Remote Code Execution Vulnerability in OpenSSH's ssh-agent Feature
CVE-2023-38408

9.8CRITICAL

Key Information:

Vendor
OpenBSD
Status
Openssh
Vendor
CVE Published:
20 July 2023

Badges

👾 Exploit Exists🟡 Public PoC📰 News Worthy

Summary

The ssh-agent feature in OpenSSH versions prior to 9.3p2 is susceptible to a vulnerability due to an insufficiently trusted search path. This flaw allows for remote code execution when an ssh-agent is forwarded to an attacker-controlled environment. The vulnerability stems from a legacy issue that was not thoroughly addressed in previous security updates, exposing users to potential exploitation through agent forwarding mechanisms.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2023-38408
Created by kali-mx

CVE-2023-38408
Created by LucasPDiniz

cve_2023_38408_scanner
Created by fazilbaig1

News Articles

favicon imageCyber Security News

OpenSSH Agent RCE Flaw Let Attackers Execute Arbitrary Commands

The flaw exists in OpenSSH's forward ssh-agent. This flaw allows an attacker to execute arbitrary commands on vulnerable OpenSSH’s forwarded ssh-agent.

2 weeks ago

References

https://news.ycombinator.com/item?id=36790196
https://blog.qualys.com/vulnerabilities-threat-research/2...
https://www.qualys.com/2023/07/19/cve-2023-38408/rce-open...

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 📰

    First article discovered by Cyber Security News

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.