OpenSSH ssh-agent PKCS#11 Remote Code Execution via Agent Forwarding
CVE-2023-38408 is a remote code execution vulnerability in the PKCS#11 provider-loading feature of ssh-agent in OpenSSH versions before 9.3p2. The flaw is caused by an insufficiently trustworthy library search path when ssh-agent is induced to load PKCS#11 modules, allowing libraries from locations such as /usr/lib to be loaded even though they are not necessarily safe in this context. Exploitation is possible when a victim forwards their ssh-agent connection to an attacker-controlled system, which can then interact with the forwarded agent and trigger loading of attacker-selected libraries or provider chains from the victim host. The issue is noted as stemming from an incomplete fix for CVE-2016-10009.
Are you exposed to this one?
Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.
Impact, mitigation & remediation
What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.
Impact
What an attacker gets, and what they’ve been doing with it.
Mitigation
If you can’t patch tonight, do this now.
Remediation
Patch, then assume compromise.
Exploits
3 valid exploits after Mallory filtered fakes, detection scripts, and README-only repos (6 hidden).
This repository is a Python-based SSH user-enumeration research and detection project rather than a single weaponized exploit. Its offensive capability is network-based probing of SSH services to determine whether usernames can be distinguished through authentication behavior, timing differences, or tool-assisted enumeration. The main orchestrator is run_investigation.py, which executes a multi-stage pipeline: raw SSH banner grabbing and version parsing, repeated Paramiko authentication attempts against candidate usernames, statistical timing analysis for CVE-2016-6210-style leakage, and auth.log-based detection engineering. Repository structure is split cleanly into attack_tools and detection_tools. attack_tools/banner_fingerprinter.py opens a raw TCP socket to the SSH port, captures the pre-auth banner, extracts implementation/version/OS hints, and maps versions against a small local CVE registry including CVE-2016-6210, CVE-2023-38408, and CVE-2024-6387. attack_tools/manual_ssh.py is the core probing component: it uses Paramiko to attempt password authentication for each username, records elapsed time until AuthenticationException or connection failure, caches the remote SSH banner, and saves structured JSON results. attack_tools/hydra_automation.py and attack_tools/metasploit_scanner.py are wrappers around external tools; they automate Hydra and Metasploit auxiliary/scanner/ssh/ssh_enumuser respectively, parse outputs, and save findings. The detection side is substantial. detection_tools/log_parser.py parses SSH-related auth.log events such as failed password, invalid user, accepted login, and disconnects. detection_tools/pattern_detector.py identifies rapid username cycling from one IP, wordlist correlation, evenly spaced attempts suggesting automation, and distributed probing of the same username from multiple IPs. detection_tools/response_analyzer.py performs Welch’s t-test and Cohen’s d calculations to decide whether valid and invalid usernames are distinguishable by timing. alerting_system.py formats alerts. The repository also includes notebooks for exploratory analysis, wordlists of common usernames, saved JSON outputs from prior runs, and unit tests. Main exploit capabilities: (1) unauthenticated SSH banner fingerprinting over TCP/22; (2) repeated password-auth attempts against many usernames to test for enumeration leakage; (3) optional automation of Hydra and Metasploit enumeration workflows; (4) statistical determination of whether timing differences imply username existence; and (5) post-event detection/reporting from SSH logs. There is no custom RCE payload or shell delivery. The practical result is reconnaissance and validation of SSH username enumeration exposure, plus defender-focused detection artifacts. Based on the included results, the tested OpenSSH 8.9p1 target did not appear vulnerable to timing-based username enumeration, though its banner exposed version information and matched CVE ranges in the local triage registry.
Repository contains a single bash script (2023-38408.sh) implementing an operational PoC for CVE-2023-38408 targeting OpenSSH ssh-agent behavior. The script is highly interactive and appears tailored to a CTF/lab flow (prompts for a 'ROOM IP', provides fixed SSH credentials, and waits for operator input). Core behavior: - Preps environment by deleting /tmp/ssh* and then locating an ssh-agent socket via /tmp/ssh-*/agent.* and exporting it as SSH_AUTH_SOCK. - Uses ssh-add -s with multiple library/provider paths (e.g., /usr/lib/systemd/boot/efi/linuxx64.elf.stub and several .so files), consistent with abusing ssh-agent PKCS#11/provider loading paths implicated in CVE-2023-38408 exploitation chains. - Constructs a large payload using perl (NOP sled + header) concatenated with embedded x86_64 shellcode, and sends it directly to the ssh-agent UNIX socket using netcat (nc -U $SSH_AUTH_SOCK). - The embedded shellcode is intended to spawn a bind shell; the script instructs connecting to nc localhost 31337. Notable additional capability: - Appends a hardcoded SSH public key to /root/.ssh/authorized_keys on the machine running the script, which is a persistence/backdoor action unrelated to pure PoC demonstration and should be treated as malicious behavior if run outside a controlled lab. Structure: - Single file, no supporting modules. Entry point is the bash script itself. The script mixes bash, perl one-liner payload generation, ssh-add invocations, and UNIX-socket communication to the agent.
This repository contains a Bash proof-of-concept exploit for CVE-2023-38408, a remote code execution vulnerability in OpenSSH's ssh-agent forwarding (affecting versions prior to 9.3p2). The exploit is tailored for the TryHackMe lab environment and automates the attack process. The main script, 'CVE-2023-38408.sh', guides the user through setting up the attack, including SSH access to the victim, manipulation of ssh-agent sockets, and sideloading of malicious libraries. It delivers custom x86_64 shellcode to the victim's ssh-agent via a Unix socket, ultimately opening a bind shell on port 31337. The script interacts with several system files and libraries, and requires the attacker to have SSH credentials for the victim. The README provides context and usage notes, emphasizing that the exploit is intended for educational use within the TryHackMe environment. No external network endpoints or domains are hardcoded; all targeting is local to the victim and attacker machines within the lab.
Affected products & vendors
Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.
Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.
Recent activity
15 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
A remote code execution vulnerability in OpenSSH's forwarded ssh-agent mentioned only in related content.
A critical remote code execution vulnerability in OpenSSH agent via agent forwarding, cited as a plausible initial access vector for the compromised Spanish server hosting the final payload.
A critical remote code execution vulnerability in OpenSSH ssh-agent (PKCS#11 feature) caused by an unreliable/unquoted search path, exploitable when SSH agent forwarding is used to an attacker-controlled system.
Critical remote code execution vulnerability in OpenSSH ssh-agent’s PKCS#11 feature (pre-9.3p2) due to an unreliable search path when agent forwarding to an attacker-controlled system, impacting Moxa industrial Ethernet switches that embed the vulnerable OpenSSH component.
The version that knows your environment.
Query your assets running an affected version, and investigate the blast radius.
Every observed campaign linking this CVE to a named adversary.
Malware families riding this exploit, with evidence and IOCs.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Cross-references every affected SKU, including bundled OEM variants.
Community discussion across Reddit, Mastodon, and other social sources.