Search for vulnerabilities
Vulnerability details: VCID-e3dh-tjmw-aaak
Vulnerability ID VCID-e3dh-tjmw-aaak
Aliases CVE-2023-38408
Summary The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.
Status Published
Exploitability 0.5
Weighted Severity 8.8
Risk 4.4
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-428 Unquoted Search Path or Element
CWE-94 Improper Control of Generation of Code ('Code Injection')
System Score Found at
cvssv3 9.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38408.json
epss 0.04294 https://api.first.org/data/v1/epss?cve=CVE-2023-38408
epss 0.04868 https://api.first.org/data/v1/epss?cve=CVE-2023-38408
epss 0.04868 https://api.first.org/data/v1/epss?cve=CVE-2023-38408
epss 0.04868 https://api.first.org/data/v1/epss?cve=CVE-2023-38408
epss 0.07607 https://api.first.org/data/v1/epss?cve=CVE-2023-38408
epss 0.07607 https://api.first.org/data/v1/epss?cve=CVE-2023-38408
epss 0.07607 https://api.first.org/data/v1/epss?cve=CVE-2023-38408
epss 0.07607 https://api.first.org/data/v1/epss?cve=CVE-2023-38408
epss 0.07607 https://api.first.org/data/v1/epss?cve=CVE-2023-38408
epss 0.07607 https://api.first.org/data/v1/epss?cve=CVE-2023-38408
epss 0.07607 https://api.first.org/data/v1/epss?cve=CVE-2023-38408
epss 0.07607 https://api.first.org/data/v1/epss?cve=CVE-2023-38408
epss 0.07607 https://api.first.org/data/v1/epss?cve=CVE-2023-38408
epss 0.07607 https://api.first.org/data/v1/epss?cve=CVE-2023-38408
epss 0.08015 https://api.first.org/data/v1/epss?cve=CVE-2023-38408
epss 0.36763 https://api.first.org/data/v1/epss?cve=CVE-2023-38408
epss 0.45307 https://api.first.org/data/v1/epss?cve=CVE-2023-38408
epss 0.45307 https://api.first.org/data/v1/epss?cve=CVE-2023-38408
epss 0.45307 https://api.first.org/data/v1/epss?cve=CVE-2023-38408
epss 0.45307 https://api.first.org/data/v1/epss?cve=CVE-2023-38408
epss 0.45307 https://api.first.org/data/v1/epss?cve=CVE-2023-38408
epss 0.45307 https://api.first.org/data/v1/epss?cve=CVE-2023-38408
epss 0.45307 https://api.first.org/data/v1/epss?cve=CVE-2023-38408
epss 0.45307 https://api.first.org/data/v1/epss?cve=CVE-2023-38408
epss 0.45307 https://api.first.org/data/v1/epss?cve=CVE-2023-38408
epss 0.45307 https://api.first.org/data/v1/epss?cve=CVE-2023-38408
epss 0.45307 https://api.first.org/data/v1/epss?cve=CVE-2023-38408
epss 0.45307 https://api.first.org/data/v1/epss?cve=CVE-2023-38408
epss 0.45307 https://api.first.org/data/v1/epss?cve=CVE-2023-38408
epss 0.45307 https://api.first.org/data/v1/epss?cve=CVE-2023-38408
epss 0.45307 https://api.first.org/data/v1/epss?cve=CVE-2023-38408
epss 0.54768 https://api.first.org/data/v1/epss?cve=CVE-2023-38408
epss 0.54768 https://api.first.org/data/v1/epss?cve=CVE-2023-38408
epss 0.54768 https://api.first.org/data/v1/epss?cve=CVE-2023-38408
epss 0.54768 https://api.first.org/data/v1/epss?cve=CVE-2023-38408
epss 0.54768 https://api.first.org/data/v1/epss?cve=CVE-2023-38408
epss 0.54768 https://api.first.org/data/v1/epss?cve=CVE-2023-38408
epss 0.56662 https://api.first.org/data/v1/epss?cve=CVE-2023-38408
epss 0.56662 https://api.first.org/data/v1/epss?cve=CVE-2023-38408
epss 0.5769 https://api.first.org/data/v1/epss?cve=CVE-2023-38408
epss 0.5769 https://api.first.org/data/v1/epss?cve=CVE-2023-38408
epss 0.5769 https://api.first.org/data/v1/epss?cve=CVE-2023-38408
epss 0.5769 https://api.first.org/data/v1/epss?cve=CVE-2023-38408
epss 0.5769 https://api.first.org/data/v1/epss?cve=CVE-2023-38408
epss 0.5769 https://api.first.org/data/v1/epss?cve=CVE-2023-38408
epss 0.5769 https://api.first.org/data/v1/epss?cve=CVE-2023-38408
epss 0.5769 https://api.first.org/data/v1/epss?cve=CVE-2023-38408
epss 0.58235 https://api.first.org/data/v1/epss?cve=CVE-2023-38408
epss 0.58235 https://api.first.org/data/v1/epss?cve=CVE-2023-38408
epss 0.58235 https://api.first.org/data/v1/epss?cve=CVE-2023-38408
epss 0.58235 https://api.first.org/data/v1/epss?cve=CVE-2023-38408
epss 0.58235 https://api.first.org/data/v1/epss?cve=CVE-2023-38408
epss 0.58235 https://api.first.org/data/v1/epss?cve=CVE-2023-38408
epss 0.58235 https://api.first.org/data/v1/epss?cve=CVE-2023-38408
epss 0.58235 https://api.first.org/data/v1/epss?cve=CVE-2023-38408
