How severe is CVE-2020-12062?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2020-12062?

This is classified as CWE-20, which is a common weakness in software security.

CVE-2020-12062 - HIGH Severity | CVSS 7.5

Vulnerability Description

The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicious unprivileged user on the remote server to overwrite arbitrary files in the client's download directory by creating a crafted subdirectory anywhere on the remote server. The victim must use the command scp -rp to download a file hierarchy containing, anywhere inside, this crafted subdirectory. NOTE: the vendor points out that "this attack can achieve no more than a hostile peer is already able to achieve within the scp protocol" and "utimes does not fail under normal circumstances.

Related Vulnerabilities

CVE-2000-0258

HIGH

CVSS:7.5(High)

IIS 4.0 and 5.0 allows remote attackers to cause a denial of service by sending many URLs with a large number of escaped characters, aka the "Myriad Escaped Characters" Vulnerability.

CWE-202000

CVE-2008-2169

HIGH

CVSS:7.5(High)

Unspecified vulnerability in Avici routers allows remote attackers to cause a denial of service (dropped session) via crafted BGP UPDATE messages, leading to route flapping, possibly a related issue t...

CWE-202008

CVE-2008-2170

HIGH

CVSS:7.5(High)

Unspecified vulnerability in Century routers allows remote attackers to cause a denial of service (dropped session) via crafted BGP UPDATE messages, leading to route flapping, possibly a related issue...

CWE-202008

CVE-2008-2173

HIGH

CVSS:7.5(High)

Unspecified vulnerability in Yamaha routers allows remote attackers to cause a denial of service (dropped session) via crafted BGP UPDATE messages, leading to route flapping, possibly a related issue ...

CWE-202008

CVE-2009-5050

HIGH

CVSS:7.5(High)

konversation before 1.2.3 allows attackers to cause a denial of service.

CWE-202009

CVE-2010-1678

HIGH

CVSS:7.5(High)

Mapserver 5.2, 5.4 and 5.6 before 5.6.5-2 improperly validates symbol index values during Mapfile parsing.

CWE-202010