Search for vulnerabilities
Vulnerability details: VCID-gnby-4uy2-f7an
Vulnerability ID VCID-gnby-4uy2-f7an
Aliases CVE-2023-38408
Summary The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.
Status Published
Exploitability 0.5
Weighted Severity 8.8
Risk 4.4
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-94 Improper Control of Generation of Code ('Code Injection')
CWE-428 Unquoted Search Path or Element
System Score Found at
cvssv3.1 9.8 http://packetstormsecurity.com/files/173661/OpenSSH-Forwarded-SSH-Agent-Remote-Code-Execution.html
ssvc Track http://packetstormsecurity.com/files/173661/OpenSSH-Forwarded-SSH-Agent-Remote-Code-Execution.html
cvssv3 9.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38408.json
epss 0.67828 https://api.first.org/data/v1/epss?cve=CVE-2023-38408
epss 0.67828 https://api.first.org/data/v1/epss?cve=CVE-2023-38408
epss 0.67828 https://api.first.org/data/v1/epss?cve=CVE-2023-38408
epss 0.69323 https://api.first.org/data/v1/epss?cve=CVE-2023-38408
epss 0.69323 https://api.first.org/data/v1/epss?cve=CVE-2023-38408
epss 0.70473 https://api.first.org/data/v1/epss?cve=CVE-2023-38408
epss 0.72622 https://api.first.org/data/v1/epss?cve=CVE-2023-38408
epss 0.72622 https://api.first.org/data/v1/epss?cve=CVE-2023-38408
epss 0.73008 https://api.first.org/data/v1/epss?cve=CVE-2023-38408
epss 0.73008 https://api.first.org/data/v1/epss?cve=CVE-2023-38408
epss 0.73008 https://api.first.org/data/v1/epss?cve=CVE-2023-38408
epss 0.73008 https://api.first.org/data/v1/epss?cve=CVE-2023-38408
cvssv3.1 9.8 https://blog.qualys.com/vulnerabilities-threat-research/2023/07/19/cve-2023-38408-remote-code-execution-in-opensshs-forwarded-ssh-agent
ssvc Track https://blog.qualys.com/vulnerabilities-threat-research/2023/07/19/cve-2023-38408-remote-code-execution-in-opensshs-forwarded-ssh-agent
cvssv3.1 7.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 9.8 https://github.com/openbsd/src/commit/7bc29a9d5cd697290aa056e94ecee6253d3425f8
ssvc Track https://github.com/openbsd/src/commit/7bc29a9d5cd697290aa056e94ecee6253d3425f8
cvssv3.1 9.8 https://github.com/openbsd/src/commit/f03a4faa55c4ce0818324701dadbf91988d7351d
ssvc Track https://github.com/openbsd/src/commit/f03a4faa55c4ce0818324701dadbf91988d7351d
cvssv3.1 9.8 https://github.com/openbsd/src/commit/f8f5a6b003981bb824329dc987d101977beda7ca
ssvc Track https://github.com/openbsd/src/commit/f8f5a6b003981bb824329dc987d101977beda7ca
cvssv3.1 9.8 https://lists.debian.org/debian-lts-announce/2023/08/msg00021.html
ssvc Track https://lists.debian.org/debian-lts-announce/2023/08/msg00021.html
cvssv3.1 9.8 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CEBTJJINE2I3FHAUKKNQWMFGYMLSMWKQ/
ssvc Track https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CEBTJJINE2I3FHAUKKNQWMFGYMLSMWKQ/
cvssv3.1 9.8 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RAXVQS6ZYTULFAK3TEJHRLKZALJS3AOU/
ssvc Track https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RAXVQS6ZYTULFAK3TEJHRLKZALJS3AOU/
cvssv3.1 9.8 https://news.ycombinator.com/item?id=36790196
ssvc Track https://news.ycombinator.com/item?id=36790196
cvssv3.1 9.8 https://nvd.nist.gov/vuln/detail/CVE-2023-38408
cvssv3.1 9.8 https://security.gentoo.org/glsa/202307-01
ssvc Track https://security.gentoo.org/glsa/202307-01
cvssv3.1 9.8 https://security.netapp.com/advisory/ntap-20230803-0010/
ssvc Track https://security.netapp.com/advisory/ntap-20230803-0010/
cvssv3.1 9.8 https://support.apple.com/kb/HT213940
ssvc Track https://support.apple.com/kb/HT213940
cvssv3.1 9.8 https://www.openssh.com/security.html
ssvc Track https://www.openssh.com/security.html
cvssv3.1 9.8 https://www.openssh.com/txt/release-9.3p2
ssvc Track https://www.openssh.com/txt/release-9.3p2
cvssv3.1 9.8 https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt
ssvc Track https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt
cvssv3.1 9.8 https://www.vicarius.io/vsociety/posts/exploring-opensshs-agent-forwarding-rce-cve-2023-38408
ssvc Track https://www.vicarius.io/vsociety/posts/exploring-opensshs-agent-forwarding-rce-cve-2023-38408
cvssv3.1 9.8 http://www.openwall.com/lists/oss-security/2023/07/20/1
ssvc Track http://www.openwall.com/lists/oss-security/2023/07/20/1
