CVE-2019-6110 — Vulnetix

Try Vulnetix Request Demo

CVE-2019-6110 PUBLISHED

In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.

EPSS 51.29% · 97.9th percentile

Risk Scores

EPSS Score

51.29%

97.9th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:Pro:18.04:LTS	openssh	0, 1:7.6p1-4ubuntu0.7+esm4, 1:7.6p1-4ubuntu0.7+esm3
Ubuntu:18.04:LTS	openssh-ssh1	1:7.5p1-10, 1:7.5p1-9, 1:7.5p1-8
Ubuntu:20.04:LTS	openssh	1:8.2p1-4ubuntu0.4, 1:8.2p1-4ubuntu0.2, 1:8.2p1-4ubuntu0.1
Ubuntu:Pro:16.04:LTS	openssh	1:7.2p2-4ubuntu2.7, 0, 1:6.9p1-2
Ubuntu:20.04:LTS	openssh-ssh1	0, 1:7.5p1-11build1
Ubuntu:Pro:14.04:LTS	openssh	1:6.6p1-2ubuntu2.13+esm1, 1:6.6p1-2ubuntu2.13, 1:6.6p1-2ubuntu2.12

Timeline

Jan 15, 2019 CVE Published
Jan 20, 2019 PoC Published
Mar 8, 2019 PoC Published
Oct 2, 2020 PoC Published
Nov 6, 2020 PoC Published
Apr 14, 2021 EPSS Score
Sep 6, 2021 PoC Published
Dec 14, 2022 EPSS Score
Oct 9, 2024 PoC Published
Dec 12, 2024 PoC Published
Mar 17, 2025 EPSS Score
Mar 28, 2025 PoC Published

References

https://ubuntu.com/security/CVE-2019-6110 third-party-advisory
https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt third-party-advisory
https://lists.mindrot.org/pipermail/openssh-unix-dev/2019-January/037459.html third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2019-6110 third-party-advisory
Multiples vulnérabilités dans les produits Siemens advisory

Open in Interactive Console →