Black Arrow Cyber Advisory 20 July 2023 – OpenSSH Remote Code Execution Vulnerability
Executive Summary
A remote code execution vulnerability has been discovered in OpenSSH’s forwarded ssh-agent. This vulnerability could potentially enable a remote attacker to execute arbitrary commands on a vulnerable system. Whilst this vulnerability has currently not been given a CVSS rating it is embedded in to a significant amount of systems and devices. A proof of concept (PoC) has also been made public by Qualys Threat Research Unit.
Technical Summary
CVE-2023-38408 – Successful exploitation of this vulnerability allows a remote attacker to execute commands on vulnerable OpenSSH forwarded ssh-agents.
What’s the risk to me or my business?
Successful exploitation of this vulnerability can compromise the confidentiality, integrity, and availability of the data in your organisation. This can result in a malicious actor gaining unauthorised access to sensitive data, manipulation, or deletion of important information, or even a complete system takeover. The publicly released PoC exploits focus on Ubuntu Desktop 22.04 and 21.10, however Qualys Threat Research Unit have advised other Linux distributions are “likely vulnerable and probably exploitable”.
the patch for this vulnerability is available in OpenSSH 9.3p2.
What can I do?
Given the widespread use of OpenSSH's forwarded ssh-agent in devices, software and applications, it is important prioritise the application of patches provided by OpenSSH for this vulnerability. Black Arrow recommends performing vulnerability scanning to identify any devices and software that have been impacted by this vulnerability.
More information on the OpenSSH vulnerability can be found here:
An in-depth breakdown of the vulnerability can be found here:
https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt
Need help understanding your gaps, or just want some advice? Get in touch with us.
#threatadvisory #threatintelligence #cybersecurity