Lucene search

CVE-2019-6111

🗓️ 31 Jan 2019 18:00:29Reported by mitreType

cve🔗 web.nvd.nist.gov📰️ 3 Media mentions👁 13215 Views🌐 WEB

CVE-2019-6111: OpenSSH 7.9 allows arbitrary file overwrite via scp client

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 178
RedhatCVE	CVE-2019-6111	15 Jan 201900:50	–	redhatcve
RedhatCVE	CVE-2023-35812	23 May 202503:59	–	redhatcve
RedhatCVE	CVE-2019-25017	10 Feb 202117:35	–	redhatcve
Debian CVE	CVE-2019-6111	31 Jan 201918:29	–	debiancve
Debian CVE	CVE-2019-7283	31 Jan 201918:29	–	debiancve
Tenable Nessus	F5 Networks BIG-IP : OpenSSH vulnerability (K21350967)	8 Nov 202200:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2019-6111	4 Mar 202500:00	–	nessus
Tenable Nessus	Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : OpenSSH vulnerability (USN-3885-2)	5 Mar 201900:00	–	nessus
Tenable Nessus	Siemens SCALANCE X-200RNA Switch Devices Path Traversal (CVE-2019-6111)	24 Mar 202300:00	–	nessus
Tenable Nessus	Amazon Linux 2 : openssh (ALAS-2023-2202)	14 Aug 202300:00	–	nessus

Nvd

Node

openbsd opensshRange≤7.9

winscp winscpRange≤5.1.3

Node

canonical ubuntu_linuxMatch14.04lts

canonical ubuntu_linuxMatch16.04lts

canonical ubuntu_linuxMatch18.04lts

canonical ubuntu_linuxMatch18.10

Node

debian debian_linuxMatch8.0

debian debian_linuxMatch9.0

Node

redhat enterprise_linuxMatch7.0

redhat enterprise_linuxMatch8.0

redhat enterprise_linux_eusMatch8.1

redhat enterprise_linux_eusMatch8.2

redhat enterprise_linux_eusMatch8.4

redhat enterprise_linux_eusMatch8.6

redhat enterprise_linux_server_ausMatch8.2

redhat enterprise_linux_server_ausMatch8.4

redhat enterprise_linux_server_ausMatch8.6

redhat enterprise_linux_server_tusMatch8.2

redhat enterprise_linux_server_tusMatch8.4

redhat enterprise_linux_server_tusMatch8.6

Node

fedoraproject fedoraMatch30

Node

apache mina_sshdMatch2.2.0

Node

freebsd freebsdRange<12.0

freebsd freebsdMatch12.0-

freebsd freebsdMatch12.0p1

freebsd freebsdMatch12.0p2

freebsd freebsdMatch12.0p3

Node

fujitsu m10-1_firmwareRange<xcp2361

AND

fujitsu m10-1Match-

Node

fujitsu m10-4_firmwareRange<xcp2361

AND

fujitsu m10-4Match-

Node

fujitsu m10-4s_firmwareRange<xcp2361

AND

fujitsu m10-4sMatch-

Node

fujitsu m12-1_firmwareRange<xcp2361

AND

fujitsu m12-1Match-

Node

fujitsu m12-2_firmwareRange<xcp2361

AND

fujitsu m12-2Match-

Node

fujitsu m12-2s_firmwareRange<xcp2361

AND

fujitsu m12-2sMatch-

Node

fujitsu m10-1_firmwareRange<xcp3070

AND

fujitsu m10-1Match-

Node

fujitsu m10-4_firmwareRange<xcp3070

AND

fujitsu m10-4Match-

Node

fujitsu m10-4s_firmwareRange<xcp3070

AND

fujitsu m10-4sMatch-

Node

fujitsu m12-1_firmwareRange<xcp3070

AND

fujitsu m12-1Match-

Node

fujitsu m12-2_firmwareRange<xcp3070

AND

fujitsu m12-2Match-

Node

fujitsu m12-2s_firmwareRange<xcp3070

AND

fujitsu m12-2sMatch-

Node

siemens scalance_x204rna_firmwareRange<3.2.7

AND

siemens scalance_x204rnaMatch-

Node

siemens scalance_x204rna_eec_firmwareRange<3.2.7

AND

siemens scalance_x204rna_eecMatch-

Source	Link
openwall	www.openwall.com/lists/oss-security/2022/08/02/1
cvsweb	www.cvsweb.openbsd.org/src/usr.bin/ssh/scp.c
lists	www.lists.apache.org/thread.html/e47597433b351d6e01a5d68d610b4ba195743def9730e49561e8cf3f%40%3Cdev.mina.apache.org%3E
lists	www.lists.apache.org/thread.html/d540139359de999b0f1c87d05b715be4d7d4bec771e1ae55153c5c7a%40%3Cdev.mina.apache.org%3E
usn	www.usn.ubuntu.com/3885-1/
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
lists	www.lists.debian.org/debian-lts-announce/2019/03/msg00030.html
sintonen	www.sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt
openwall	www.openwall.com/lists/oss-security/2019/04/18/1
usn	www.usn.ubuntu.com/3885-2/

Parameter	Position	Path	Description	CWE
foo@localhost:test.txt	path	/scp	The SCP client allows a malicious server to exploit CVE-2019-6111 by sending a different file (exploit.txt) than requested.	CWE-22

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

31 Jan 2019 18:29Current

6.3Medium risk

Vulners AI Score6.3

CVSS25.8

CVSS35.9

EPSS0.56692