Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2020-15778

Опубликовано: 24 июл. 2020
Источник: nvd
CVSS3: 7.4
CVSS3: 7.8
CVSS2: 6.8
EPSS Средний

Описание

scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows."

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*
Версия до 8.3 (исключая)
cpe:2.3:a:openbsd:openssh:8.3:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:8.3:p1:*:*:*:*:*:*
Конфигурация 2

Одновременно

cpe:2.3:o:netapp:a700s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:a700s:-:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*
Версия от 9.5 (включая)
cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*
cpe:2.3:o:broadcom:fabric_operating_system:-:*:*:*:*:*:*:*

EPSS

Процентиль: 99%
0.67968
Средний

7.4 High

CVSS3

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-78
CWE-78

Связанные уязвимости

ubuntu логотип

CVE-2020-15778

CVSS3: 7.4
ubuntu
около 5 лет назад

scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows."

redhat логотип

CVE-2020-15778

CVSS3: 4.1
redhat
около 5 лет назад

scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows."

msrc логотип

CVE-2020-15778

CVSS3: 7.8
msrc
почти 5 лет назад

Описание отсутствует

debian логотип

CVE-2020-15778

CVSS3: 7.4
debian
около 5 лет назад

scp in OpenSSH through 8.3p1 allows command injection in the scp.c tor ...

rocky логотип

RLSA-2024:3166

rocky
3 месяца назад

Moderate: openssh security update

EPSS

Процентиль: 99%
0.67968
Средний

7.4 High

CVSS3

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-78
CWE-78