9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.028 Low
EPSS
Percentile
90.6%
Problem Description:
The server may cause ssh-agent to load shared libraries other than
those required for PKCS#11 support. These shared libraries may have
side effects that occur on load and unload (dlopen and dlclose).
Impact:
An attacker with access to a server that accepts a forwarded
ssh-agent connection may be able to execute code on the machine running
ssh-agent. Note that the attack relies on properties of operating
system-provided libraries. This has been demonstrated on other
operating systems; it is unknown whether this attack is possible using
the libraries provided by a FreeBSD installation.
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.028 Low
EPSS
Percentile
90.6%