CVE-2023-38408 Report - Details, Severity, & Advisories
Twingate Team
•
Apr 4, 2024
A critical vulnerability, CVE-2023-38408, has been identified in the PKCS#11 feature in ssh-agent in OpenSSH versions before 9.3p2. This vulnerability, with a severity score of 9.8, can lead to remote code execution if an agent is forwarded to an attacker-controlled system. The issue affects a variety of systems, including those running OpenSSH and certain Fedora versions.
How do I know if I'm affected?
If you're using OpenSSH and want to know if you're affected by the vulnerability, check your OpenSSH version. The vulnerability impacts OpenSSH versions before 9.3p2, including OpenBSD OpenSSH versions up to 9.3, 9.3, and 9.3p1. Additionally, Fedora Project Fedora versions 37 and 38 are affected. If your system runs any of these versions, you may be vulnerable to this critical security issue.
What should I do if I'm affected?
If you're affected by the vulnerability, update your OpenSSH to version 9.3p2. To do this, download the update from the OpenSSH website, verify the file using the provided checksums, and install the update. This will help protect your system from potential remote code execution attacks.
Is CVE-2023-38408 in CISA’s Known Exploited Vulnerabilities Catalog?
Yes, it is in CISA's Known Exploited Vulnerabilities Catalog. This critical security issue, related to the PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2, was added to the catalog on July 19, 2023. Although a specific due date and required action are not provided, updating OpenSSH to version 9.3p2 or later is recommended to mitigate the risk.
Weakness enumeration
The weakness enumeration for this vulnerability is categorized as CWE-428, which involves an untrustworthy search path in OpenSSH's PKCS#11 feature. It can lead to remote code execution if an agent is forwarded to an attacker-controlled system.
For more details
CVE-2023-38408 is a critical vulnerability in OpenSSH's PKCS#11 feature, affecting versions before 9.3p2. The issue can lead to remote code execution if an agent is forwarded to an attacker-controlled system. For a comprehensive analysis of the vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or the links below.
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
CVE-2023-38408 Report - Details, Severity, & Advisories
Twingate Team
•
Apr 4, 2024
A critical vulnerability, CVE-2023-38408, has been identified in the PKCS#11 feature in ssh-agent in OpenSSH versions before 9.3p2. This vulnerability, with a severity score of 9.8, can lead to remote code execution if an agent is forwarded to an attacker-controlled system. The issue affects a variety of systems, including those running OpenSSH and certain Fedora versions.
How do I know if I'm affected?
If you're using OpenSSH and want to know if you're affected by the vulnerability, check your OpenSSH version. The vulnerability impacts OpenSSH versions before 9.3p2, including OpenBSD OpenSSH versions up to 9.3, 9.3, and 9.3p1. Additionally, Fedora Project Fedora versions 37 and 38 are affected. If your system runs any of these versions, you may be vulnerable to this critical security issue.
What should I do if I'm affected?
If you're affected by the vulnerability, update your OpenSSH to version 9.3p2. To do this, download the update from the OpenSSH website, verify the file using the provided checksums, and install the update. This will help protect your system from potential remote code execution attacks.
Is CVE-2023-38408 in CISA’s Known Exploited Vulnerabilities Catalog?
Yes, it is in CISA's Known Exploited Vulnerabilities Catalog. This critical security issue, related to the PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2, was added to the catalog on July 19, 2023. Although a specific due date and required action are not provided, updating OpenSSH to version 9.3p2 or later is recommended to mitigate the risk.
Weakness enumeration
The weakness enumeration for this vulnerability is categorized as CWE-428, which involves an untrustworthy search path in OpenSSH's PKCS#11 feature. It can lead to remote code execution if an agent is forwarded to an attacker-controlled system.
For more details
CVE-2023-38408 is a critical vulnerability in OpenSSH's PKCS#11 feature, affecting versions before 9.3p2. The issue can lead to remote code execution if an agent is forwarded to an attacker-controlled system. For a comprehensive analysis of the vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or the links below.
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
CVE-2023-38408 Report - Details, Severity, & Advisories
Twingate Team
•
Apr 4, 2024
A critical vulnerability, CVE-2023-38408, has been identified in the PKCS#11 feature in ssh-agent in OpenSSH versions before 9.3p2. This vulnerability, with a severity score of 9.8, can lead to remote code execution if an agent is forwarded to an attacker-controlled system. The issue affects a variety of systems, including those running OpenSSH and certain Fedora versions.
How do I know if I'm affected?
If you're using OpenSSH and want to know if you're affected by the vulnerability, check your OpenSSH version. The vulnerability impacts OpenSSH versions before 9.3p2, including OpenBSD OpenSSH versions up to 9.3, 9.3, and 9.3p1. Additionally, Fedora Project Fedora versions 37 and 38 are affected. If your system runs any of these versions, you may be vulnerable to this critical security issue.
What should I do if I'm affected?
If you're affected by the vulnerability, update your OpenSSH to version 9.3p2. To do this, download the update from the OpenSSH website, verify the file using the provided checksums, and install the update. This will help protect your system from potential remote code execution attacks.
Is CVE-2023-38408 in CISA’s Known Exploited Vulnerabilities Catalog?
Yes, it is in CISA's Known Exploited Vulnerabilities Catalog. This critical security issue, related to the PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2, was added to the catalog on July 19, 2023. Although a specific due date and required action are not provided, updating OpenSSH to version 9.3p2 or later is recommended to mitigate the risk.
Weakness enumeration
The weakness enumeration for this vulnerability is categorized as CWE-428, which involves an untrustworthy search path in OpenSSH's PKCS#11 feature. It can lead to remote code execution if an agent is forwarded to an attacker-controlled system.
For more details
CVE-2023-38408 is a critical vulnerability in OpenSSH's PKCS#11 feature, affecting versions before 9.3p2. The issue can lead to remote code execution if an agent is forwarded to an attacker-controlled system. For a comprehensive analysis of the vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or the links below.