VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-jjf6-vvb9-aaac

Essentials
Severities (93)
References (31)
Severity details (18)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-jjf6-vvb9-aaac
Aliases	CVE-2023-51385
Summary	In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

System	Score	Found at
cvssv3	6.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-51385.json
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2023-51385
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2023-51385
epss	0.00267	https://api.first.org/data/v1/epss?cve=CVE-2023-51385
epss	0.00297	https://api.first.org/data/v1/epss?cve=CVE-2023-51385
epss	0.00297	https://api.first.org/data/v1/epss?cve=CVE-2023-51385
epss	0.00297	https://api.first.org/data/v1/epss?cve=CVE-2023-51385
epss	0.00297	https://api.first.org/data/v1/epss?cve=CVE-2023-51385
epss	0.00297	https://api.first.org/data/v1/epss?cve=CVE-2023-51385
epss	0.00297	https://api.first.org/data/v1/epss?cve=CVE-2023-51385
epss	0.00297	https://api.first.org/data/v1/epss?cve=CVE-2023-51385
epss	0.00297	https://api.first.org/data/v1/epss?cve=CVE-2023-51385
epss	0.00297	https://api.first.org/data/v1/epss?cve=CVE-2023-51385
epss	0.00297	https://api.first.org/data/v1/epss?cve=CVE-2023-51385
epss	0.00297	https://api.first.org/data/v1/epss?cve=CVE-2023-51385
epss	0.00341	https://api.first.org/data/v1/epss?cve=CVE-2023-51385
epss	0.00341	https://api.first.org/data/v1/epss?cve=CVE-2023-51385
epss	0.05336	https://api.first.org/data/v1/epss?cve=CVE-2023-51385
epss	0.05336	https://api.first.org/data/v1/epss?cve=CVE-2023-51385
epss	0.05336	https://api.first.org/data/v1/epss?cve=CVE-2023-51385
epss	0.05336	https://api.first.org/data/v1/epss?cve=CVE-2023-51385
epss	0.05336	https://api.first.org/data/v1/epss?cve=CVE-2023-51385
epss	0.05336	https://api.first.org/data/v1/epss?cve=CVE-2023-51385
epss	0.05336	https://api.first.org/data/v1/epss?cve=CVE-2023-51385
epss	0.05336	https://api.first.org/data/v1/epss?cve=CVE-2023-51385
epss	0.05336	https://api.first.org/data/v1/epss?cve=CVE-2023-51385
epss	0.05336	https://api.first.org/data/v1/epss?cve=CVE-2023-51385
epss	0.05336	https://api.first.org/data/v1/epss?cve=CVE-2023-51385
epss	0.05336	https://api.first.org/data/v1/epss?cve=CVE-2023-51385
epss	0.05336	https://api.first.org/data/v1/epss?cve=CVE-2023-51385
epss	0.05336	https://api.first.org/data/v1/epss?cve=CVE-2023-51385
epss	0.05336	https://api.first.org/data/v1/epss?cve=CVE-2023-51385
epss	0.05336	https://api.first.org/data/v1/epss?cve=CVE-2023-51385
epss	0.05336	https://api.first.org/data/v1/epss?cve=CVE-2023-51385
epss	0.05336	https://api.first.org/data/v1/epss?cve=CVE-2023-51385
epss	0.05336	https://api.first.org/data/v1/epss?cve=CVE-2023-51385
epss	0.05336	https://api.first.org/data/v1/epss?cve=CVE-2023-51385
epss	0.05336	https://api.first.org/data/v1/epss?cve=CVE-2023-51385
epss	0.05336	https://api.first.org/data/v1/epss?cve=CVE-2023-51385
epss	0.05336	https://api.first.org/data/v1/epss?cve=CVE-2023-51385
epss	0.05336	https://api.first.org/data/v1/epss?cve=CVE-2023-51385
epss	0.05631	https://api.first.org/data/v1/epss?cve=CVE-2023-51385
epss	0.05631	https://api.first.org/data/v1/epss?cve=CVE-2023-51385
epss	0.05631	https://api.first.org/data/v1/epss?cve=CVE-2023-51385
epss	0.05631	https://api.first.org/data/v1/epss?cve=CVE-2023-51385
epss	0.05631	https://api.first.org/data/v1/epss?cve=CVE-2023-51385
epss	0.05631	https://api.first.org/data/v1/epss?cve=CVE-2023-51385
epss	0.05631	https://api.first.org/data/v1/epss?cve=CVE-2023-51385
epss	0.05631	https://api.first.org/data/v1/epss?cve=CVE-2023-51385
epss	0.05897	https://api.first.org/data/v1/epss?cve=CVE-2023-51385
epss	0.05897	https://api.first.org/data/v1/epss?cve=CVE-2023-51385
epss	0.05897	https://api.first.org/data/v1/epss?cve=CVE-2023-51385
epss	0.05897	https://api.first.org/data/v1/epss?cve=CVE-2023-51385
epss	0.05897	https://api.first.org/data/v1/epss?cve=CVE-2023-51385
epss	0.05897	https://api.first.org/data/v1/epss?cve=CVE-2023-51385
epss	0.05897	https://api.first.org/data/v1/epss?cve=CVE-2023-51385
epss	0.05897	https://api.first.org/data/v1/epss?cve=CVE-2023-51385
epss	0.05897	https://api.first.org/data/v1/epss?cve=CVE-2023-51385
epss	0.05897	https://api.first.org/data/v1/epss?cve=CVE-2023-51385
epss	0.05897	https://api.first.org/data/v1/epss?cve=CVE-2023-51385
epss	0.0622	https://api.first.org/data/v1/epss?cve=CVE-2023-51385
epss	0.06438	https://api.first.org/data/v1/epss?cve=CVE-2023-51385
epss	0.47368	https://api.first.org/data/v1/epss?cve=CVE-2023-51385
epss	0.47368	https://api.first.org/data/v1/epss?cve=CVE-2023-51385
epss	0.47368	https://api.first.org/data/v1/epss?cve=CVE-2023-51385
epss	0.49696	https://api.first.org/data/v1/epss?cve=CVE-2023-51385
epss	0.49696	https://api.first.org/data/v1/epss?cve=CVE-2023-51385
epss	0.49696	https://api.first.org/data/v1/epss?cve=CVE-2023-51385
epss	0.49696	https://api.first.org/data/v1/epss?cve=CVE-2023-51385
epss	0.49696	https://api.first.org/data/v1/epss?cve=CVE-2023-51385
epss	0.49696	https://api.first.org/data/v1/epss?cve=CVE-2023-51385
epss	0.49696	https://api.first.org/data/v1/epss?cve=CVE-2023-51385
epss	0.49696	https://api.first.org/data/v1/epss?cve=CVE-2023-51385
epss	0.49696	https://api.first.org/data/v1/epss?cve=CVE-2023-51385
epss	0.49696	https://api.first.org/data/v1/epss?cve=CVE-2023-51385
epss	0.49696	https://api.first.org/data/v1/epss?cve=CVE-2023-51385
cvssv3.1	5.9	http://seclists.org/fulldisclosure/2024/Mar/21
generic_textual	MODERATE	http://seclists.org/fulldisclosure/2024/Mar/21
cvssv3.1	6.5	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	5.9	https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html
generic_textual	MODERATE	https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html
cvssv3	6.5	https://nvd.nist.gov/vuln/detail/CVE-2023-51385
cvssv3.1	6.5	https://nvd.nist.gov/vuln/detail/CVE-2023-51385
cvssv3.1	5.9	https://security.gentoo.org/glsa/202312-17
generic_textual	MODERATE	https://security.gentoo.org/glsa/202312-17
cvssv3.1	5.9	https://support.apple.com/kb/HT214084
generic_textual	MODERATE	https://support.apple.com/kb/HT214084
cvssv3.1	5.9	https://www.debian.org/security/2023/dsa-5586
generic_textual	MODERATE	https://www.debian.org/security/2023/dsa-5586
cvssv3.1	5.9	https://www.openssh.com/txt/release-9.6
generic_textual	MODERATE	https://www.openssh.com/txt/release-9.6
cvssv3.1	5.9	https://www.openwall.com/lists/oss-security/2023/12/18/2
generic_textual	MODERATE	https://www.openwall.com/lists/oss-security/2023/12/18/2

