CVE-2020-15778

HIGH

Openbsd Openssh < 8.3 - OS Command Injection

Title source: rule

Description

scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows."

Exploits (5)

nomisec WRITEUP 144 stars
by cpandya2909 · poc
https://github.com/cpandya2909/CVE-2020-15778
nomisec WORKING POC 37 stars
by Neko-chanQwQ · poc
https://github.com/Neko-chanQwQ/CVE-2020-15778-Exploit
nomisec WORKING POC 3 stars
by yifanzhg · poc
https://github.com/yifanzhg/CVE-2020-15778
nomisec SCANNER 2 stars
by drackyjr · poc
https://github.com/drackyjr/CVE-2020-15778-SCP-Command-Injection-Check
inthewild WORKING POC
poc
https://github.com/neko2sh1ro/cve-2020-15778-exploit

References (6)

Scores

CVSS v3 7.4
EPSS 0.6148
EPSS Percentile 98.3%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-78
Status published
Products (10)
broadcom/fabric_operating_system
netapp/a700s_firmware
netapp/active_iq_unified_manager 9.5
netapp/hci_compute_node
netapp/hci_management_node
netapp/hci_storage_node
netapp/solidfire
netapp/steelstore_cloud_integrated_storage
openbsd/openssh 8.3 (2 CPE variants)
openbsd/openssh < 8.3
Published Jul 24, 2020
Tracked Since Feb 18, 2026