cvssv3.1 9.8 http://www.openwall.com/lists/oss-security/2023/07/20/2
ssvc Track http://www.openwall.com/lists/oss-security/2023/07/20/2
cvssv3.1 9.8 http://www.openwall.com/lists/oss-security/2023/09/22/11
ssvc Track http://www.openwall.com/lists/oss-security/2023/09/22/11
cvssv3.1 9.8 http://www.openwall.com/lists/oss-security/2023/09/22/9
ssvc Track http://www.openwall.com/lists/oss-security/2023/09/22/9
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38408.json
https://api.first.org/data/v1/epss?cve=CVE-2023-38408
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38408
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1 http://www.openwall.com/lists/oss-security/2023/07/20/1
1042460 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042460
11 http://www.openwall.com/lists/oss-security/2023/09/22/11
2 http://www.openwall.com/lists/oss-security/2023/07/20/2
202307-01 https://security.gentoo.org/glsa/202307-01
2224173 https://bugzilla.redhat.com/show_bug.cgi?id=2224173
7bc29a9d5cd697290aa056e94ecee6253d3425f8 https://github.com/openbsd/src/commit/7bc29a9d5cd697290aa056e94ecee6253d3425f8
9 http://www.openwall.com/lists/oss-security/2023/09/22/9
CEBTJJINE2I3FHAUKKNQWMFGYMLSMWKQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CEBTJJINE2I3FHAUKKNQWMFGYMLSMWKQ/
cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:9.3:-:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:9.3:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:9.3:p1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:9.3:p1:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
CVE-2023-38408 https://nvd.nist.gov/vuln/detail/CVE-2023-38408
cve-2023-38408-remote-code-execution-in-opensshs-forwarded-ssh-agent https://blog.qualys.com/vulnerabilities-threat-research/2023/07/19/cve-2023-38408-remote-code-execution-in-opensshs-forwarded-ssh-agent
exploring-opensshs-agent-forwarding-rce-cve-2023-38408 https://www.vicarius.io/vsociety/posts/exploring-opensshs-agent-forwarding-rce-cve-2023-38408
f03a4faa55c4ce0818324701dadbf91988d7351d https://github.com/openbsd/src/commit/f03a4faa55c4ce0818324701dadbf91988d7351d
f8f5a6b003981bb824329dc987d101977beda7ca https://github.com/openbsd/src/commit/f8f5a6b003981bb824329dc987d101977beda7ca
HT213940 https://support.apple.com/kb/HT213940
item?id=36790196 https://news.ycombinator.com/item?id=36790196
msg00021.html https://lists.debian.org/debian-lts-announce/2023/08/msg00021.html
ntap-20230803-0010 https://security.netapp.com/advisory/ntap-20230803-0010/
OpenSSH-Forwarded-SSH-Agent-Remote-Code-Execution.html http://packetstormsecurity.com/files/173661/OpenSSH-Forwarded-SSH-Agent-Remote-Code-Execution.html
RAXVQS6ZYTULFAK3TEJHRLKZALJS3AOU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RAXVQS6ZYTULFAK3TEJHRLKZALJS3AOU/
rce-openssh-forwarded-ssh-agent.txt https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt
release-9.3p2 https://www.openssh.com/txt/release-9.3p2
RHSA-2023:4329 https://access.redhat.com/errata/RHSA-2023:4329
RHSA-2023:4381 https://access.redhat.com/errata/RHSA-2023:4381
RHSA-2023:4382 https://access.redhat.com/errata/RHSA-2023:4382
RHSA-2023:4383 https://access.redhat.com/errata/RHSA-2023:4383
RHSA-2023:4384 https://access.redhat.com/errata/RHSA-2023:4384
RHSA-2023:4412 https://access.redhat.com/errata/RHSA-2023:4412
RHSA-2023:4413 https://access.redhat.com/errata/RHSA-2023:4413
RHSA-2023:4419 https://access.redhat.com/errata/RHSA-2023:4419
RHSA-2023:4428 https://access.redhat.com/errata/RHSA-2023:4428
RHSA-2023:4889 https://access.redhat.com/errata/RHSA-2023:4889
security.html https://www.openssh.com/security.html
USN-6242-1 https://usn.ubuntu.com/6242-1/
USN-6242-2 https://usn.ubuntu.com/6242-2/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://packetstormsecurity.com/files/173661/OpenSSH-Forwarded-SSH-Agent-Remote-Code-Execution.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:21Z/ Found at http://packetstormsecurity.com/files/173661/OpenSSH-Forwarded-SSH-Agent-Remote-Code-Execution.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38408.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://blog.qualys.com/vulnerabilities-threat-research/2023/07/19/cve-2023-38408-remote-code-execution-in-opensshs-forwarded-ssh-agent
