New OpenSSH Vulnerability Exposes Linux Systems to Remote Command Injection


Information has been available on a now-patched OpenSSH vulnerability that, in certain circumstances, might be used to remotely execute arbitrary commands on affected computers. The forwarded ssh-agent in vulnerable OpenSSH might possibly be used by a remote attacker to execute arbitrary instructions, according to an investigation published last week by Saeed Abbasi, manager of vulnerability research at Qualys.

With a CVSS score of N/A, the vulnerability is being tracked as CVE-2023-38408. All OpenSSH versions prior to 9.3p2 are affected.x000D With the SSH protocol, OpenSSH is a well-liked connectivity tool for remote login that encrypts all traffic to prevent listening in, connection hijacking, and other assaults.

Read More…