A large number of OpenSSH servers are reportedly affected by the newly discovered vulnerability. This vulnerability is said to be a regression of a previously patched vulnerability that has reappeared. According to the report, more than 14 million servers were found to be at risk, and especially those with versions older than 4.4p1 may be affected by this vulnerability called regreSSHion. This regression was reportedly introduced in October 2020 (OpenSSH 8.5p1). The vulnerability is marked and tracked as CVE-2024-6387.
Researchers identify major OpenSSH vulnerability
Cybersecurity firm Qualys, which discovered the vulnerability, said in a post that CVE-2024-6387 is a remote unauthenticated code execution (RCE) vulnerability in the OpenSSH server (sshd). OpenSSH, also known as OpenBSD Secure Shell (SSH), is a set of tools that facilitate secure communication over the network. It is a widely implemented SSH protocol that provides a secure encrypted channel over an unprotected network. The system is used for both internal networks and the Internet.
During the investigation, the cybersecurity firm reportedly found more than 14 million potentially vulnerable instances of OpenSSH servers that were exposed to the Internet. Among them were reportedly 7,00,000 external Internet-facing instances that were vulnerable to this condition. This large number of exposed servers highlights the scale of risk these systems face.
According to the report, the current vulnerability is a regression of a previously patched vulnerability from 2006 called CVE-2006-5051, which is why it is also called regreSSHion. An attacker could hypothetically execute arbitrary code with the highest privileges and compromise the entire system due to this vulnerability. Further threat actors can also bypass critical security mechanisms to gain root access to the affected server.
However, Qualys also pointed out that this vulnerability is not easy to exploit because it is a distant race condition and will likely require multiple breach attempts before an attack results in success.
The cybersecurity firm recommended that companies using OpenSSH apply the available patches as soon as possible and prioritize the ongoing update process. Enterprises are also required to restrict SSH access through network controls to reduce the risks of attacks.
For the latest tech news and reviews, follow Gadgets 360 at x, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and technology, subscribe to our YouTube channel. If you want to know all about top influencers, follow our in-house Who’sThat360 on Instagram and YouTube.
Mudrex, KoinX’s crypto tax processing partner for users in India
