The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution (CVE-2023-38408)

🗓️ 07 Nov 2023 00:00:00Reported by Broadcom Security ResponseType

broadcom

broadcom🔗 support.broadcom.com👁 158 Views

PKCS#11 feature in OpenSSH prior to 9.3p2 has insecure search path, allowing remote code executio

Reporter	Title	Published	Views	Family All 327
GithubExploit	Exploit for Unquoted Search Path or Element in Openbsd Openssh	17 Oct 202413:03	–	githubexploit
GithubExploit	Exploit for Unquoted Search Path or Element in Openbsd Openssh	19 Apr 202520:09	–	githubexploit
GithubExploit	Exploit for Unquoted Search Path or Element in Openbsd Openssh	24 Jan 202609:27	–	githubexploit
GithubExploit	Exploit for Uncontrolled Resource Consumption in Discourse	9 Aug 202319:56	–	githubexploit
GithubExploit	Exploit for Unquoted Search Path or Element in Openbsd Openssh	9 Aug 202319:56	–	githubexploit
GithubExploit	ethical-hacking-portfolio	3 May 202612:41	–	githubexploit
GithubExploit	Exploit for Unquoted Search Path or Element in Openbsd Openssh	9 Nov 202304:34	–	githubexploit
GithubExploit	Exploit for Unquoted Search Path or Element in Openbsd Openssh	21 Jul 202301:53	–	githubexploit
IBM Security Bulletins	Security Bulletin: Vulnerability in OpenSSH affects IBM Integrated Analytics System (Sailfish)[CVE-2023-38408]	11 Sep 202311:31	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cloud Pak for Network Automation 2.6.3 fixes multiple security vulnerabilities	1 Nov 202310:38	–	ibm

07 Nov 2023 19:09Current

9.3High risk

Vulners AI Score9.3

CVSS 3.19.8

EPSS0.76768

pkcs#11 openssh insecure search path remote code execution cve-2023-38408 incomplete fix