CVE-2016-10009

Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket.

Published : 2017-01-05 02:59 Updated : 2018-09-11 10:29

7.5
CVSS Score More info
Score 7.5 / 10
7.5
Vendor Product Version URI
Openbsd Openssh 7.3 cpe:/a:openbsd:openssh:7.3
  1. Openbsd (1) Search CVE
    1. Openssh (1) Search CVE
      1. 7.3

CWE

ID Name Description Links
CWE-426 Untrusted Search Path The application searches for critical resources using an externally-supplied search path that can point to resources that are not under the application's direct control. CVE