CVE-2019-6110

In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*
cpe:2.3:a:winscp:winscp:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:ontap_select_deploy:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:siemens:scalance_x204rna_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_x204rna:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:siemens:scalance_x204rna_eec_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_x204rna_eec:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-01-31 18:29

Updated : 2024-02-28 16:48


NVD link : CVE-2019-6110

Mitre link : CVE-2019-6110

CVE.ORG link : CVE-2019-6110


JSON object : View

Products Affected

openbsd

  • openssh

winscp

  • winscp

siemens

  • scalance_x204rna_firmware
  • scalance_x204rna_eec
  • scalance_x204rna
  • scalance_x204rna_eec_firmware

netapp

  • element_software
  • storage_automation_store
  • ontap_select_deploy
CWE
CWE-838

Inappropriate Encoding for Output Context