7.8
CVE-2020-15778
- EPSS 61.48%
- Published 24.07.2020 14:15:12
- Last modified 28.07.2025 18:12:45
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows."
Data is provided by the National Vulnerability Database (NVD)
Netapp ≫ A700s Firmware Version-
Netapp ≫ Active Iq Unified Manager SwPlatformvmware_vsphere Version >= 9.5
Netapp ≫ Hci Management Node Version-
Netapp ≫ Steelstore Cloud Integrated Storage Version-
Netapp ≫ Hci Compute Node Version-
Netapp ≫ Hci Storage Node Version-
Broadcom ≫ Fabric Operating System Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 61.48% | 0.983 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.4 | 1.5 | 5.9 |
CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.