CVE-2018-20685

Published Jan 10, 2019
·
Updated

In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. Upstream Patch: https://github.com/openssh/openssh-portable/commit/6010c030 https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/scp.c.diff?r1=1.197&r2=1.198&f=h

Affected Software

78 affected componentsFixes available
debian/openssh<=1:7.4p1-10, <=1:7.9p1-4, <=1:7.4p1-10+deb9u4
1:7.9p1-51:7.4p1-10+deb9u5
OpenBSD OpenSSH<=7.9
WinSCP WinSCP<=5.13
NetApp Cloud Backup
NetApp Element Software
NetApp ONTAP Select Deploy
NetApp Steelstore Cloud Integrated Storage
NetApp Storage Automation Store
Debian Debian Linux=8.0
Debian Debian Linux=9.0
Canonical Ubuntu Linux=14.04
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
Canonical Ubuntu Linux=18.10
redhat Enterprise Linux=7.0
redhat Enterprise Linux=8.0
redhat Enterprise Linux Eus=8.1
redhat Enterprise Linux Eus=8.2
redhat Enterprise Linux Eus=8.4
redhat Enterprise Linux Eus=8.6
redhat Enterprise Linux Server Aus=8.2
redhat Enterprise Linux Server Aus=8.4
redhat Enterprise Linux Server Aus=8.6
redhat Enterprise Linux Server Tus=8.2
redhat Enterprise Linux Server Tus=8.4
redhat Enterprise Linux Server Tus=8.6
Oracle Solaris=10
Fujitsu M10-1 Firmware<xcp2361
Fujitsu M10-1
Fujitsu M10-4 Firmware<xcp2361
Fujitsu M10-4
Fujitsu M10-4s Firmware<xcp2361
Fujitsu M10-4s
Fujitsu M12-1 Firmware<xcp2361
Fujitsu M12-1
Fujitsu M12-2 Firmware<xcp2361
Fujitsu M12-2
Fujitsu M12-2s Firmware<xcp2361
Fujitsu M12-2s
Fujitsu M10-1 Firmware<xcp3070
Fujitsu M10-4 Firmware<xcp3070
Fujitsu M10-4s Firmware<xcp3070
Fujitsu M12-1 Firmware<xcp3070
Fujitsu M12-2 Firmware<xcp3070
Fujitsu M12-2s Firmware<xcp3070
Siemens Scalance X204rna Firmware<3.2.7
Siemens Scalance X204rna
Siemens Scalance X204rna Eec Firmware<3.2.7
Siemens Scalance X204rna Eec
All of the following
Fujitsu M10-1 Firmware<xcp2361
Fujitsu M10-1
All of the following
Fujitsu M10-4 Firmware<xcp2361
Fujitsu M10-4
All of the following
Fujitsu M10-4s Firmware<xcp2361
Fujitsu M10-4s
All of the following
Fujitsu M12-1 Firmware<xcp2361
Fujitsu M12-1
All of the following
Fujitsu M12-2 Firmware<xcp2361
Fujitsu M12-2
All of the following
Fujitsu M12-2s Firmware<xcp2361
Fujitsu M12-2s
All of the following
Fujitsu M10-1 Firmware<xcp3070
Fujitsu M10-1
All of the following
Fujitsu M10-4 Firmware<xcp3070
Fujitsu M10-4
All of the following
Fujitsu M10-4s Firmware<xcp3070
Fujitsu M10-4s
All of the following
Fujitsu M12-1 Firmware<xcp3070
Fujitsu M12-1
All of the following
Fujitsu M12-2 Firmware<xcp3070
Fujitsu M12-2
All of the following
Fujitsu M12-2s Firmware<xcp3070
Fujitsu M12-2s
All of the following
Siemens Scalance X204rna Firmware<3.2.7
Siemens Scalance X204rna
All of the following
Siemens Scalance X204rna Eec Firmware<3.2.7
Siemens Scalance X204rna Eec
debian/openssh
1:8.4p1-5+deb11u31:8.4p1-5+deb11u71:9.2p1-2+deb12u101:9.2p1-2+deb12u91:10.0p1-7+deb13u41:10.0p1-7+deb13u21:10.3p1-11:10.3p1-2

Remediation

Patch Available

https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2

Patch Available

https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/scp.c.diff?r1=1.197&r2=1.198&f=h

Patch Available

https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

Patch Available

https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt

Patch Available

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

Patch Available

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

Event History

Jan 10, 2019
CVE Published
via MITRE·12:00 AM
Data Sourced
via MITRE·12:00 AM
Description
Data Sourced
via NVD·09:29 PM
RemedyDescriptionSeverityWeaknessAffected Software
Jan 14, 2019
Data Sourced
via Red Hat·02:42 AM
DescriptionSeverityAffected Software
Sep 3, 2025
Data Sourced
via Ubuntu·03:47 AM
RemedyDescriptionSeverityAffected Software
Sep 11, 2025
Data Sourced
via Launchpad·03:50 AM
Description
May 16, 2026
Data Sourced
via Debian·11:46 PM
DescriptionAffected Software
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2018-20685?

CVE-2018-20685 is considered a medium severity vulnerability, allowing bypass of access restrictions in the OpenSSH scp client.

2

How do I fix CVE-2018-20685?

To fix CVE-2018-20685, update OpenSSH to version 7.9p1-5 or later.

3

Which software is affected by CVE-2018-20685?

CVE-2018-20685 affects OpenSSH version 7.9 and earlier, including variants in Debian and other distributions.

4

What is the impact of CVE-2018-20685?

The impact of CVE-2018-20685 is the potential for unauthorized file access due to improper filename handling.

5

Is CVE-2018-20685 relevant for my system?

CVE-2018-20685 is relevant if you are using an affected version of OpenSSH in your system or application.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203