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:21Z/ Found at https://blog.qualys.com/vulnerabilities-threat-research/2023/07/19/cve-2023-38408-remote-code-execution-in-opensshs-forwarded-ssh-agent
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/openbsd/src/commit/7bc29a9d5cd697290aa056e94ecee6253d3425f8
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:21Z/ Found at https://github.com/openbsd/src/commit/7bc29a9d5cd697290aa056e94ecee6253d3425f8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/openbsd/src/commit/f03a4faa55c4ce0818324701dadbf91988d7351d
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:21Z/ Found at https://github.com/openbsd/src/commit/f03a4faa55c4ce0818324701dadbf91988d7351d
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/openbsd/src/commit/f8f5a6b003981bb824329dc987d101977beda7ca
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:21Z/ Found at https://github.com/openbsd/src/commit/f8f5a6b003981bb824329dc987d101977beda7ca
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.debian.org/debian-lts-announce/2023/08/msg00021.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:21Z/ Found at https://lists.debian.org/debian-lts-announce/2023/08/msg00021.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CEBTJJINE2I3FHAUKKNQWMFGYMLSMWKQ/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:21Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CEBTJJINE2I3FHAUKKNQWMFGYMLSMWKQ/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RAXVQS6ZYTULFAK3TEJHRLKZALJS3AOU/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:21Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RAXVQS6ZYTULFAK3TEJHRLKZALJS3AOU/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://news.ycombinator.com/item?id=36790196
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:21Z/ Found at https://news.ycombinator.com/item?id=36790196
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-38408
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://security.gentoo.org/glsa/202307-01
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:21Z/ Found at https://security.gentoo.org/glsa/202307-01
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://security.netapp.com/advisory/ntap-20230803-0010/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:21Z/ Found at https://security.netapp.com/advisory/ntap-20230803-0010/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://support.apple.com/kb/HT213940
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:21Z/ Found at https://support.apple.com/kb/HT213940
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.openssh.com/security.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:21Z/ Found at https://www.openssh.com/security.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.openssh.com/txt/release-9.3p2
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:21Z/ Found at https://www.openssh.com/txt/release-9.3p2
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:21Z/ Found at https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.vicarius.io/vsociety/posts/exploring-opensshs-agent-forwarding-rce-cve-2023-38408
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:21Z/ Found at https://www.vicarius.io/vsociety/posts/exploring-opensshs-agent-forwarding-rce-cve-2023-38408
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2023/07/20/1
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:21Z/ Found at http://www.openwall.com/lists/oss-security/2023/07/20/1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2023/07/20/2
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:21Z/ Found at http://www.openwall.com/lists/oss-security/2023/07/20/2
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2023/09/22/11
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:21Z/ Found at http://www.openwall.com/lists/oss-security/2023/09/22/11
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2023/09/22/9
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:21Z/ Found at http://www.openwall.com/lists/oss-security/2023/09/22/9
Exploit Prediction Scoring System (EPSS)
Percentile 0.98503
EPSS Score 0.67828
Published At July 31, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:38:04.450172+00:00 Ubuntu USN Importer Import https://usn.ubuntu.com/6242-2/ 37.0.0