CVE-2019-6109
Description
An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c.
Risk Information
Base Score
6.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
EPSS Score
Exploitation Probability
9.738
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2018-20685,CVE-2019-6109,CVE-2019-6110 are affected in WinSCP 5.13 | Windows |
| Vulnerabilities CVE-2018-20685,CVE-2019-6109,CVE-2019-6110 are affected in WinSCP (MSI) 5.13 | Windows |
| secure shell (SSH) for secure access to remote machines (USN-3885-1) openssh-client_7.2p2-4ubuntu2.7_amd64.deb | Linux |
| secure shell (SSH) for secure access to remote machines (USN-3885-1) openssh-client_7.7p1-4ubuntu0.2_amd64.deb | Linux |
| SUSE-SU-2019:0132-1(SUSE Linux Enterprise Desktop 12-SP4 ) openssh-7.2p2-74.35.1.x86_64.rpm | Linux |
| SUSE-SU-2019:0132-1(SUSE Linux Enterprise Desktop 12-SP4 ) openssh-askpass-gnome-7.2p2-74.35.1.x86_64.rpm | Linux |
| SUSE-SU-2019:0132-1(SUSE Linux Enterprise Desktop 12-SP4 ) openssh-askpass-gnome-debuginfo-7.2p2-74.35.1.x86_64.rpm | Linux |
| SUSE-SU-2019:0132-1(SUSE Linux Enterprise Desktop 12-SP4 ) openssh-debuginfo-7.2p2-74.35.1.x86_64.rpm | Linux |
| SUSE-SU-2019:0132-1(SUSE Linux Enterprise Desktop 12-SP4 ) openssh-debugsource-7.2p2-74.35.1.x86_64.rpm | Linux |
| SUSE-SU-2019:0132-1(SUSE Linux Enterprise Desktop 12-SP4 ) openssh-helpers-7.2p2-74.35.1.x86_64.rpm | Linux |
| SUSE-SU-2019:0132-1(SUSE Linux Enterprise Desktop 12-SP4 ) openssh-helpers-debuginfo-7.2p2-74.35.1.x86_64.rpm | Linux |
| SUSE-SU-2019:13931-1(SUSE Linux Enterprise Server 11-SP4 ) openssh-6.6p1-36.12.1.i586.rpm | Linux |
| SUSE-SU-2019:13931-1(SUSE Linux Enterprise Server 11-SP4 ) openssh-6.6p1-36.12.1.x86_64.rpm | Linux |
| SUSE-SU-2019:13931-1(SUSE Linux Enterprise Server 11-SP4 ) openssh-askpass-gnome-6.6p1-36.12.1.i586.rpm | Linux |
| SUSE-SU-2019:13931-1(SUSE Linux Enterprise Server 11-SP4 ) openssh-askpass-gnome-6.6p1-36.12.1.x86_64.rpm | Linux |
| SUSE-SU-2019:13931-1(SUSE Linux Enterprise Server 11-SP4 ) openssh-fips-6.6p1-36.12.1.i586.rpm | Linux |
| SUSE-SU-2019:13931-1(SUSE Linux Enterprise Server 11-SP4 ) openssh-fips-6.6p1-36.12.1.x86_64.rpm | Linux |
| SUSE-SU-2019:13931-1(SUSE Linux Enterprise Server 11-SP4 ) openssh-helpers-6.6p1-36.12.1.i586.rpm | Linux |
| SUSE-SU-2019:13931-1(SUSE Linux Enterprise Server 11-SP4 ) openssh-helpers-6.6p1-36.12.1.x86_64.rpm | Linux |
| SUSE-SU-2019:1524-1(SUSE Linux Enterprise Desktop 12-SP3 ) openssh-7.2p2-74.42.8.x86_64.rpm | Linux |
| SUSE-SU-2019:1524-1(SUSE Linux Enterprise Desktop 12-SP4 ) openssh-askpass-gnome-7.2p2-74.42.10.x86_64.rpm | Linux |
| SUSE-SU-2019:1524-1(SUSE Linux Enterprise Desktop 12-SP3 ) openssh-askpass-gnome-debuginfo-7.2p2-74.42.10.x86_64.rpm | Linux |
| SUSE-SU-2019:1524-1(SUSE Linux Enterprise Desktop 12-SP3 ) openssh-debuginfo-7.2p2-74.42.8.x86_64.rpm | Linux |
| SUSE-SU-2019:1524-1(SUSE Linux Enterprise Desktop 12-SP3 ) openssh-debugsource-7.2p2-74.42.8.x86_64.rpm | Linux |
| SUSE-SU-2019:1524-1(SUSE Linux Enterprise Desktop 12-SP3 ) openssh-helpers-7.2p2-74.42.8.x86_64.rpm | Linux |
| SUSE-SU-2019:1524-1(SUSE Linux Enterprise Desktop 12-SP3 ) openssh-helpers-debuginfo-7.2p2-74.42.8.x86_64.rpm | Linux |
| (RHSA-2019:3702) openssh security, bug fix, and enhancement update openssh-8.0p1-3.el8.x86_64.rpm | Linux |
| (RHSA-2019:3702) openssh security, bug fix, and enhancement update openssh-askpass-8.0p1-3.el8.x86_64.rpm | Linux |
| (RHSA-2019:3702) openssh security, bug fix, and enhancement update openssh-cavs-8.0p1-3.el8.x86_64.rpm | Linux |
| (RHSA-2019:3702) openssh security, bug fix, and enhancement update openssh-clients-8.0p1-3.el8.x86_64.rpm | Linux |
| (RHSA-2019:3702) openssh security, bug fix, and enhancement update openssh-debugsource-8.0p1-3.el8.x86_64.rpm | Linux |
| (RHSA-2019:3702) openssh security, bug fix, and enhancement update openssh-keycat-8.0p1-3.el8.x86_64.rpm | Linux |
| (RHSA-2019:3702) openssh security, bug fix, and enhancement update openssh-ldap-8.0p1-3.el8.x86_64.rpm | Linux |
| (RHSA-2019:3702) openssh security, bug fix, and enhancement update openssh-server-8.0p1-3.el8.x86_64.rpm | Linux |
| (RHSA-2019:3702) openssh security, bug fix, and enhancement update pam_ssh_agent_auth-0.10.3-7.3.el8.x86_64.rpm | Linux |
| (CESA-2019:3702) openssh security, bug fix, and enhancement update openssh-askpass-8.0p1-3.el8.x86_64.rpm | Linux |
| Improper Encoding or Escaping of Output Vulnerability (CVE-2019-6109) | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-326031 | WinSCP (5.21.2) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234