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-51385.json
		https://api.first.org/data/v1/epss?cve=CVE-2023-51385
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51385
		http://seclists.org/fulldisclosure/2024/Mar/21
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/openssh/openssh-portable/commit/7ef3787c84b6b524501211b11a26c742f829af1a
		https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html
		https://security.gentoo.org/glsa/202312-17
		https://security.netapp.com/advisory/ntap-20240105-0005/
		https://support.apple.com/kb/HT214084
		https://vin01.github.io/piptagole/ssh/security/openssh/libssh/remote-code-execution/2023/12/20/openssh-proxycommand-libssh-rce.html
		https://www.debian.org/security/2023/dsa-5586
		https://www.openssh.com/txt/release-9.6
		https://www.openwall.com/lists/oss-security/2023/12/18/2
		http://www.openwall.com/lists/oss-security/2023/12/26/4
2255271		https://bugzilla.redhat.com/show_bug.cgi?id=2255271
cpe:2.3:a:openbsd:openssh::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh::::::::
cpe:2.3:o:debian:debian_linux:10.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:::::::*
cpe:2.3:o:debian:debian_linux:11.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:11.0:::::::*
cpe:2.3:o:debian:debian_linux:12.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:12.0:::::::*
CVE-2023-51385		https://nvd.nist.gov/vuln/detail/CVE-2023-51385
RHSA-2024:0429		https://access.redhat.com/errata/RHSA-2024:0429
RHSA-2024:0455		https://access.redhat.com/errata/RHSA-2024:0455
RHSA-2024:0594		https://access.redhat.com/errata/RHSA-2024:0594
RHSA-2024:0606		https://access.redhat.com/errata/RHSA-2024:0606
RHSA-2024:1130		https://access.redhat.com/errata/RHSA-2024:1130
RHSA-2024:1383		https://access.redhat.com/errata/RHSA-2024:1383
USN-6560-2		https://usn.ubuntu.com/6560-2/
USN-6560-3		https://usn.ubuntu.com/6560-3/
USN-6565-1		https://usn.ubuntu.com/6565-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-51385.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N Found at http://seclists.org/fulldisclosure/2024/Mar/21

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-51385

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-51385

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://security.gentoo.org/glsa/202312-17

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://support.apple.com/kb/HT214084

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://www.debian.org/security/2023/dsa-5586

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://www.openssh.com/txt/release-9.6

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://www.openwall.com/lists/oss-security/2023/12/18/2

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.60403
EPSS Score	0.00226
Published At	Dec. 17, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
2024-01-03T17:14:26.047524+00:00	NVD Importer	Import	https://nvd.nist.gov/vuln/detail/CVE-2023-51385	34.0.0rc1