Severity Rating: High
Software Affected

Openssh version 8.2
Overview

A vulnerability has been reported in OpenSSH SCP Client which could allow
an attacker to overwrite arbitrary files on the targeted system.

Description
This Vulnerability exists in OpenSSH SCP Client due to a utimes system call
failure. This vulnerability can be exploited when a victim uses the command
'scp -rp' to download a file hierarchy containing, anywhere inside, a
subdirectory specially crafted by a malicious unprivileged user on the
remote server. Successful exploitation of this vulnerability may allow the
attacker to overwrite arbitrary files in the client's download directory by
creating a crafted subdirectory on the targeted system.

Solution
Apply appropriate patches as mentioned in OpenSSH release notes


References
Vendor

NVD

CVE Name
CVE-2020-12062

About Cert Advisory

We have created this blog to provide latest security advisory from the india cert for the security vulnerability, threats, attacks and patching required to mitigate any kind of cyber attacks.

Related Posts

© Copyright 2020. Designed By Templateify

© Copyright 2020. Ud64

Scroll to Top