What is CVE-2020-15778?

CVE-2020-15778 is a vulnerability in N/a. Published 2020-07-24.

Is CVE-2020-15778 known to be exploited?

78 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2020-15778

scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "an…

EPSS: 0.643 (98.5th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

cpandya2909/CVE-2020-15778
Neko-chanQwQ/CVE-2020-15778-Exploit
yifanzhg/CVE-2020-15778
drackyjr/CVE-2020-15778-SCP-Command-Injection-Check
20142995/sectool
ARPSyndicate/cve-scores
ARPSyndicate/cvemon
ArrestX/--POC
CnHack3r/Penetration_
DeMeerleerGilles/NPE-Cybersecurity

References

www.openssh.com/security.html
github.com/cpandya2909/CVE-2020-15778/
security.netapp.com/advisory/ntap-20200731-0007/
news.ycombinator.com/item
GLSA-202212-06 (vendor-advisory)
access.redhat.com/errata/RHSA-2024:3166

Frequently asked questions

What is CVE-2020-15778?: CVE-2020-15778 is a vulnerability in N/a. Published 2020-07-24.
Is CVE-2020-15778 known to be exploited?: 78 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.