Lucene search

[email protected]NVD:CVE-2020-15778

HistoryJul 24, 2020 - 2:15 p.m.

CVE-2020-15778

2020-07-2414:15:12

CWE-78

[email protected]

web.nvd.nist.gov

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.9

Confidence

High

EPSS

0.006

Percentile

78.5%

JSON

scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of “anomalous argument transfers” because that could “stand a great chance of breaking existing workflows.”

Affected configurations

Nvd

Node

openbsdopensshRange<8.3

openbsdopensshMatch8.3-

openbsdopensshMatch8.3p1

Node

netappa700s_firmwareMatch-

AND

netappa700sMatch-

Node

netappactive_iq_unified_managerRange9.5≥vmware_vsphere

netapphci_management_nodeMatch-

netappsolidfireMatch-

netappsteelstore_cloud_integrated_storageMatch-

netapphci_compute_nodeMatch-

netapphci_storage_nodeMatch-

broadcomfabric_operating_systemMatch-

VendorProductVersionCPE
openbsdopenssh*cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*
openbsdopenssh8.3cpe:2.3:a:openbsd:openssh:8.3:-:*:*:*:*:*:*
openbsdopenssh8.3cpe:2.3:a:openbsd:openssh:8.3:p1:*:*:*:*:*:*
netappa700s_firmware-cpe:2.3:o:netapp:a700s_firmware:-:*:*:*:*:*:*:*
netappa700s-cpe:2.3:h:netapp:a700s:-:*:*:*:*:*:*:*
netappactive_iq_unified_manager*cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*
netapphci_management_node-cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
netappsolidfire-cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
netappsteelstore_cloud_integrated_storage-cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
netapphci_compute_node-cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
openbsd	openssh	*	cpe:2.3:a:openbsd:openssh::::::::
openbsd	openssh	8.3	cpe:2.3:a:openbsd:openssh:8.3:-::::::
openbsd	openssh	8.3	cpe:2.3:a:openbsd:openssh:8.3:p1::::::
netapp	a700s_firmware	-	cpe:2.3:o:netapp:a700s_firmware:-:::::::*
netapp	a700s	-	cpe:2.3:h:netapp:a700s:-:::::::*
netapp	active_iq_unified_manager	*	cpe:2.3:a:netapp:active_iq_unified_manager::::::vmware_vsphere::*
netapp	hci_management_node	-	cpe:2.3:a:netapp:hci_management_node:-:::::::*
netapp	solidfire	-	cpe:2.3:a:netapp:solidfire:-:::::::*
netapp	steelstore_cloud_integrated_storage	-	cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:::::::*
netapp	hci_compute_node	-	cpe:2.3:h:netapp:hci_compute_node:-:::::::*