CVE-2018-20685

Name: CVE-2018-20685
Creator: NVD / NIST
Published: 2019-01-10T21:29:00.377+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 5.3/10EPSS 3.68%

Last modified Jun 17, 2026

CVE-2018-20685 is a medium-severity vulnerability rated 5.3/10 on the CVSS scale. In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. EPSS estimates a 3.68% chance of exploitation in the next 30 days.

Description

In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.

Metrics

CVSS 3.1

5.3/10

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N

EPSS Probability

3.68%

88.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Openbsd	Openssh	<= 7.9
Winscp	Winscp	<= 5.13
Netapp	Cloud Backup	All versions
Netapp	Element Software	All versions
Netapp	Ontap Select Deploy	All versions
Netapp	Steelstore Cloud Integrated Storage	All versions
Netapp	Storage Automation Store	All versions
Debian	Debian Linux	8.0
Debian	Debian Linux	9.0
Canonical	Ubuntu Linux	14.04
Canonical	Ubuntu Linux	16.04
Canonical	Ubuntu Linux	18.04
Canonical	Ubuntu Linux	18.10
Redhat	Enterprise Linux	7.0
Redhat	Enterprise Linux	8.0
Redhat	Enterprise Linux Eus	8.1
Redhat	Enterprise Linux Eus	8.2
Redhat	Enterprise Linux Eus	8.4
Redhat	Enterprise Linux Eus	8.6
Redhat	Enterprise Linux Server Aus	8.2
Redhat	Enterprise Linux Server Aus	8.4
Redhat	Enterprise Linux Server Aus	8.6
Redhat	Enterprise Linux Server Tus	8.2
Redhat	Enterprise Linux Server Tus	8.4
Redhat	Enterprise Linux Server Tus	8.6
Oracle	Solaris	10
Fujitsu	M10-1 Firmware	< xcp2361
Fujitsu	M10-4 Firmware	< xcp2361
Fujitsu	M10-4s Firmware	< xcp2361
Fujitsu	M12-1 Firmware	< xcp2361
Fujitsu	M12-2 Firmware	< xcp2361
Fujitsu	M12-2s Firmware	< xcp2361
Fujitsu	M10-1 Firmware	< xcp3070
Fujitsu	M10-4 Firmware	< xcp3070
Fujitsu	M10-4s Firmware	< xcp3070
Fujitsu	M12-1 Firmware	< xcp3070
Fujitsu	M12-2 Firmware	< xcp3070
Fujitsu	M12-2s Firmware	< xcp3070
Siemens	Scalance X204rna Firmware	< 3.2.7
Siemens	Scalance X204rna Eec Firmware	< 3.2.7

References

http://www.securityfocus.com/bid/106531Broken Link
https://access.redhat.com/errata/RHSA-2019:3702Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdfPatch, Third Party Advisory
https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/scp.c.diff?r1=1.197&r2=1.198&f=hPatch
https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2Patch
https://lists.debian.org/debian-lts-announce/2019/03/msg00030.htmlMailing List, Third Party Advisory
https://security.gentoo.org/glsa/201903-16Third Party Advisory
https://security.gentoo.org/glsa/202007-53Third Party Advisory
https://security.netapp.com/advisory/ntap-20190215-0001/Third Party Advisory
https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txtPatch, Third Party Advisory
https://usn.ubuntu.com/3885-1/Third Party Advisory
https://www.debian.org/security/2019/dsa-4387Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlPatch, Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlPatch, Third Party Advisory
http://www.securityfocus.com/bid/106531Broken Link
https://access.redhat.com/errata/RHSA-2019:3702Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdfPatch, Third Party Advisory
https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/scp.c.diff?r1=1.197&r2=1.198&f=hPatch
https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2Patch
https://lists.debian.org/debian-lts-announce/2019/03/msg00030.htmlMailing List, Third Party Advisory
https://security.gentoo.org/glsa/201903-16Third Party Advisory
https://security.gentoo.org/glsa/202007-53Third Party Advisory
https://security.netapp.com/advisory/ntap-20190215-0001/Third Party Advisory
https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txtPatch, Third Party Advisory
https://usn.ubuntu.com/3885-1/Third Party Advisory
https://www.debian.org/security/2019/dsa-4387Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlPatch, Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlPatch, Third Party Advisory

Timeline

Published: Jan 10, 2019
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2018-20685?

How severe is CVE-2018-20685?

CVE-2018-20685 has a CVSS score of 5.3/10 (MEDIUM severity). The EPSS model estimates a 3.68% probability of exploitation in the next 30 days.

How do I fix CVE-2018-20685?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-20685?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST