CVE-2019-14889 – A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and b …

10 December 2019

Vuln ID: CVE-2019-14889

Published: 2019-12-10 23:15:10Z

Description: A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.8. When the libssh SCP client connects to a server, the scp command, which includes a user-provided path, is executed on the server-side. In case the library is used in a way where users can influence the third parameter of the function, it would become possible for an attacker to inject arbitrary commands, leading to a compromise of the remote target.

Source: NVD.NIST.GOV

Date:

10 December 2019

Categorie(s):

NVD

Tag(s):

NVD

With its new iPad, Apple’s Empire strikes back6 May 2024
Malware campaign attempts abuse of defender binaries6 May 2024
Microsoft unveils new security features for SOC teams to combat insider threats6 May 2024
BigID launches new hybrid scanning technology for enhance cloud data management6 May 2024
At RSA, Cisco launches bolsters in Security Cloud, built on Hypershield and Splunk6 May 2024