CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
EPSS
Percentile
73.2%
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass
intended access restrictions via the filename of . or an empty filename.
The impact is modifying the permissions of the target directory on the
client side.
Author | Note |
---|---|
seth-arnold | openssh-ssh1 is provided for compatibility with old devices that cannot be upgraded to modern protocols. Thus we may not provide security support for this package if doing so would prevent access to equipment. |
mdeslaur | The recommended workaround for this issue is to switch to using sftp instead of scp. |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | openssh | < 1:7.6p1-4ubuntu0.2 | UNKNOWN |
ubuntu | 18.10 | noarch | openssh | < 1:7.7p1-4ubuntu0.2 | UNKNOWN |
ubuntu | 19.04 | noarch | openssh | < 1:7.9p1-5 | UNKNOWN |
ubuntu | 19.10 | noarch | openssh | < 1:7.9p1-5 | UNKNOWN |
ubuntu | 20.04 | noarch | openssh | < 1:7.9p1-5 | UNKNOWN |
ubuntu | 20.10 | noarch | openssh | < 1:7.9p1-5 | UNKNOWN |
ubuntu | 21.04 | noarch | openssh | < 1:7.9p1-5 | UNKNOWN |
ubuntu | 21.10 | noarch | openssh | < 1:7.9p1-5 | UNKNOWN |
ubuntu | 22.04 | noarch | openssh | < 1:7.9p1-5 | UNKNOWN |
ubuntu | 22.10 | noarch | openssh | < 1:7.9p1-5 | UNKNOWN |
launchpad.net/bugs/cve/CVE-2018-20685
lists.mindrot.org/pipermail/openssh-unix-dev/2019-January/037459.html
nvd.nist.gov/vuln/detail/CVE-2018-20685
security-tracker.debian.org/tracker/CVE-2018-20685
sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt
ubuntu.com/security/notices/USN-3885-1
www.cve.org/CVERecord?id=CVE-2018-20685
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
EPSS
Percentile
73.2%