CVE-2018-20685 — MEDIUM (5.3)

Q: How severe is CVE-2018-20685?

CVE-2018-20685 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2018-20685?

Check the references section above for vendor advisories and patch information. Affected products include: Openbsd Openssh, Winscp Winscp, Netapp Cloud Backup, Netapp Element Software, Netapp Ontap Select Deploy.

Vulnerability Description

In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Openbsd	Openssh	<= 7.9
Winscp	Winscp	<= 5.13
Netapp	Cloud Backup	-
Netapp	Element Software	-
Netapp	Ontap Select Deploy	-
Netapp	Steelstore Cloud Integrated Storage	-
Netapp	Storage Automation Store	-
Debian	Debian Linux	8.0
Canonical	Ubuntu Linux	14.04
Redhat	Enterprise Linux	7.0
Redhat	Enterprise Linux Eus	8.1
Redhat	Enterprise Linux Server Aus	8.2
Redhat	Enterprise Linux Server Tus	8.2
Oracle	Solaris	10
Fujitsu	M10-1 Firmware	< xcp2361
Fujitsu	M10-1	-
Fujitsu	M10-4 Firmware	< xcp2361
Fujitsu	M10-4	-
Fujitsu	M10-4S Firmware	< xcp2361
Fujitsu	M10-4S	-

Related Weaknesses (CWE)

CWE-863

References

http://www.securityfocus.com/bid/106531Broken Link
https://access.redhat.com/errata/RHSA-2019:3702Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdfPatchThird Party Advisory
https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/scp.c.diff?r1=1.197&r2Patch
https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bfPatch
https://lists.debian.org/debian-lts-announce/2019/03/msg00030.htmlMailing ListThird Party Advisory
https://security.gentoo.org/glsa/201903-16Third Party Advisory
https://security.gentoo.org/glsa/202007-53Third Party Advisory
https://security.netapp.com/advisory/ntap-20190215-0001/Third Party Advisory
https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txtPatchThird Party Advisory
https://usn.ubuntu.com/3885-1/Third Party Advisory
https://www.debian.org/security/2019/dsa-4387Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlPatchThird Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlPatchThird Party Advisory
http://www.securityfocus.com/bid/106531Broken Link

FAQ

What is CVE-2018-20685?

CVE-2018-20685 is a vulnerability with a CVSS score of 5.3 (MEDIUM). In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the targ...

How severe is CVE-2018-20685?

CVE-2018-20685 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-20685?

Check the references section above for vendor advisories and patch information. Affected products include: Openbsd Openssh, Winscp Winscp, Netapp Cloud Backup, Netapp Element Software, Netapp Ontap Select Deploy.