CVE-2023-28531
Summary
| CVE | CVE-2023-28531 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-03-17 04:15:14 UTC |
| Updated | 2026-05-12 11:16:12 UTC |
| Description | ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9. |
Risk And Classification
Primary CVSS: v3.1 9.8 CRITICAL from [email protected]
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Problem Types: NVD-CWE-noinfo | n/a
CVSS v3.1 Breakdown
Attack Vector
NetworkAttack Complexity
LowPrivileges Required
NoneUser Interaction
NoneScope
UnchangedConfidentiality
HighIntegrity
HighAvailability
HighCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Netapp | Brocade Fabric Operating System | - | All | All | All |
| Operating System | Netapp | Hci Bootstrap Os | - | All | All | All |
| Operating System | Netapp | Solidfire Element Os | - | All | All | All |
| Application | Openbsd | Openssh | All | All | All | All |
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Na | N/a | affected n/a | Not specified |
| ADP | Siemens | SIMATIC S7-1500 CPU 1518-4 PN/DP MFP | affected V3.1.5 * custom | Not specified |
| ADP | Siemens | SIMATIC S7-1500 CPU 1518-4 PN/DP MFP | affected V3.1.5 * custom | Not specified |
| ADP | Siemens | SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP | affected V3.1.5 * custom | Not specified |
| ADP | Siemens | SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP | affected V3.1.5 * custom | Not specified |
| ADP | Siemens | SIPLUS S7-1500 CPU 1518-4 PN/DP MFP | affected V3.1.5 * custom | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| oss-security - Announce: OpenSSH 9.3 released | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List, Release Notes |
| Debian -- Security Information -- DSA-5586-1 openssh | af854a3a-2127-422b-91ae-364da2661108 | www.debian.org | |
| cert-portal.siemens.com/productcert/html/ssa-082556.html | 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e | cert-portal.siemens.com | |
| CVE-2023-28531 OpenSSH Vulnerability in NetApp Products | NetApp Product Security | af854a3a-2127-422b-91ae-364da2661108 | security.netapp.com | Third Party Advisory |
| lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/mess... | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | |
| lists.fedoraproject.org/archives/list/[email protected]/messag... | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | |
| OpenSSH: Remote Code Execution (GLSA 202307-01) — Gentoo security | af854a3a-2127-422b-91ae-364da2661108 | security.gentoo.org | Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 200018 Ubuntu Security Notification for OpenSSH Vulnerabilities (USN-6560-1)
- 284912 Fedora Security Update for openssh (FEDORA-2024-2aac54ebb7)
- 38896 OpenSSH Sensitive Information Disclosure Vulnerability
- 503011 Alpine Linux Security Update for openssh
- 503013 Alpine Linux Security Update for openssh
- 6000398 Debian Security Update for openssh (DSA 5586-1)
- 710742 Gentoo Linux OpenSSH Remote Code Execution (RCE) Vulnerability (GLSA 202307-01)
- 907002 Common Base Linux Mariner (CBL-Mariner) Security Update for openssh (25670-1)