Attacker Value
Unknown
CVE-2018-20685
CVE-2018-20685
(Last updated October 06, 2023) ▾
MITRE ATT&CK
Log in to add MITRE ATT&CK tag
Add MITRE ATT&CK tactics and techniques that apply to this CVE.
Description
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.
Add Assessment
No one has assessed this topic. Be the first to add your voice to the community.
CVSS V3 Severity and Metrics
Data provided by the National Vulnerability Database (NVD)
Base Score:
5.3 Medium
Impact Score:
3.6
Exploitability Score:
1.6
Attack Vector (AV):
Network
Attack Complexity (AC):
High
Privileges Required (PR):
None
User Interaction (UI):
Required
Scope (S):
Unchanged
Confidentiality (C):
None
Integrity (I):
High
Availability (A):
None
General Information
Vendors
- canonical,
- debian,
- fujitsu,
- netapp,
- openbsd,
- oracle,
- redhat,
- siemens,
- winscp
Products
- cloud backup -,
- debian linux 8.0,
- debian linux 9.0,
- element software -,
- enterprise linux 7.0,
- enterprise linux 8.0,
- enterprise linux eus 8.1,
- enterprise linux eus 8.2,
- enterprise linux eus 8.4,
- enterprise linux eus 8.6,
- enterprise linux server aus 8.2,
- enterprise linux server aus 8.4,
- enterprise linux server aus 8.6,
- enterprise linux server tus 8.2,
- enterprise linux server tus 8.4,
- enterprise linux server tus 8.6,
- m10-1 firmware,
- m10-4 firmware,
- m10-4s firmware,
- m12-1 firmware,
- m12-2 firmware,
- m12-2s firmware,
- ontap select deploy -,
- openssh,
- scalance x204rna eec firmware,
- scalance x204rna firmware,
- solaris 10,
- steelstore cloud integrated storage -,
- storage automation store -,
- ubuntu linux 14.04,
- ubuntu linux 16.04,
- ubuntu linux 18.04,
- ubuntu linux 18.10,
- winscp
References
Advisory
Miscellaneous