epss 0.58235 https://api.first.org/data/v1/epss?cve=CVE-2023-38408
epss 0.58235 https://api.first.org/data/v1/epss?cve=CVE-2023-38408
epss 0.58235 https://api.first.org/data/v1/epss?cve=CVE-2023-38408
epss 0.58235 https://api.first.org/data/v1/epss?cve=CVE-2023-38408
epss 0.58235 https://api.first.org/data/v1/epss?cve=CVE-2023-38408
epss 0.58235 https://api.first.org/data/v1/epss?cve=CVE-2023-38408
epss 0.59955 https://api.first.org/data/v1/epss?cve=CVE-2023-38408
epss 0.6005 https://api.first.org/data/v1/epss?cve=CVE-2023-38408
epss 0.6005 https://api.first.org/data/v1/epss?cve=CVE-2023-38408
epss 0.6005 https://api.first.org/data/v1/epss?cve=CVE-2023-38408
cvssv3.1 7.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3 9.8 https://nvd.nist.gov/vuln/detail/CVE-2023-38408
cvssv3.1 9.8 https://nvd.nist.gov/vuln/detail/CVE-2023-38408
generic_textual Medium https://www.openssh.com/security.html
Reference id Reference type URL
http://packetstormsecurity.com/files/173661/OpenSSH-Forwarded-SSH-Agent-Remote-Code-Execution.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38408.json
https://api.first.org/data/v1/epss?cve=CVE-2023-38408
https://blog.qualys.com/vulnerabilities-threat-research/2023/07/19/cve-2023-38408-remote-code-execution-in-opensshs-forwarded-ssh-agent
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38408
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/openbsd/src/commit/7bc29a9d5cd697290aa056e94ecee6253d3425f8
https://github.com/openbsd/src/commit/f03a4faa55c4ce0818324701dadbf91988d7351d
https://github.com/openbsd/src/commit/f8f5a6b003981bb824329dc987d101977beda7ca
https://lists.debian.org/debian-lts-announce/2023/08/msg00021.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CEBTJJINE2I3FHAUKKNQWMFGYMLSMWKQ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RAXVQS6ZYTULFAK3TEJHRLKZALJS3AOU/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CEBTJJINE2I3FHAUKKNQWMFGYMLSMWKQ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RAXVQS6ZYTULFAK3TEJHRLKZALJS3AOU/
https://news.ycombinator.com/item?id=36790196
https://security.gentoo.org/glsa/202307-01
https://security.netapp.com/advisory/ntap-20230803-0010/
https://support.apple.com/kb/HT213940
https://www.openssh.com/security.html
https://www.openssh.com/txt/release-9.3p2
https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt
https://www.vicarius.io/vsociety/posts/exploring-opensshs-agent-forwarding-rce-cve-2023-38408
http://www.openwall.com/lists/oss-security/2023/07/20/1
http://www.openwall.com/lists/oss-security/2023/07/20/2
http://www.openwall.com/lists/oss-security/2023/09/22/11
http://www.openwall.com/lists/oss-security/2023/09/22/9
1042460 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042460
2224173 https://bugzilla.redhat.com/show_bug.cgi?id=2224173
cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:9.3:-:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:9.3:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:9.3:p1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:9.3:p1:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
CVE-2023-38408 https://nvd.nist.gov/vuln/detail/CVE-2023-38408
RHSA-2023:4329 https://access.redhat.com/errata/RHSA-2023:4329
RHSA-2023:4381 https://access.redhat.com/errata/RHSA-2023:4381
RHSA-2023:4382 https://access.redhat.com/errata/RHSA-2023:4382
RHSA-2023:4383 https://access.redhat.com/errata/RHSA-2023:4383
RHSA-2023:4384 https://access.redhat.com/errata/RHSA-2023:4384
RHSA-2023:4412 https://access.redhat.com/errata/RHSA-2023:4412
RHSA-2023:4413 https://access.redhat.com/errata/RHSA-2023:4413
RHSA-2023:4419 https://access.redhat.com/errata/RHSA-2023:4419
RHSA-2023:4428 https://access.redhat.com/errata/RHSA-2023:4428
RHSA-2023:4889 https://access.redhat.com/errata/RHSA-2023:4889
USN-6242-1 https://usn.ubuntu.com/6242-1/
USN-6242-2 https://usn.ubuntu.com/6242-2/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38408.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-38408
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-38408
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.92272
EPSS Score 0.04294
Published At Jan. 16, 2025, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.