Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2016-10009 — Untrusted Search Path in Openssh
Severity
7.3HIGHNVD
EPSS
1.6%
top 18.40%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
Timeline
PublishedJan 5
Latest updateJul 19
Description
Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 3.9 | Impact: 3.4
Affected Packages4 packages
Patches
🔴Vulnerability Details
4💥Exploits & PoCs
1📋Vendor Advisories
8Microsoft▶
The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code↗2023-07-11
Palo Alto▶
PAN-SA-2020-0004 Informational: Third-party or open source vulnerabilities that do not affect PAN-OS↗2020-05-13
Apple▶
CVE-2016-10009: macOS Sierra 10.12.4, Security Update 2017-001 El Capitan, and Security Update 2017-001 Yosemite↗2017-03-27