{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2019-6110", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-04T20:16:24.236Z", "dateReserved": "2019-01-10T00:00:00", "datePublished": "2019-01-31T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2022-12-13T00:00:00"}, "descriptions": [{"lang": "en", "value": "In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://security.netapp.com/advisory/ntap-20190213-0001/"}, {"url": "https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c"}, {"url": "https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.c"}, {"url": "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt"}, {"name": "46193", "tags": ["exploit"], "url": "https://www.exploit-db.com/exploits/46193/"}, {"name": "GLSA-201903-16", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/201903-16"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}], "datePublic": "2019-01-31T00:00:00"}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T20:16:24.236Z"}, "title": "CVE Program Container", "references": [{"url": "https://security.netapp.com/advisory/ntap-20190213-0001/", "tags": ["x_transferred"]}, {"url": "https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c", "tags": ["x_transferred"]}, {"url": "https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.c", "tags": ["x_transferred"]}, {"url": "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt", "tags": ["x_transferred"]}, {"name": "46193", "tags": ["exploit", "x_transferred"], "url": "https://www.exploit-db.com/exploits/46193/"}, {"name": "GLSA-201903-16", "tags": ["vendor-advisory", "x_transferred"], "url": "https://security.gentoo.org/glsa/201903-16"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*", "matchCriteriaId": "52D09A55-B853-43B5-8397-E2AC6CD0EBBC", "versionEndIncluding": "7.9", "vulnerable": true}, {"criteria": "cpe:2.3:a:winscp:winscp:*:*:*:*:*:*:*:*", "matchCriteriaId": "3D0A98E2-B715-4EF5-9CF8-07500E119271", "versionEndIncluding": "5.13", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:ontap_select_deploy:-:*:*:*:*:*:*:*", "matchCriteriaId": "7E968916-8CE0-4165-851F-14E37ECEA948", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*", "matchCriteriaId": "7B7A6697-98CC-4E36-93DB-B7160F8399F9", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:scalance_x204rna_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0D3A0312-1249-4257-98F1-57E8959989C5", "versionEndExcluding": "3.2.7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:scalance_x204rna:-:*:*:*:*:*:*:*", "matchCriteriaId": "EA8B483F-0FD2-49F8-A86A-672A6E007949", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:scalance_x204rna_eec_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FC0C9671-47BB-43CB-8906-9BC2B86B3229", "versionEndExcluding": "3.2.7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:scalance_x204rna_eec:-:*:*:*:*:*:*:*", "matchCriteriaId": "C834C295-D600-44E8-9783-49A319084F5A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred."}, {"lang": "es", "value": "En OpenSSH 7.9, debido a la aceptaci\u00f3n y la nuestra de salidas stderr arbitrarias del servidor, un servidor malicioso (o atacante Man-in-the-Middle) puede manipular la salida del cliente, por ejemplo, para emplear c\u00f3digos de control de ANSI para ocultar los archivos adicionales que se est\u00e1n transfiriendo."}], "id": "CVE-2019-6110", "lastModified": "2024-11-21T04:45:57.737", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-01-31T18:29:00.807", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"}, {"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.c"}, {"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201903-16"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20190213-0001/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/46193/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201903-16"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20190213-0001/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/46193/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-838"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "openssh: Acceptance and display of arbitrary stderr allows for spoofing of scp client output", "id": "1666124", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666124"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "status": "draft"}, "cwe": "CWE-451", "details": ["In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred."], "mitigation": {"lang": "en:us", "value": "This issue only affects the users of scp binary which is a part of openssh-clients package. Other usage of SSH protocol or other ssh clients is not affected. Administrators can uninstall openssh-clients for additional protection against accidental usage of this binary. Removing the openssh-clients package will make binaries like scp and ssh etc unavailable on that system.\nNote: To exploit this flaw, the victim needs to connect to a malicious SSH server or MITM (Man-in-the-middle) the scp connection, both of which can be detected by the system administrator via a change in the host key of the SSH server. Further, if connections via scp are made to only trusted SSH servers, then those use-cases are not vulnerable to this security flaw."}, "name": "CVE-2019-6110", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Out of support scope", "package_name": "openssh", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "openssh", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "openssh", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "openssh", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2018-11-16T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-6110\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-6110\nhttps://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt"], "statement": "This issue affects the scp client shipped with openssh. The SSH protocol or the SSH client is not affected. For more detailed analysis please refer to: https://bugzilla.redhat.com/show_bug.cgi?id=1666124#c2", "threat_severity": "Low"}