7.3 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
7.6 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.102 Low
EPSS
Percentile
94.8%
Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket.
CPE | Name | Operator | Version |
---|---|---|---|
openbsd:openssh | openbsd openssh | le | 7.3 |
packetstormsecurity.com/files/140261/OpenSSH-Arbitrary-Library-Loading.html
packetstormsecurity.com/files/173661/OpenSSH-Forwarded-SSH-Agent-Remote-Code-Execution.html
seclists.org/fulldisclosure/2023/Jul/31
www.openwall.com/lists/oss-security/2016/12/19/2
www.openwall.com/lists/oss-security/2023/07/19/9
www.openwall.com/lists/oss-security/2023/07/20/1
www.securityfocus.com/bid/94968
www.securitytracker.com/id/1037490
www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.647637
access.redhat.com/errata/RHSA-2017:2029
bugs.chromium.org/p/project-zero/issues/detail?id=1009
cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
github.com/openbsd/src/commit/9476ce1dd37d3c3218d5640b74c34c65e5f4efe5
lists.debian.org/debian-lts-announce/2018/09/msg00010.html
security.FreeBSD.org/advisories/FreeBSD-SA-17:01.openssh.asc
security.netapp.com/advisory/ntap-20171130-0002/
support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03818en_us
usn.ubuntu.com/3538-1/
www.exploit-db.com/exploits/40963/
www.openssh.com/txt/release-7.4
More
7.3 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
7.6 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.102 Low
EPSS
Percentile
94.8%