CVE-2019-6110

Name: CVE-2019-6110
Creator: NVD / NIST
Published: 2019-01-31T18:29:00.807+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 6.8/10EPSS 20.91%

Last modified Jun 17, 2026

CVE-2019-6110 is a medium-severity vulnerability rated 6.8/10 on the CVSS scale. In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.. EPSS estimates a 20.91% chance of exploitation in the next 30 days.

Description

In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.

Metrics

CVSS 3.1

6.8/10

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

EPSS Probability

20.91%

97.2th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Openbsd	Openssh	<= 7.9
Winscp	Winscp	<= 5.13
Netapp	Element Software	All versions
Netapp	Ontap Select Deploy	All versions
Netapp	Storage Automation Store	All versions
Siemens	Scalance X204rna Firmware	< 3.2.7
Siemens	Scalance X204rna Eec Firmware	< 3.2.7

References

https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdfPatch, Third Party Advisory
https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.cRelease Notes
https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.cRelease Notes
https://security.gentoo.org/glsa/201903-16Third Party Advisory
https://security.netapp.com/advisory/ntap-20190213-0001/Third Party Advisory
https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txtThird Party Advisory
https://www.exploit-db.com/exploits/46193/Exploit, Third Party Advisory, VDB Entry
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdfPatch, Third Party Advisory
https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.cRelease Notes
https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.cRelease Notes
https://security.gentoo.org/glsa/201903-16Third Party Advisory
https://security.netapp.com/advisory/ntap-20190213-0001/Third Party Advisory
https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txtThird Party Advisory
https://www.exploit-db.com/exploits/46193/Exploit, Third Party Advisory, VDB Entry

Timeline

Published: Jan 31, 2019
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2019-6110?

How severe is CVE-2019-6110?

CVE-2019-6110 has a CVSS score of 6.8/10 (MEDIUM severity). The EPSS model estimates a 20.91% probability of exploitation in the next 30 days.

How do I fix CVE-2019-6110?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2019-6110?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST