A critical vulnerability, tracked as CVE-2023-38408, has been discovered in OpenSSH’s ssh-agent, specifically affecting the agent’s forwarding feature. This vulnerability allows for remote code execution (RCE), potentially enabling attackers to execute arbitrary commands on a vulnerable system. At least 700,000 OpenSSH servers are known to be at risk.
“This vulnerability, if exploited, could lead to full system compromise where an attacker can execute arbitrary code with the highest privileges, resulting in complete system takeover, installation of malware, data manipulation and the creation of backdoors for persistent access.” – Bharat Jogi, Senior Director, Threat Research Unit, Qualys.
Security Now Podcast discussion by Steve Gibson on the OpenSSH vulnerability
Discover and share the latest cybersecurity trends, tips and best practices – alongside new threats to watch out for.
Stop tricking employees. Start training them. Take Control of Your Security Awareness Training with a Platform...
Read moreA recent discovery by cybersecurity firm Oligo Security has unveiled a series of critical vulnerabilities in...
Read moreGet sharper eyes on human risks, with the positive approach that beats traditional phish testing.