Sign In

CVE-2020-15778

ADVISORY - nist

Summary

scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows."

EPSS Score: 0.67968 (0.985)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

ADVISORY - redhat

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Impacted images

Advisories

NIST

CREATED

UPDATED

ADVISORY IDCVE-2020-15778
EXPLOITABILITY SCORE

1.5

EXPLOITS FOUND
COMMON WEAKNESS ENUMERATION (CWE)
CWE-78

CVSS SCORE

7.4high

Debian

CREATED

UPDATED

ADVISORY IDCVE-2020-15778
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Ubuntu

CREATED

UPDATED

ADVISORY IDCVE-2020-15778
EXPLOITABILITY SCORE

1.5

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

7.4low

Alma

CREATED

UPDATED

ADVISORY IDALSA-2024:3166
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Red Hat

CREATED

UPDATED

ADVISORY IDCVE-2020-15778
EXPLOITABILITY SCORE

1.8

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-77

CVSS SCORE

7.8medium

Rocky

CREATED

UPDATED

ADVISORY IDRLSA-2024:3166
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Oracle

CREATED

UPDATED

ADVISORY IDELSA-2024-3166
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

intheWild

CREATED

UPDATED

ADVISORY IDCVE-2020-15778
EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY