Vulnerability in Fujitsu M10-1
CVE-2019-6109
An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI cont…
EPSS: 0.097 (93.1th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 6.8 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N.
Affected products
Weakness classification (CWE)
Public proof-of-concept exploits
References
- cve@mitre.org (vendor-advisory, Third Party Advisory)
- cve@mitre.org (Third Party Advisory)
- cve@mitre.org (Release Notes, Vendor Advisory)
- cve@mitre.org (vendor-advisory, Third Party Advisory)
- cve@mitre.org (Release Notes, Vendor Advisory)
- cve@mitre.org (Third Party Advisory)
- cve@mitre.org (vendor-advisory, Third Party Advisory)
- cve@mitre.org (mailing-list, Mailing List, Third Party Advisory)
- cve@mitre.org (vendor-advisory)
- cve@mitre.org (vendor-advisory, Broken Link)
Frequently asked questions
- What is CVE-2019-6109?
- CVE-2019-6109 is a medium-severity vulnerability in Fujitsu M10-1, classified under Improper Encoding or Escaping of Output. CVSS score: 6.8/10. Published 2019-01-31.
- How severe is CVE-2019-6109?
- Medium severity. CVSS v3 base score is 6.8 out of 10.
- Is CVE-2019-6109 known to be exploited?
- 21 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.