{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2019-6110", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-04T20:16:24.236Z", "dateReserved": "2019-01-10T00:00:00", "datePublished": "2019-01-31T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2022-12-13T00:00:00"}, "descriptions": [{"lang": "en", "value": "In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://security.netapp.com/advisory/ntap-20190213-0001/"}, {"url": "https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c"}, {"url": "https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.c"}, {"url": "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt"}, {"name": "46193", "tags": ["exploit"], "url": "https://www.exploit-db.com/exploits/46193/"}, {"name": "GLSA-201903-16", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/201903-16"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}], "datePublic": "2019-01-31T00:00:00"}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T20:16:24.236Z"}, "title": "CVE Program Container", "references": [{"url": "https://security.netapp.com/advisory/ntap-20190213-0001/", "tags": ["x_transferred"]}, {"url": "https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c", "tags": ["x_transferred"]}, {"url": "https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.c", "tags": ["x_transferred"]}, {"url": "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt", "tags": ["x_transferred"]}, {"name": "46193", "tags": ["exploit", "x_transferred"], "url": "https://www.exploit-db.com/exploits/46193/"}, {"name": "GLSA-201903-16", "tags": ["vendor-advisory", "x_transferred"], "url": "https://security.gentoo.org/glsa/201903-16"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*", "matchCriteriaId": "52D09A55-B853-43B5-8397-E2AC6CD0EBBC", "versionEndIncluding": "7.9", "vulnerable": true}, {"criteria": "cpe:2.3:a:winscp:winscp:*:*:*:*:*:*:*:*", "matchCriteriaId": "3D0A98E2-B715-4EF5-9CF8-07500E119271", "versionEndIncluding": "5.13", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:ontap_select_deploy:-:*:*:*:*:*:*:*", "matchCriteriaId": "7E968916-8CE0-4165-851F-14E37ECEA948", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*", "matchCriteriaId": "7B7A6697-98CC-4E36-93DB-B7160F8399F9", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:scalance_x204rna_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0D3A0312-1249-4257-98F1-57E8959989C5", "versionEndExcluding": "3.2.7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:scalance_x204rna:-:*:*:*:*:*:*:*", "matchCriteriaId": "EA8B483F-0FD2-49F8-A86A-672A6E007949", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:scalance_x204rna_eec_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FC0C9671-47BB-43CB-8906-9BC2B86B3229", "versionEndExcluding": "3.2.7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:scalance_x204rna_eec:-:*:*:*:*:*:*:*", "matchCriteriaId": "C834C295-D600-44E8-9783-49A319084F5A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred."}, {"lang": "es", "value": "En OpenSSH 7.9, debido a la aceptaci\u00f3n y la nuestra de salidas stderr arbitrarias del servidor, un servidor malicioso (o atacante Man-in-the-Middle) puede manipular la salida del cliente, por ejemplo, para emplear c\u00f3digos de control de ANSI para ocultar los archivos adicionales que se est\u00e1n transfiriendo."}], "id": "CVE-2019-6110", "lastModified": "2024-11-21T04:45:57.737", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-01-31T18:29:00.807", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"}, {"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.c"}, {"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201903-16"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20190213-0001/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/46193/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201903-16"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20190213-0001/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/46193/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-838"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "openssh: Acceptance and display of arbitrary stderr allows for spoofing of scp client output", "id": "1666124", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666124"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "status": "draft"}, "cwe": "CWE-451", "details": ["In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred."], "mitigation": {"lang": "en:us", "value": "This issue only affects the users of scp binary which is a part of openssh-clients package. Other usage of SSH protocol or other ssh clients is not affected. Administrators can uninstall openssh-clients for additional protection against accidental usage of this binary. Removing the openssh-clients package will make binaries like scp and ssh etc unavailable on that system.\nNote: To exploit this flaw, the victim needs to connect to a malicious SSH server or MITM (Man-in-the-middle) the scp connection, both of which can be detected by the system administrator via a change in the host key of the SSH server. Further, if connections via scp are made to only trusted SSH servers, then those use-cases are not vulnerable to this security flaw."}, "name": "CVE-2019-6110", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Out of support scope", "package_name": "openssh", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "openssh", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "openssh", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "openssh", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2018-11-16T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-6110\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-6110\nhttps://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt"], "statement": "This vulnerability is rated as a moderate because it allows a malicious server or a Man-in-the-Middle attacker to manipulate client output by injecting arbitrary\u00a0stderr\u00a0content, on exploitation this could mislead the user into thinking the operation was successful or reporting false information, it can facilitate social engineering attacks.\nThis issue affects the scp client shipped with openssh. The SSH protocol or the SSH client is not affected. For more detailed analysis please refer to: https://bugzilla.redhat.com/show_bug.cgi?id=1666124#c2", "threat_severity": "Moderate"}