CVE-2020-12062 — Improper Input Validation in Openssh

CWE-20 — Improper Input Validation8 documents8 sources

Severity

7.5HIGHNVD

EPSS

0.8%

top 25.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openbsd Openssh Paloalto Prisma SD

Timeline

PublishedJun 1

Latest updateApr 5

Description

The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicious unprivileged user on the remote server to overwrite arbitrary files in the client's download directory by creating a crafted subdirectory anywhere on the remote server. The victim must use the command scp -rp to download a file hierarchy containing, anywhere inside, this crafted subdirectory. NOTE: the vendor points out that "this attack can achieve no mor…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶Debianopenbsd/openssh< 1:8.3p1-1+3

▶NVDopenbsd/openssh8.2

▶Palo Altopaloalto/prisma_sd

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-843q-w84q-c7qg: ** DISPUTED ** The scp client in OpenSSH 8↗2022-05-24

▶

CVEList

CVE-2020-12062: The scp client in OpenSSH 8↗2020-06-01

▶

OSV

CVE-2020-12062: The scp client in OpenSSH 8↗2020-06-01

▶

📋Vendor Advisories

Palo Alto

PAN-SA-2024-0003 Informational Bulletin: Impact of OSS CVEs in Prisma SD-WAN ION↗2024-04-05

▶

Red Hat

openssh: scp can send duplicate responses to the server upon a utimes system call failure leading to overwrite of arbitrary files↗2020-05-27

▶

Debian

CVE-2020-12062: openssh - The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the serve...↗2020

▶

💬Community

Bugzilla

CVE-2020-12062 openssh: scp can send duplicate responses to the server upon a utimes system call failure leading to overwrite of arbitrary files↗2020-07-06

▶