0.975 High
EPSS
Percentile
100.0%
An elevation of privilege vulnerability exists in OpenSSH for Windows when it does not properly restrict access to configuration settings, aka ‘OpenSSH for Windows Elevation of Privilege Vulnerability’.
Recent assessments:
busterb at June 09, 2020 7:11pm UTC reported:
This vuln. appears to allow any authenticated user on a Windows system to modify the configuration settings for OpenSSH, which would allow for configuring it in such a way that could allow for a privilege escalation for an inbound user via SSH. OTOH, if you are already authenticated, you could just login yourself and perform an LPE much the same way as SMBGhost was used for LPE CVE-2020-0796
Assessed Attacker Value: 3
Assessed Attacker Value: 3Assessed Attacker Value: 3
0.975 High
EPSS
Percentile
100.0%