CVE-2020-15778

CWE-78 — OS Command Injection CWE-77 — Command Injection9 documents8 sources

Severity

7.4HIGH

EPSS

61.5%

top 1.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openbsd Openssh Netapp Active IQ Unified Manager

Timeline

PublishedJul 24

Latest updateMay 24

Description

scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows."

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 1.5 | Impact: 5.9

Affected Packages2 packages

▶NVDopenbsd/openssh< 8.3+1

▶NVDnetapp/active_iq_unified_manager

🔴Vulnerability Details

GHSA

GHSA-cvxm-8hgf-6m6m: scp in OpenSSH through 8↗2022-05-24

▶

OSV

CVE-2020-15778: scp in OpenSSH through 8↗2020-07-24

▶

CVEList

CVE-2020-15778: scp in OpenSSH through 8↗2020-07-24

▶

📋Vendor Advisories

Red Hat

openssh: scp allows command injection when using backtick characters in the destination argument↗2020-07-18

▶

Microsoft

scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that the↗2020-07-14

▶

Debian

CVE-2020-15778: openssh - scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote func...↗2020

▶

💬Community

Bugzilla

CVE-2020-15778 openssh: scp allows command injection when using backtick characters in the destination argument [fedora-all]↗2020-07-24

▶

Bugzilla

CVE-2020-15778 openssh: scp allows command injection when using backtick characters in the destination argument↗2020-07-24

▶