Lucene search

K
redhatRedHatRHSA-2024:0594
HistoryJan 30, 2024 - 1:40 p.m.

(RHSA-2024:0594) Moderate: openssh security update

2024-01-3013:40:59
access.redhat.com
30
openssh
ssh protocol
linux
unix
security update
binary packet protocol
command injection
cve-2023-48795
cve-2023-51385
cvss score
references section

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

AI Score

7.9

Confidence

High

EPSS

0.965

Percentile

99.6%

OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server.

Security Fix(es):

  • ssh: Prefix truncation attack on Binary Packet Protocol (BPP) (CVE-2023-48795)

  • openssh: potential command injection via shell metacharacters (CVE-2023-51385)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

AI Score

7.9

Confidence

High

EPSS

0.965

Percentile

99.6%