CVE-2023-38408
Description
The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.
NVD
Severity: CRITICAL
CVE ID: CVE-2023-38408
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Proof Of Concept
kali-mx
PoC for the recent critical vuln affecting OpenSSH versions < 9.3p2
Refrence: GitHub
LucasPDiniz
Takeover Account OpenSSH
Refrence: GitHub
classic130
CVE-2023-38408 Remote Code Execution in OpenSSH's forwarded ssh-agent
Refrence: GitHub
wxrdnx
Refrence: GitHub