Context over chaos. Disconnected technologies, siloed data, and reactive processes can only get you so far. Protecting businesses in today’s threat landscape demands more than a set of security tools – it requires context.
That's where Avertium comes in
Security. It’s in our DNA. It’s elemental, foundational. Something that an always-on, everything’s-IoT-connected world depends on.
Helping mid-to-enterprise organizations protect assets and manage risk is our only business. Our mission is to make our customers’ world a safer place so that they may thrive in an always-on, connected world.
Best-in-class technology from our partners... backed by service excellence from Avertium.
Interested in becoming a partner?
With Avertium's deal registration, partners can efficiently and confidently connect with Avertium on opportunities to protect your deals.
Microsoft Copilot for Security analyzes and synthesizes high volumes of security data which can help healthcare cybersecurity teams do more with less.
Dive into our resource hub and explore top
cybersecurity topics along with what we do
and what we can do for you.
overview
A vulnerability was found (CVE-2023-38408) in OpenSSH, the widely used secure networking suite for encrypted data transfer and remote logins. Exploiting the vulnerability will allow attackers to execute code remotely using simple commands.
CVE-2023-38408 stems from the widely used ssh-agent helper program, which holds users' private keys for SSH public key authentication. Enabling 'ssh-agent forwarding' allows remote servers to access the ssh-agent, facilitating the use of local SSH keys without storing them on the server.
Researchers from Qualys discovered that when a forwarded agent is set up with default settings and PKCS11 enabled, threat actors connected to the same remote server can manipulate shared libraries on the victim's machine, achieving one-shot, remote code execution (RCE). This technique involves combining just four side effects of loading and unloading common shared libraries.
Once RCE is achieved, attackers can install malware, execute data breaches, or gain complete control of the victim's system. It is important to note that exploitation relies on specific libraries being present on the victim's system and requires ssh-agent forwarding to a compromised network controlled by the attacker to achieve remote access.
The vulnerability affects default installations of Ubuntu Desktop 22.04 and 21.10, and other Linux distributions or operating systems could also be at risk if left unpatched. Vulnerable OpenSSH releases include versions:
OpenSSH has addressed this vulnerability in version 1:9.3p2-1. All users should apply the appropriate updates to their installations as soon as possible to protect against potential attacks.
INDICATORS OF COMPROMISE (IoCs)
SUPPORTING DOCUMENTATION
CVE-2023-38408: Remote Code Execution in OpenSSH’s forwarded ssh-agent | Qualys Security Blog
OpenSSH vulnerability uncovered by researchers, RCE exploit developed | ITPro
New OpenSSH Vulnerability Exposes Linux Systems to Remote Command Injection (thehackernews.com)
qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt