CVE-2020-15778

ADVISORY - nist

Summary

scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows."

EPSS Score⁠: 0.00591 (0.787)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-78⁠

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

ADVISORY - redhat

CWE-77⁠

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Impacted images

Advisories

NIST

CREATED

4 years ago

UPDATED

3 months ago

ADVISORY IDCVE-2020-15778⁠

EXPLOITABILITY SCORE

1.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-78⁠

CVSS SCORE

7.8high

Debian

CREATED

4 years ago

UPDATED

2 days ago

ADVISORY IDCVE-2020-15778⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Ubuntu

CREATED

4 years ago

UPDATED

7 months ago

ADVISORY IDCVE-2020-15778⁠

EXPLOITABILITY SCORE

1.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

7.8low

Alma

CREATED

5 months ago

UPDATED

5 months ago

ADVISORY IDALSA-2024:3166⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Red Hat

CREATED

4 years ago

UPDATED

1 year ago

ADVISORY IDCVE-2020-15778⁠

EXPLOITABILITY SCORE

1.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-77⁠

CVSS SCORE

7.8medium

Oracle

CREATED

5 months ago

UPDATED

5 months ago

ADVISORY IDELSA-2024-3166⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

intheWild

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY IDCVE-2020-15778⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY