6.8
CVE-2019-6109
- EPSS 3.81%
- Veröffentlicht 31.01.2019 18:29:00
- Zuletzt bearbeitet 28.05.2026 19:16:34
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Canonical ≫ Ubuntu Linux Version14.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version18.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version18.10
Debian ≫ Debian Linux Version8.0
Debian ≫ Debian Linux Version9.0
Netapp ≫ Element Software Version-
Netapp ≫ Ontap Select Deploy Version-
Netapp ≫ Storage Automation Store Version-
Fedoraproject ≫ Fedora Version30
Redhat ≫ Enterprise Linux Version8.0
Redhat ≫ Enterprise Linux Eus Version8.1
Redhat ≫ Enterprise Linux Eus Version8.2
Redhat ≫ Enterprise Linux Eus Version8.4
Redhat ≫ Enterprise Linux Eus Version8.6
Redhat ≫ Enterprise Linux Server Aus Version8.2
Redhat ≫ Enterprise Linux Server Aus Version8.4
Redhat ≫ Enterprise Linux Server Aus Version8.6
Redhat ≫ Enterprise Linux Server Tus Version8.2
Redhat ≫ Enterprise Linux Server Tus Version8.4
Redhat ≫ Enterprise Linux Server Tus Version8.6
Siemens ≫ Scalance X204rna Firmware Version < 3.2.7
Siemens ≫ Scalance X204rna Eec Firmware Version < 3.2.7
Fujitsu ≫ M10-1 Firmware Version < xcp2361
Fujitsu ≫ M10-4 Firmware Version < xcp2361
Fujitsu ≫ M10-4s Firmware Version < xcp2361
Fujitsu ≫ M12-1 Firmware Version < xcp2361
Fujitsu ≫ M12-2 Firmware Version < xcp2361
Fujitsu ≫ M12-2s Firmware Version < xcp2361
Fujitsu ≫ M10-1 Firmware Version < xcp3070
Fujitsu ≫ M10-4 Firmware Version < xcp3070
Fujitsu ≫ M10-4s Firmware Version < xcp3070
Fujitsu ≫ M12-1 Firmware Version < xcp3070
Fujitsu ≫ M12-2 Firmware Version < xcp3070
Fujitsu ≫ M12-2s Firmware Version < xcp3070
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.81% | 0.886 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 1.6 | 5.2 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
|
| nvd@nist.gov | 4 | 4.9 | 4.9 |
AV:N/AC:H/Au:N/C:P/I:P/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.8 | 1.6 | 5.2 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
|
CWE-116 Improper Encoding or Escaping of Output
The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt
https://access.redhat.com/errata/RHSA-2019:3702
https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html
https://security.gentoo.org/glsa/201903-16
https://usn.ubuntu.com/3885-1/
https://www.debian.org/security/2019/dsa-4387
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.html
https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.c
https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G/
https://security.netapp.com/advisory/ntap-20190213-0001/