- 175/2023
- High
OpenSSH released a security update to fix a vulnerability affecting all versions of OpenSSH before 9.3p2.
The addressed vulnerability could allow the remote attacker to execute arbitrary code on the affected system by sending specially crafted requests.
OpenSSH Code Execution Vulnerability (CVE-2023-38408):
- CVSS: 8.1
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
It should be highlighted that security researchers have confirmed that it was able to devise a successful proof-of-concept (PoC) against default installations of Ubuntu Desktop 22.04 and 21.10, although other Linux distributions are expected to be vulnerable as well.
Vulnerabilities
CVE-2023-38408
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed and should check with its vendors for updates if any.