Home

CVE-2019-6110

Description

In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.

Risk Information

Base Score
6.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
EPSS Score
Exploitation Probability
51.287

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2018-20685,CVE-2019-6109,CVE-2019-6110 are affected in WinSCP 5.13Windows
Vulnerabilities CVE-2018-20685,CVE-2019-6109,CVE-2019-6110 are affected in WinSCP (MSI) 5.13Windows
SUSE-SU-2019:0132-1(SUSE Linux Enterprise Desktop 12-SP4 ) openssh-7.2p2-74.35.1.x86_64.rpmLinux
SUSE-SU-2019:0132-1(SUSE Linux Enterprise Desktop 12-SP4 ) openssh-askpass-gnome-7.2p2-74.35.1.x86_64.rpmLinux
SUSE-SU-2019:0132-1(SUSE Linux Enterprise Desktop 12-SP4 ) openssh-askpass-gnome-debuginfo-7.2p2-74.35.1.x86_64.rpmLinux
SUSE-SU-2019:0132-1(SUSE Linux Enterprise Desktop 12-SP4 ) openssh-debuginfo-7.2p2-74.35.1.x86_64.rpmLinux
SUSE-SU-2019:0132-1(SUSE Linux Enterprise Desktop 12-SP4 ) openssh-debugsource-7.2p2-74.35.1.x86_64.rpmLinux
SUSE-SU-2019:0132-1(SUSE Linux Enterprise Desktop 12-SP4 ) openssh-helpers-7.2p2-74.35.1.x86_64.rpmLinux
SUSE-SU-2019:0132-1(SUSE Linux Enterprise Desktop 12-SP4 ) openssh-helpers-debuginfo-7.2p2-74.35.1.x86_64.rpmLinux
SUSE-SU-2019:13931-1(SUSE Linux Enterprise Server 11-SP4 ) openssh-6.6p1-36.12.1.i586.rpmLinux
SUSE-SU-2019:13931-1(SUSE Linux Enterprise Server 11-SP4 ) openssh-6.6p1-36.12.1.x86_64.rpmLinux
SUSE-SU-2019:13931-1(SUSE Linux Enterprise Server 11-SP4 ) openssh-askpass-gnome-6.6p1-36.12.1.i586.rpmLinux
SUSE-SU-2019:13931-1(SUSE Linux Enterprise Server 11-SP4 ) openssh-askpass-gnome-6.6p1-36.12.1.x86_64.rpmLinux
SUSE-SU-2019:13931-1(SUSE Linux Enterprise Server 11-SP4 ) openssh-fips-6.6p1-36.12.1.i586.rpmLinux
SUSE-SU-2019:13931-1(SUSE Linux Enterprise Server 11-SP4 ) openssh-fips-6.6p1-36.12.1.x86_64.rpmLinux
SUSE-SU-2019:13931-1(SUSE Linux Enterprise Server 11-SP4 ) openssh-helpers-6.6p1-36.12.1.i586.rpmLinux
SUSE-SU-2019:13931-1(SUSE Linux Enterprise Server 11-SP4 ) openssh-helpers-6.6p1-36.12.1.x86_64.rpmLinux
Inappropriate Encoding for Output Context Vulnerability (CVE-2019-6110)NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-326031WinSCP (5.21.2)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234