Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.8
CVSSv3

CVE-2020-15778

Published: 24/07/2020 Updated: 11/04/2024
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 608
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Openssh

Vulnerability Summary

scp in OpenSSH up to and including 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows."

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

openbsd openssh 8.3

openbsd openssh

netapp a700s_firmware -

netapp steelstore cloud integrated storage -

netapp active iq unified manager

netapp solidfire -

netapp hci management node -

netapp hci storage node -

netapp hci compute node -

broadcom fabric operating system -

Vendor Advisories

Brocade Security Advisories: Access Denied
Menu Log in ...

ICS Advisories

https://ics-cert.us-cert.gov/advisories/fd87a3fc00e025fdc5034360097d2bdf
Critical Infrastructure Sectors: Critical Manufacturing

Github Repositories

https://github.com/Neko2sh1ro/CVE-2020-15778-Exploit

Exploit for CVE-2020-15778(OpenSSH vul)

CVE-2020-15778-Exploit Exploit for CVE-2020-15778(OpenSSH vul) Example: python CVE-2020-15778py -ip 19216811123 -lhost 19216811124 -lport 1234 You need to use netcat to listen port before use python script Example: nc -lvp 1234 1Screenshot of using script 2Screenshot of get shell 2021-7-21 Update Log: Use python-nmap to check host status Usage:python3 CVE-2020-15778-

https://github.com/Neko-chanQwQ/CVE-2020-15778-Exploit

Exploit for CVE-2020-15778(OpenSSH vul)

CVE-2020-15778-Exploit Exploit for CVE-2020-15778(OpenSSH vul) Example: python CVE-2020-15778py -ip 19216811123 -lhost 19216811124 -lport 1234 You need to use netcat to listen port before use python script Example: nc -lvp 1234 1Screenshot of using script 2Screenshot of get shell 2021-7-21 Update Log: Use python-nmap to check host status Usage:python3 CVE-2020-15778-

https://github.com/cpandya2909/CVE-2020-15778

Write up for CVE id CVE-2020-15778 Discoverd by : Chinmay Pandya Email address : cpandya2909@gmailcom Linkedin : wwwlinkedincom/in/chinmay-pandya Vulnerability title: scp in OpenSSH 83p1 allows eval injection Product: Openssh Affected Component: SCP Vulnerable version: <=openssh-83p1 Fixed version: - CVE number: CVE-2020-15778 Vulnerable line: githubco

https://github.com/yukiNeko114514/CVE-2020-15778-Exploit

Exploit for CVE-2020-15778(OpenSSH vul)

CVE-2020-15778-Exploit Exploit for CVE-2020-15778(OpenSSH vul) Example: python CVE-2020-15778py -ip 19216811123 -lhost 19216811124 -lport 1234 You need to use netcat to listen port before use python script Example: nc -lvp 1234 1Screenshot of using script 2Screenshot of get shell 2021-7-21 Update Log: Use python-nmap to check host status Usage:python3 CVE-2020-15778-

https://github.com/FontouraAbreu/seguranca-T5

title author date Trabalho 5 do curso de Segurança Computacional Guiusepe Oneda, Vinicius Fontoura, Arthur Vilar GRR20210572, GRR20206873, GRR20197153 Introdução Topologia da rede A topologia da rede é: Os detalhes de cada máquina serão descritos a seguir Container com OpenVas Para utilizar o OpenVas den

https://github.com/TarikVUT/secure-fedora38

Secure Fedora 38

Important Notice: This script is tailored for Fedora 38 It operates under root permissions If you lack extensive Linux expertise, refrain from altering its contents Take the time to thoroughly understand the script's functionality before deciding whether to execute it secure-fedora38 The semester project involves the development of an advanced iteration of the Fedora o

https://github.com/Evan-Zhangyf/CVE-2020-15778

CVE-2020-15778 Introduction This repo reproduces CVE-2020-15778 Steps Build the docker images for scp server and client cd client docker build -t client-cve cd server docker build -t server-cve Spin up the scp server in container docker run -d -P --name scp-server server-cve

https://github.com/jim091418/Information_Security_Course

Information_Security_Course Internet Packet Analyze Wireshark Tools Wireshark intro Filter search wireshark簡單練習-實作 Internet Packet Rule IP Header IP Header封包分析實作 TCP Header TCP Header封包分析實作 TCP Three-way-handshake TCP Three-way-handshake實作分析 DNS ttucis_dns實作分析 Package Analyze ttuedutw analyze stucis實作分析

https://github.com/Toufupi/CVE_Collection

收集一些易于复现,且使用价值(危害)较大的漏洞

##This is a collection of CVE ##Used for study only ###CVE-2021-3156 sudo提权漏洞 githubcom/blasty/CVE-2021-3156 ###CVE—2020-15778 openssh scp命令注入 ###CNVD-2021-30167 用友软件 beanshell开放

References

CWE-78https://github.com/cpandya2909/CVE-2020-15778/https://www.openssh.com/security.htmlhttps://security.netapp.com/advisory/ntap-20200731-0007/https://news.ycombinator.com/item?id=25005567https://security.gentoo.org/glsa/202212-06https://nvd.nist.govhttps://github.com/Neko2sh1ro/CVE-2020-15778-Exploithttps://www.cisa.gov/news-events/ics-advisories/icsa-23-348-10
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionCVE-2006-4304CVE-2023-26603CVE-2024-28327CVE-2023-50363CVE-2024-21905template injectionCVE-2024-3400cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook