⚠ Exploited in the wild
Exploitation observed in the wild. Not yet on CISA KEV.

CVE-2019-6111Path Traversal in Openssh

CWE-22Path TraversalCWE-20Improper Input Validation19 documents12 sources
Severity
5.9MEDIUMNVD
EPSS
54.4%
top 1.97%
CISA KEV
Not in KEV
Exploit
Exploited in wild
Active exploitation observed
Affected products
20
Openbsd OpensshFreebsdFujitsu M10-1 Firmware+17 more
Timeline
PublishedJan 31
Latest updateFeb 10

Description

An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirecto

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages15 packages

Debianopenbsd/openssh< 1:7.9p1-9+3
Ubuntuopenbsd/openssh< 1:6.6p1-2ubuntu2.13+2
NVDfreebsd/freebsd< 12.0+1
NVDfujitsu/m10-1_firmware< xcp2361+1

Also affects: Debian Linux 8.0, 9.0, Fedora 30, Ubuntu Linux 14.04, 16.04, 18.04, 18.10, Enterprise Linux 7.0, 8.0, 8.1, 8.2, 8.4, 8.6

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

5
GHSA
GHSA-jr78-hfw4-xp7g: An issue was discovered in OpenSSH 72022-05-13
OSV
openssh vulnerability2019-03-04
CVEList
CVE-2019-6111: An issue was discovered in OpenSSH 72019-01-31
OSV
CVE-2019-6111: An issue was discovered in OpenSSH 72019-01-31
VulnCheck
OpenBSD openssh Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')2019

💥Exploits & PoCs

2
Exploit-DB
SCP Client - Multiple Vulnerabilities (SSHtranger Things)2019-01-18
Exploit-DB
OpenSSH SCP Client - Write Arbitrary Files2019-01-11

📋Vendor Advisories

8
Red Hat
libssh: Improper sanitation of paths received from SCP servers2026-02-10
Palo Alto
PAN-SA-2024-0003 Informational Bulletin: Impact of OSS CVEs in Prisma SD-WAN ION2024-04-05
Red Hat
krb5-appl: Improper validation of object names allows malicious server to overwrite files via rcp client2021-02-02
Ubuntu
OpenSSH vulnerability2019-03-04
Ubuntu
OpenSSH vulnerabilities2019-02-07

🕵️Threat Intelligence

1
Wiz
CVE-2026-0964 Impact, Exploitability, and Mitigation Steps | Wiz

💬Community

2
Bugzilla
CVE-2019-6111 openssh: Improper validation of object names allows malicious server to overwrite files via scp client [fedora-all]2019-01-15
Bugzilla
CVE-2019-6111 openssh: Improper validation of object names allows malicious server to overwrite files via scp client2019-01-15
CVE-2019-6111 — Path Traversal in Openbsd Openssh | cvebase