CVE-2019-6110

In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*
cpe:2.3:a:winscp:winscp:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:ontap_select_deploy:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:siemens:scalance_x204rna_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_x204rna:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:siemens:scalance_x204rna_eec_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_x204rna_eec:-:*:*:*:*:*:*:*

History

23 Feb 2023, 23:29

Type Values Removed Values Added
CPE cpe:2.3:h:siemens:scalance_x204rna:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_x204rna_eec:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:scalance_x204rna_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:scalance_x204rna_eec_firmware:*:*:*:*:*:*:*:*
References (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf - (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf - Patch, Third Party Advisory
First Time Siemens scalance X204rna Eec Firmware
Siemens scalance X204rna
Siemens scalance X204rna Eec
Siemens scalance X204rna Firmware
Siemens

13 Dec 2022, 12:15

Type Values Removed Values Added
References
  • (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf -

Information

Published : 2019-01-31 18:29

Updated : 2023-12-10 12:44


NVD link : CVE-2019-6110

Mitre link : CVE-2019-6110

CVE.ORG link : CVE-2019-6110


JSON object : View

Products Affected

siemens

  • scalance_x204rna_eec
  • scalance_x204rna_eec_firmware
  • scalance_x204rna
  • scalance_x204rna_firmware

winscp

  • winscp

netapp

  • element_software
  • storage_automation_store
  • ontap_select_deploy

openbsd

  • openssh
CWE
CWE-838

Inappropriate Encoding for Output Context