Main Vulnerability Database Vulnerabilities #VU84538

#VU84538 OS Command Injection in OpenSSH - CVE-2023-6004

Published: December 19, 2023

Vulnerability identifier: #VU84538

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2023-6004

CWE-ID: CWE-78

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
OpenSSH

Software vendor:
OpenSSH

Description

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation in OpenSSH client. If an invalid user or hostname that contained shell metacharacters was passed to ssh(1), and a ProxyCommand, LocalCommand directive or "match exec" predicate referenced the user or hostname via %u, %h or similar expansion token, then an attacker who could supply arbitrary user/hostnames to ssh(1) could potentially perform command injection depending on what quoting was present in the user-supplied ssh_config(5) directive.

Remediation

Install updates from vendor's website.

External links

https://www.openssh.com/releasenotes.html#9.6p1

#VU84538 OS Command Injection in OpenSSH - CVE-2023-6004

Description

Remediation

External links

Please verify you're human