Home

CVE-2019-1000018

Description

rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command (Command Injection) vulnerability in allowscp permission that can result in Local command execution. This attack appear to be exploitable via An authorized SSH user with the allowscp permission.

Risk Information

Base Score
7.8
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.285

Associated Vulnerability

VulnerabilityOS Platform
Restricted shell allowing scp, sftp, cvs, svn, rsync or rdist (USN-3946-1) rssh_2.3.4-7ubuntu0.1_i386.debLinux
Restricted shell allowing scp, sftp, cvs, svn, rsync or rdist (USN-3946-1) rssh_2.3.4-7ubuntu0.1_amd64.debLinux
Restricted shell allowing scp, sftp, cvs, svn, rsync or rdist (USN-3946-1) rssh_2.3.4-8ubuntu0.2_i386.debLinux
Restricted shell allowing scp, sftp, cvs, svn, rsync or rdist (USN-3946-1) rssh_2.3.4-8ubuntu0.2_amd64.debLinux
Restricted shell allowing scp, sftp, cvs, svn, rsync or rdist (USN-3946-1) rssh_2.3.4-4+deb8u2ubuntu0.14.04.2_i386.debLinux
Restricted shell allowing scp, sftp, cvs, svn, rsync or rdist (USN-3946-1) rssh_2.3.4-4+deb8u2ubuntu0.14.04.2_amd64.debLinux
Restricted shell allowing scp, sftp, cvs, svn, rsync or rdist (USN-3946-1) rssh_2.3.4-4+deb8u2ubuntu0.16.04.2_i386.debLinux
Restricted shell allowing scp, sftp, cvs, svn, rsync or rdist (USN-3946-1) rssh_2.3.4-4+deb8u2ubuntu0.16.04.2_amd64.debLinux
rssh security update(DSA-4377-1) rssh_2.3.4-5+deb9u1_i386.debLinux
rssh security update(DSA-4377-1) rssh_2.3.4-5+deb9u1_amd64.debLinux
rssh security update(DSA-4377-3) rssh_2.3.4-5+deb9u4_i386.debLinux
rssh security update(DSA-4377-3) rssh_2.3.4-5+deb9u4_amd64.debLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234