9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
Summary
Symantec SWG products using affected versions of OpenSSH are susceptible to multiple vulnerabilities. A malicious SCP server or SCP man-in-the-middle (MITM) attacker can modify state on the SCP client host. A local attacker can cause denial of service through OpenSSH application crashes.
Affected Product(s)
CVE |Supported Version(s)|Remediation
CVE-2018-20685, CVE-2019-6109
CVE-2019-6110, CVE-2019-6111
| 6.1 | Upgrade to a version of MC with the fixes.
CVE |Supported Version(s)|Remediation
CVE-2018-20685, CVE-2019-6109, CVE-2019-6111 | 2.3, 2.4, 3.0 | Upgrade to a later release with fixes.
3.1 and later | Not vulnerable, fixed in 3.1.1.1
CVE-2019-6110 | 2.3 and later | A fix will not be provided because no suitable fix is available for the upstream OpenSSH library.
CVE |Supported Version(s)|Remediation
CVE-2019-6110 | 7.2 and later | A fix will not be provided because no suitable fix is available for the upstream OpenSSH library.
CVE-2018-20685, CVE-2019-6109
CVE-2019-6111 | 7.2, 7.3, 8.0 | Upgrade to a later release with fixes.
8.1 | Upgrade to 8.1.3
8.2 and later | Not vulnerable, fixed in 8.2.1.
CVE |Supported Version(s)|Remediation
CVE-2018-20685, CVE-2019-6109, CVE-2019-6110, CVE-2019-6111 | 10.7 | Not available at this time
CVE |Supported Version(s)|Remediation
CVE-2018-20685, CVE-2019-6109
CVE-2019-6110, CVE-2019-6111 | 10.0, 11.0 | A fix will not be provided.
Additional Product Information
The following products are not vulnerable:
Advanced Secure Gateway (ASG) AuthConnector BCAAA Content Analysis (CA) General Auth Connector Login Application HSM Agent for the Luna SP **Mail Threat Defense (MTD)
PacketShaper (PS) S-Series
PolicyCenter (PC) S-Series ProxySG Reporter Security Analytics (SA) SSL Visibility (SSLV) Unified Agent Web Isolation (WI) WSS Agent WSS Mobile Agent **
**CacheFlow **Information will not be provided. Please switch to a version of ProxySG MACH5 Edition with the vulnerability fixes.
Issue Details
Severity / CVSS v3.0: | Medium / 5.3 (AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N) References:| NVD: CVE-2018-20685 Impact:| Unauthorized modification Description: | A flaw in the SCP client allows a remote malicious SCP server or MITM attacker to send a crafted response and modify permissions of the target client directory.
Severity / CVSS v3.0: | Medium / 6.8 (AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N) References:| NVD: CVE-2019-6109 Impact:| Unauthorized modification Description: | A flaw in the SCP client allows a remote malicious SCP server or MITM attacker to send crafted objects and modify the SCP client output, such as hide additional files being transferred.
Severity / CVSS v3.0: | Medium / 6.8 (AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N) References:| NVD: CVE-2019-6110 Impact:| Unauthorized modification Description: | A flaw in the SCP client allows a remote malicious SCP server or MITM attacker to send crafted error message and modify the SCP client output, such as hide additional files being transferred.
Severity / CVSS v3.0: | Medium / 5.9 (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N) References:| NVD: CVE-2019-6111 Impact:| Unauthorized modification Description: | An insufficient validation flaw in the SCP client allows a remote malicious SCP server or MITM attacker to send files with crafted names and overwrite arbitrary files in the target client directory or in subdirectories.
Severity / CVSS v3.0: | High / 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) References:| NVD: CVE-2019-15609 Impact:| Denial of service Description: | A flaw in local XMLSS private key processing allows a local attacker to configure OpenSSH with a crafted XMSS private key and cause denial of service through an OpenSSH application crash.
Mitigation & Additional Information
By default, X-Series XOS does not use OpenSSH as an SCP client. Customers who leave this behavior unchanged prevent attacks against XOS.
Revisions
2021-07-15 A fix for Security Analytics 7.2 will not be provided. Please upgrade to a later version with the vulnerability fixes. Information for CF will not be provided. SMG 10.7 is vulnerable.
2021-06-01 A fix for MC 3.0 will not be provided. Please upgrade to a later version with the vulnerability fixes.
2021-04-30 A fix for CVE-2019-6110 in Management Center (MC) will not be provided.
2021-04-26 PacketShaper (PS) S-Series and PolicyCenter (PC) S-Series are not vulnerable.
2021-02-18 A fix for MC 2.4 will not be provided. Please upgrade to a later version with the vulnerability fixes.
2020-12-09 A fix for CVE-2018-20685, CVE-2019-6109, and CVE-2019-6111 in SA 8.1 is available in 8.1.3. A fix for CVE-2019-6110 in SA will not be provided. SA 8.2 is not vulnerable because a fix is available in 8.2.1.
2020-11-30 MC 3.1 is not vulnerable because a fix is available in 3.1.1.1.
2020-11-19 A fix for SA 7.3 and 8.0 will not be provided. Please upgrade to a later version with the vulnerability fixes. A fix for XOS 9.7, 10.0, and 11.0 will not be provided. A fix for Director 6.1 will not be provided. Please upgrade to a version of MC with the vulnerability fixes.
2020-08-19 A fix for MC 2.3 will not be provided. Please upgrade to a later version with the vulnerability fixes.
2020-04-21 initial public release
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C