CyberSec.Space Logo
Back to CVE Browser

CVE-2019-1000018

HIGH
7.8
CVSS Severity Score
EPSS Score0.1800%
EPSS Percentile20.39th
PublishedFeb 4, 2019
Last ModifiedMar 19, 2025

Vulnerability Description

rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in allowscp permission that can result in Local command execution. This attack appear to be exploitable via An authorized SSH user with the allowscp permission.

Affected Platforms (CPE)

πŸ“¦
Pizzashack

Rssh

= 2.3.4
πŸ’»
Debian

Debian Linux

= 8.0
πŸ’»
Debian

Debian Linux

= 9.0
πŸ’»
Fedoraproject

Fedora

= 29
πŸ’»
Fedoraproject

Fedora

= 30
πŸ’»
Fedoraproject

Fedora

= 31
πŸ’»
Canonical

Ubuntu Linux

= 14.04
πŸ’»
Canonical

Ubuntu Linux

= 16.04
πŸ’»
Canonical

Ubuntu Linux

= 18.04
πŸ’»
Canonical

Ubuntu Linux

= 18.10

References & Advisories

πŸ”— http://seclists.org/fulldisclosure/2021/May/78
πŸ”— https://esnet-security.github.io/vulnerabilities/20190115_rssh
πŸ”— https://github.com/WlX-33/PoC-for-CVE/blob/main/CVE-2021-33216%2CCVE-2019-1000018/CommScope%20Ruckus%20IoT%20Controller%201.7.1.0%20Undocumented%20Account.txt
πŸ”— https://lists.debian.org/debian-lts-announce/2019/01/msg00027.html
πŸ”— https://lists.fedoraproject.org/archives/list/[email protected]/message/HO3MDU3AH5SLYBKHH5PJ6PHC63ASIF42/
πŸ”— https://lists.fedoraproject.org/archives/list/[email protected]/message/KR2OHTHMJVV4DO3HDRFQQZ5JENHDJQEN/
πŸ”— https://lists.fedoraproject.org/archives/list/[email protected]/message/T42YYNWJZG422GATWAHAEK4A24OKY557/
πŸ”— https://security.gentoo.org/glsa/202007-29

Related Vulnerabilities

CVE-2019-34649.8

Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell...

CVE-2019-34639.8

Insufficient sanitization of arguments passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should...

CVE-2004-16289.0

Format string vulnerability in log.c in rssh before 2.2.2 allows remote authenticated users to execute arbitrary code.

CVE-2004-11617.5

rssh 2.2.2 and earlier does not properly restrict programs that can be run, which could allow remote authenticated users to bypass...