CVE-2023-38408
CVSS 3.1 Score 9.8 of 10 (high)
Details
Published Jul 20, 2023
Updated: Apr 4, 2024
CWE ID 428
Summary
CVE-2023-38408 is a newly discovered vulnerability in the PKCS#11 feature of ssh-agent within OpenSSH versions prior to 9.3p2. This issue stems from an insufficiently secure search path, enabling remote code execution if an ssh-agent is forwarded to a malicious system. Notably, code located in /usr/lib may not be safe for loading into ssh-agent, and this vulnerability is a remnant of an incomplete fix for the earlier CVE-2016-10009.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- OpenSSH
- Fedora Operating System
Affected Vendors
- OpenBSD Project
- Fedora Project
Advisories, Assessments, and Mitigations
Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future
Note: This is just a basic overview providing quick insights into CVE-2023-38408 information. Gain full access to comprehensive CVE data, third party vulnerabilities, compromised credentials and more with Recorded Future
- Gain complete coverage of your cyber, third party, and physical attack surface
- Proactively mitigate threats before they turn into costly attacks
- Make fast, effective, data-driven decisions