CVE-2018-20685
published 2019-01-10CVE-2018-20685: In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact…
medium5.3CVSS 3.1
AVNACHPRNUIRSUCNIHAN
ITW
Exploited in the wild
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.
Affected
53 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | dropbear | < dropbear 2020.79-1 (bookworm) | dropbear 2020.79-1 (bookworm) |
| debian | netkit-rsh | < netkit-rsh 0.17-20 (bookworm) | netkit-rsh 0.17-20 (bookworm) |
| debian | openssh | < openssh 1:7.9p1-5 (bookworm) | openssh 1:7.9p1-5 (bookworm) |
| dropbear_ssh_project | dropbear_ssh | < 2020.79 | 2020.79 |
| dropbear_ssh_project | dropbear_ssh | >= 0 < 2020.79-1 | 2020.79-1 |
| dropbear_ssh_project | dropbear_ssh | >= 0 < 2020.79-1 | 2020.79-1 |
| dropbear_ssh_project | dropbear_ssh | >= 0 < 2020.79-1 | 2020.79-1 |
| dropbear_ssh_project | dropbear_ssh | >= 0 < 2020.79-1 | 2020.79-1 |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fujitsu | m10-1_firmware | < xcp2361 | xcp2361 |
| fujitsu | m10-1_firmware | < xcp3070 | xcp3070 |
| fujitsu | m10-4_firmware | < xcp2361 | xcp2361 |
| fujitsu | m10-4_firmware | < xcp3070 | xcp3070 |
| fujitsu | m10-4s_firmware | < xcp2361 | xcp2361 |
| fujitsu | m10-4s_firmware | < xcp3070 | xcp3070 |
| fujitsu | m12-1_firmware | < xcp2361 | xcp2361 |
| fujitsu | m12-1_firmware | < xcp3070 | xcp3070 |
CVSS provenance
nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
osv5.3MEDIUM
vulncheck5.3MEDIUM