Sign In

CVE-2019-6110

ADVISORY - nist

Summary

In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.

EPSS Score: 0.55933 (0.980)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-838

Inappropriate Encoding for Output Context

ADVISORY - redhat

CWE-451

User Interface (UI) Misrepresentation of Critical Information

Impacted images

Advisories

NIST

CREATED

UPDATED

ADVISORY IDCVE-2019-6110
EXPLOITABILITY SCORE

1.6

EXPLOITS FOUND
COMMON WEAKNESS ENUMERATION (CWE)
CWE-838

CVSS SCORE

6.8medium

Debian

CREATED

UPDATED

ADVISORY IDCVE-2019-6110
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Ubuntu

CREATED

UPDATED

ADVISORY IDCVE-2019-6110
EXPLOITABILITY SCORE

1.6

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

6.8low

Red Hat

CREATED

UPDATED

ADVISORY IDCVE-2019-6110
EXPLOITABILITY SCORE

1.6

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-451

CVSS SCORE

3.1low

intheWild

CREATED

UPDATED

ADVISORY IDCVE-2019-6110
EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY