x 230V)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.1.3", }, ], }, { product: "SCALANCE X307-2 EEC (2x 230V, coated)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.1.3", }, ], }, { product: "SCALANCE X307-2 EEC (2x 24V)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.1.3", }, ], }, { product: "SCALANCE X307-2 EEC (2x 24V, coated)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.1.3", }, ], }, { product: "SCALANCE X307-3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.1.3", }, ], }, { product: "SCALANCE X307-3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.1.3", }, ], }, { product: "SCALANCE X307-3LD", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.1.3", }, ], }, { product: "SCALANCE X307-3LD", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.1.3", }, ], }, { product: "SCALANCE X308-2", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.1.3", }, ], }, { product: "SCALANCE X308-2", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.1.3", }, ], }, { product: "SCALANCE X308-2LD", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.1.3", }, ], }, { product: "SCALANCE X308-2LD", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.1.3", }, ], }, { product: "SCALANCE X308-2LH", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.1.3", }, ], }, { product: "SCALANCE X308-2LH", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.1.3", }, ], }, { product: "SCALANCE X308-2LH+", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.1.3", }, ], }, { product: "SCALANCE X308-2LH+", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.1.3", }, ], }, { product: "SCALANCE X308-2M", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.1.3", }, ], }, { product: "SCALANCE X308-2M", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.1.3", }, ], }, { product: "SCALANCE X308-2M PoE", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.1.3", }, ], }, { product: "SCALANCE X308-2M PoE", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.1.3", }, ], }, { product: "SCALANCE X308-2M TS", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.1.3", }, ], }, { product: "SCALANCE X308-2M TS", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.1.3", }, ], }, { product: "SCALANCE X310", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.1.3", }, ], }, { product: "SCALANCE X310", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.1.3", }, ], }, { product: "SCALANCE X310FE", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.1.3", }, ], }, { product: "SCALANCE X310FE", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.1.3", }, ], }, { product: "SCALANCE X320-1 FE", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.1.3", }, ], }, { product: "SCALANCE X320-1-2LD FE", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.1.3", }, ], }, { product: "SCALANCE X408-2", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.1.3", }, ], }, { product: "SCALANCE XR324-12M (230V, ports on front)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.1.3", }, ], }, { product: "SCALANCE XR324-12M (230V, ports on front)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.1.3", }, ], }, { product: "SCALANCE XR324-12M (230V, ports on rear)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.1.3", }, ], }, { product: "SCALANCE XR324-12M (230V, ports on rear)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.1.3", }, ], }, { product: "SCALANCE XR324-12M (24V, ports on front)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.1.3", }, ], }, { product: "SCALANCE XR324-12M (24V, ports on front)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.1.3", }, ], }, { product: "SCALANCE XR324-12M (24V, ports on rear)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.1.3", }, ], }, { product: "SCALANCE XR324-12M (24V, ports on rear)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.1.3", }, ], }, { product: "SCALANCE XR324-12M TS (24V)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.1.3", }, ], }, { product: "SCALANCE XR324-12M TS (24V)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.1.3", }, ], }, { product: "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.1.3", }, ], }, { product: "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.1.3", }, ], }, { product: "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.1.3", }, ], }, { product: "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.1.3", }, ], }, { product: "SCALANCE XR324-4M EEC (24V, ports on front)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.1.3", }, ], }, { product: "SCALANCE XR324-4M EEC (24V, ports on front)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.1.3", }, ], }, { product: "SCALANCE XR324-4M EEC (24V, ports on rear)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.1.3", }, ], }, { product: "SCALANCE XR324-4M EEC (24V, ports on rear)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.1.3", }, ], }, { product: "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.1.3", }, ], }, { product: "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.1.3", }, ], }, { product: "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.1.3", }, ], }, { product: "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.1.3", }, ], }, { product: "SCALANCE XR324-4M EEC (2x 24V, ports on front)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.1.3", }, ], }, { product: "SCALANCE XR324-4M EEC (2x 24V, ports on front)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.1.3", }, ], }, { product: "SCALANCE XR324-4M EEC (2x 24V, ports on rear)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.1.3", }, ], }, { product: "SCALANCE XR324-4M EEC (2x 24V, ports on rear)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.1.3", }, ], }, { product: "SCALANCE XR324-4M PoE (230V, ports on front)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.1.3", }, ], }, { product: "SCALANCE XR324-4M PoE (230V, ports on rear)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.1.3", }, ], }, { product: "SCALANCE XR324-4M PoE (24V, ports on front)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.1.3", }, ], }, { product: "SCALANCE XR324-4M PoE (24V, ports on rear)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.1.3", }, ], }, { product: "SCALANCE XR324-4M PoE TS (24V, ports on front)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.1.3", }, ], }, { product: "SIPLUS NET SCALANCE X308-2", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.1.3", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in SCALANCE X204RNA (HSR), SCALANCE X204RNA (PRP), SCALANCE X204RNA EEC (HSR), SCALANCE X204RNA EEC (PRP), SCALANCE X204RNA EEC (PRP/HSR), SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. Affected devices contain a vulnerability that allows an unauthenticated attacker to violate access-control rules. The vulnerability can be triggered by sending GET request to specific uniform resource locator on the web configuration interface of the device. The security vulnerability could be exploited by an attacker with network access to the affected systems. An attacker could use the vulnerability to obtain sensitive information or change the device configuration. At the time of advisory publication no public exploitation of this security vulnerability was known.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-306", description: "CWE-306: Missing Authentication for Critical Function", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-13T00:00:00", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-443566.pdf", }, { url: "https://www.us-cert.gov/ics/advisories/icsa-20-014-03", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2019-13933", datePublished: "2020-01-16T00:00:00", dateReserved: "2019-07-18T00:00:00", dateUpdated: "2024-08-05T00:05:43.965Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-6110
Vulnerability from cvelistv5
Published
2019-01-31 00:00
Modified
2024-08-04 20:16
Severity ?
EPSS score ?
Summary
In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.netapp.com/advisory/ntap-20190213-0001/ | ||
| https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c | ||
| https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.c | ||
| https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt | ||
| https://www.exploit-db.com/exploits/46193/ | exploit | |
| https://security.gentoo.org/glsa/201903-16 | vendor-advisory | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T20:16:24.236Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20190213-0001/", }, { tags: [ "x_transferred", ], url: "https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c", }, { tags: [ "x_transferred", ], url: "https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.c", }, { tags: [ "x_transferred", ], url: "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt", }, { name: "46193", tags: [ "exploit", "x_transferred", ], url: "https://www.exploit-db.com/exploits/46193/", }, { name: "GLSA-201903-16", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/201903-16", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2019-01-31T00:00:00", descriptions: [ { lang: "en", value: "In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-13T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://security.netapp.com/advisory/ntap-20190213-0001/", }, { url: "https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c", }, { url: "https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.c", }, { url: "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt", }, { name: "46193", tags: [ "exploit", ], url: "https://www.exploit-db.com/exploits/46193/", }, { name: "GLSA-201903-16", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/201903-16", }, { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-6110", datePublished: "2019-01-31T00:00:00", dateReserved: "2019-01-10T00:00:00", dateUpdated: "2024-08-04T20:16:24.236Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }