CVE-2023-38408

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Jul 20, 2023
Updated: Apr 4, 2024
CWE ID 428

Summary

CVE-2023-38408 is a newly discovered vulnerability in the PKCS#11 feature of ssh-agent within OpenSSH versions prior to 9.3p2. This issue stems from an insufficiently secure search path, enabling remote code execution if an ssh-agent is forwarded to a malicious system. Notably, code located in /usr/lib may not be safe for loading into ssh-agent, and this vulnerability is a remnant of an incomplete fix for the earlier CVE-2016-10009.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • OpenSSH
  • Fedora Operating System

Affected Vendors

  • OpenBSD Project
  • Fedora Project