Attacker Value
Unknown
CVE-2019-6109
CVE-2019-6109
(Last updated November 08, 2023) ▾
MITRE ATT&CK
Log in to add MITRE ATT&CK tag
Add MITRE ATT&CK tactics and techniques that apply to this CVE.
Description
An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c.
Add Assessment
No one has assessed this topic. Be the first to add your voice to the community.
CVSS V3 Severity and Metrics
Data provided by the National Vulnerability Database (NVD)
Base Score:
6.8 Medium
Impact Score:
5.2
Exploitability Score:
1.6
Attack Vector (AV):
Network
Attack Complexity (AC):
High
Privileges Required (PR):
None
User Interaction (UI):
Required
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
None
General Information
Vendors
- canonical,
- debian,
- fedoraproject,
- fujitsu,
- netapp,
- openbsd,
- redhat,
- siemens,
- winscp
Products
- debian linux 8.0,
- debian linux 9.0,
- element software -,
- enterprise linux 8.0,
- enterprise linux eus 8.1,
- enterprise linux eus 8.2,
- enterprise linux eus 8.4,
- enterprise linux eus 8.6,
- enterprise linux server aus 8.2,
- enterprise linux server aus 8.4,
- enterprise linux server aus 8.6,
- enterprise linux server tus 8.2,
- enterprise linux server tus 8.4,
- enterprise linux server tus 8.6,
- fedora 30,
- m10-1 firmware,
- m10-4 firmware,
- m10-4s firmware,
- m12-1 firmware,
- m12-2 firmware,
- m12-2s firmware,
- ontap select deploy -,
- openssh,
- scalance x204rna eec firmware,
- scalance x204rna firmware,
- storage automation store -,
- ubuntu linux 14.04,
- ubuntu linux 16.04,
- ubuntu linux 18.04,
- ubuntu linux 18.10,
- winscp
References
Advisory
