CVE-2019-14889

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.8. When the libssh SCP client connects to a server, the scp command, which includes a user-provided path, is executed on the server-side. In case the library is used in a way where users can influence the third parameter of the function, it would become possible for an attacker to inject arbitrary commands, leading to a compromise of the remote target.

References

http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00033.html

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00047.html

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14889

https://lists.debian.org/debian-lts-announce/2019/12/msg00020.html

https://lists.fedoraproject.org/archives/list/[email protected]/message/7JJWJTXVWLLJTVHBPGWL7472S5FWXYQR/

https://lists.fedoraproject.org/archives/list/[email protected]/message/EV2ONSPDJCTDVORCB4UGRQUZQQ46JHRN/

https://security.gentoo.org/glsa/202003-27

https://usn.ubuntu.com/4219-1/

https://www.libssh.org/security/advisories/CVE-2019-14889.txt

https://www.oracle.com/security-alerts/cpuapr2020.html

Details

Source: MITRE

Published: 2019-12-10

Updated: 2020-12-04

Type: CWE-78

Risk Information

CVSS v2

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH

CVSS v3

Base Score: 8

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 2.1

Severity: HIGH

Tenable Plugins

View all (22 total)

IDNameProductFamilySeverity
147245NewStart CGSL MAIN 6.02 : libssh Multiple Vulnerabilities (NS-SA-2021-0069)NessusNewStart CGSL Local Security Checks
high
145943CentOS 8 : libssh (CESA-2020:4545)NessusCentOS Local Security Checks
high
142768Oracle Linux 8 : libssh (ELSA-2020-4545)NessusOracle Linux Local Security Checks
high
142391RHEL 8 : libssh (RHSA-2020:4545)NessusRed Hat Local Security Checks
high
135534EulerOS 2.0 SP3 : libssh2 (EulerOS-SA-2020-1405)NessusHuawei Local Security Checks
high
135119EulerOS Virtualization for ARM 64 3.0.6.0 : libssh (EulerOS-SA-2020-1332)NessusHuawei Local Security Checks
high
134604GLSA-202003-27 : libssh: Arbitrary command executionNessusGentoo Local Security Checks
high
133998EulerOS 2.0 SP8 : libssh (EulerOS-SA-2020-1164)NessusHuawei Local Security Checks
high
133432FreeBSD : libssh -- Unsanitized location in scp could lead to unwanted command execution (1e7fa41b-f6ca-4fe8-bd46-0e176b42b14f)NessusFreeBSD Local Security Checks
high
133251openSUSE Security Update : libssh (openSUSE-2020-102)NessusSuSE Local Security Checks
high
133139SUSE SLED12 / SLES12 Security Update : libssh (SUSE-SU-2020:0139-1)NessusSuSE Local Security Checks
high
133137SUSE SLES12 Security Update : libssh (SUSE-SU-2020:0131-1)NessusSuSE Local Security Checks
high
133136SUSE SLED15 / SLES15 Security Update : libssh (SUSE-SU-2020:0130-1)NessusSuSE Local Security Checks
high
133135SUSE SLED15 / SLES15 Security Update : libssh (SUSE-SU-2020:0129-1)NessusSuSE Local Security Checks
high
132645Fedora 30 : libssh (2019-46b6bd2459)NessusFedora Local Security Checks
high
132116Fedora 31 : libssh (2019-8b0ad69829)NessusFedora Local Security Checks
high
132090SUSE SLED12 / SLES12 Security Update : libssh (SUSE-SU-2019:3308-1)NessusSuSE Local Security Checks
high
132089SUSE SLES12 Security Update : libssh (SUSE-SU-2019:3307-1)NessusSuSE Local Security Checks
high
132086openSUSE Security Update : libssh (openSUSE-2019-2689)NessusSuSE Local Security Checks
high
132070SUSE SLED15 / SLES15 Security Update : libssh (SUSE-SU-2019:3293-1)NessusSuSE Local Security Checks
high
132014Ubuntu 16.04 LTS / 18.04 LTS / 19.04 / 19.10 : libssh vulnerability (USN-4219-1)NessusUbuntu Local Security Checks
high
132010SUSE SLED15 / SLES15 Security Update : libssh (SUSE-SU-2019:3267-1)NessusSuSE Local Security Checks
high