What is CVE-2019-6110?

CVE-2019-6110 is a vulnerability in N/a. Published 2019-01-31.

Is CVE-2019-6110 known to be exploited?

17 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2019-6110

In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files be…

EPSS: 0.576 (98.2th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

ARPSyndicate/cve-scores
ARPSyndicate/cvemon
Fastiraz/openssh-cve-resolv
InesMartins31/iot-cves
Maribel0370/Nebula-io
NeoOniX/5ATTACK
ZorvithonLeo/BiG7EXploits
bioly230/THM_
firatesatoglu/shodanSearch
h4xrOx/Direct-Admin-Vulnerability-Disclosure

References

security.netapp.com/advisory/ntap-20190213-0001/
cvsweb.openbsd.org/src/usr.bin/ssh/scp.c
cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.c
sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt
46193 (exploit)
GLSA-201903-16 (vendor-advisory)
cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

Frequently asked questions

What is CVE-2019-6110?: CVE-2019-6110 is a vulnerability in N/a. Published 2019-01-31.
Is CVE-2019-6110 known to be exploited?: 17 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.