Published On: Oct 07, 2024 14:49
Advisory No: TZCERT-SA-24-0029
Source: IBM
Software Affected: OpenSSH
Multiple IBM products are vulnerable to a critical vulnerability. A remote attacker can exploit the vulnerability to execute arbitrary code.
Multiple IBM products depending on OpenSSH are affected by a critical vulnerability with CVSS base scores of 9.8 and tracked as CVE-2023-51385. The vulnerability is a result of improper validation of shell metacharacters. The attacker can exploit this vulnerability by sending a specially crafted request using expansion tokens, and therefore be able to execute arbitrary commands on the system.
Successful exploitation of this vulnerability may allow the attacker to take control of the affected system.
IBM has released security patches for this vulnerability. Users and administrators are encouraged to apply necessary updates.
A digest of Tanzania Computer Emergency Response Team coverage of cyber-security news across the globe.
