CVE-2020-15778

EUVD-2020-7762
scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows."
OS Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.4 HIGH
ADJACENT_NETWORK
LOW
LOW
CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CISA-ADPADP
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 98%
Affected Products (NVD)
VendorProductVersion
openbsdopenssh
𝑥
< 8.3
openbsdopenssh
8.3
openbsdopenssh
8.3:p1
netappa700s_firmware
-
netappactive_iq_unified_manager
9.5 ≤
netapphci_management_node
-
netappsolidfire
-
netappsteelstore_cloud_integrated_storage
-
netapphci_compute_node
-
netapphci_storage_node
-
broadcomfabric_operating_system
-
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
openssh
bookworm
unimportant
bookworm (security)
unimportant
bullseye
unimportant
bullseye (security)
unimportant
sid
unimportant
trixie
unimportant
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
openssh
bionic
ignored
focal
ignored
trusty
ignored
xenial
ignored
openssh-ssh1
bionic
ignored
focal
ignored
trusty
dne
xenial
dne
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHSA-2024:3166
https://github.com/cpandya2909/CVE-2020-15778/
https://news.ycombinator.com/item?id=25005567
https://security.gentoo.org/glsa/202212-06
https://security.netapp.com/advisory/ntap-20200731-0007/
https://www.openssh.com/security.html
https://access.redhat.com/errata/RHSA-2024:3166
https://github.com/cpandya2909/CVE-2020-15778/
https://news.ycombinator.com/item?id=25005567
https://security.gentoo.org/glsa/202212-06
https://security.netapp.com/advisory/ntap-20200731-0007/
https://www.openssh.com/security.html