CVE-2023-38408

EPSS 64.35% · P98 Updated Feb 26, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2023-38408

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

OpenSSH 代码问题漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

OpenSSH（OpenBSD Secure Shell）是加拿大OpenBSD计划组的一套用于安全访问远程计算机的连接工具。该工具是SSH协议的开源实现，支持对所有的传输进行加密，可有效阻止窃听、连接劫持以及其他网络级的攻击。 OpenSSH 9.3p2之前版本存在安全漏洞，该漏洞源于ssh-agent的PKCS11功能存在安全问题。攻击者可利用该漏洞执行远程代码。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2023-38408

#	POC Description	Source Link	Shenlong Link
1	CVE-2023-38408 Remote Code Execution in OpenSSH's forwarded ssh-agent	https://github.com/snowcra5h/CVE-2023-38408	POC Details
2	PoC for the recent critical vuln affecting OpenSSH versions < 9.3p2	https://github.com/kali-mx/CVE-2023-38408	POC Details
3	Takeover Account OpenSSH	https://github.com/LucasPDiniz/CVE-2023-38408	POC Details
4	CVE-2023-38408 Remote Code Execution in OpenSSH's forwarded ssh-agent	https://github.com/classic130/CVE-2023-38408	POC Details
5	None	https://github.com/wxrdnx/CVE-2023-38408	POC Details
6	Script para eliminar vulnerabilidad de openssh de ubuntu 22.04 LTS	https://github.com/mrtacojr/CVE-2023-38408	POC Details
7	None	https://github.com/0xxnum/CVE-2023-38408	POC Details
8	Vulnerability Overview CVE-2023-38408 affects OpenSSH versions < 9.3p2 and stems from improper validation of data when SSH agent forwarding is enabled. When users connect to a remote server with ssh -A, they allow the agent on their local machine to be used for authentication to further systems	https://github.com/fazilbaig1/cve_2023_38408_scanner	POC Details
9	None	https://github.com/Nick-Morbid/cve-2023-38408	POC Details
10	CVE-2023-38408 SSH Vulnerability Scanner & PoC	https://github.com/TX-One/CVE-2023-38408	POC Details
11	An in-depth analysis of CVE 2023 38408, a critical OpenSSH vulnerability, including technical background, exploitation in controlled environments, and mitigation strategies.	https://github.com/Adel2411/cve-2023-38408	POC Details
12	None	https://github.com/xitexploiter96-dot/CVE-2023-38408	POC Details
13	None	https://github.com/jakovtodorovic/openSSH-agent-forwarding-vulnerability-analysis-CVE-2023-38408	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2023-38408

请登录查看更多情报信息。

Same Patch Batch · n/a · 2023-07-20 · 24 CVEs total

CVE-2023-30200	7.5 HIGH	PrestaShop 路径遍历漏洞
CVE-2023-3800	3.9 LOW	EasyAdmin8 File Upload Module index.html unrestricted upload
CVE-2023-3783	3.5 LOW	Webile HTTP POST Request cross site scripting
CVE-2023-37645		EyouCms 安全漏洞
CVE-2020-24275		Swoole 注入漏洞
CVE-2021-39425		SeedDMS 输入验证错误漏洞
CVE-2023-31753		eNdonesia SQL注入漏洞
CVE-2023-34625		ShowMojo MojoBox Digital Lockbox 安全漏洞
CVE-2023-37649		Cockpit CMS 安全漏洞
CVE-2023-37650		Cockpit CMS 跨站请求伪造漏洞
CVE-2021-45094		Imprivata Privileged Access Management 跨站脚本漏洞
CVE-2023-31461		SteelSeries GG 路径遍历漏洞
CVE-2023-31462		SteelSeries GG 安全漏洞
CVE-2023-37728		Icewarp Icearp 跨站脚本漏洞
CVE-2023-38334		Omnis Studio 安全漏洞
CVE-2023-38335		Omnis Studio 安全漏洞
CVE-2023-37164		Diafan CMS 跨站脚本漏洞
CVE-2023-37165		Millhouse-Project SQL注入漏洞
CVE-2023-37600		MobiSystems Office Suite Premium 跨站脚本漏洞
CVE-2023-37601		MobiSystems Office Suite Premium 路径遍历漏洞

Showing top 20 of 24 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2023-38408

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2023-38408

I. Basic Information for CVE-2023-38408

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2023-38408

III. Intelligence Information for CVE-2023-38408

Same Patch Batch · n/a · 2023-07-20 · 24 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2023-38408

Leave a comment