CVE-2023-51384
Summary
| CVE | CVE-2023-51384 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-12-18 19:15:08 UTC |
| Updated | 2026-05-12 12:16:14 UTC |
| Description | In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multiple keys. |
Risk And Classification
Primary CVSS: v3.1 5.5 MEDIUM from [email protected]
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Problem Types: NVD-CWE-noinfo | n/a
CVSS v3.1 Breakdown
Attack Vector
LocalAttack Complexity
LowPrivileges Required
LowUser Interaction
NoneScope
UnchangedConfidentiality
HighIntegrity
NoneAvailability
NoneCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Debian | Debian Linux | 11.0 | All | All | All |
| Operating System | Debian | Debian Linux | 12.0 | All | All | All |
| Application | Openbsd | Openssh | All | All | All | All |
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Na | N/a | affected n/a | Not specified |
| ADP | Siemens | SIMATIC S7-1500 CPU 1518-4 PN/DP MFP | affected V3.1.5 * custom | Not specified |
| ADP | Siemens | SIMATIC S7-1500 CPU 1518-4 PN/DP MFP | affected V3.1.5 * custom | Not specified |
| ADP | Siemens | SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP | affected V3.1.5 * custom | Not specified |
| ADP | Siemens | SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP | affected V3.1.5 * custom | Not specified |
| ADP | Siemens | SIPLUS S7-1500 CPU 1518-4 PN/DP MFP | affected V3.1.5 * custom | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| security.netapp.com/advisory/ntap-20240105-0005 | af854a3a-2127-422b-91ae-364da2661108 | security.netapp.com | Third Party Advisory |
| seclists.org/fulldisclosure/2024/Mar/21 | af854a3a-2127-422b-91ae-364da2661108 | seclists.org | Mailing List, Third Party Advisory |
| Debian -- Security Information -- DSA-5586-1 openssh | af854a3a-2127-422b-91ae-364da2661108 | www.debian.org | Third Party Advisory |
| cert-portal.siemens.com/productcert/html/ssa-082556.html | 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e | cert-portal.siemens.com | |
| upstream: apply destination constraints to all p11 keys · openssh/openssh-portable@881d9c6 · GitHub | af854a3a-2127-422b-91ae-364da2661108 | github.com | Patch, Third Party Advisory |
| www.openwall.com/lists/oss-security/2023/12/18/2 | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List, Release Notes |
| cert-portal.siemens.com/productcert/html/ssa-769027.html | 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e | cert-portal.siemens.com | |
| cert-portal.siemens.com/productcert/html/ssa-794697.html | 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e | cert-portal.siemens.com | |
| www.openssh.com/txt/release-9.6 | af854a3a-2127-422b-91ae-364da2661108 | www.openssh.com | Release Notes |
| support.apple.com/kb/HT214084 | af854a3a-2127-422b-91ae-364da2661108 | support.apple.com | Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 200022 Ubuntu Security Notification for OpenSSH Vulnerabilities (USN-6565-1)
- 296108 Oracle Solaris 11.4 Support Repository Update (SRU) 66.164.1 Missing (CPUJAN2024)
- 330166 IBM Advanced Interactive eXecutive (AIX) Multiple Vulnerabilities (openssh_advisory16)
- 379478 Apple macOS Sonoma 14.4 Not Installed (HT214084)
- 510681 Alpine Linux Security Update for openssh
- 510754 Alpine Linux Security Update for openssh
- 6000398 Debian Security Update for openssh (DSA 5586-1)