Dive Brief:
- At least 700,000 OpenSSH servers are at risk of exploit from a remote code execution vulnerability, CVE-2024-6387, Qualys said Monday. Researchers at Qualys, which discovered the vulnerability, dubbed it “regreSSHion.”
- Though Qualys researchers have not yet scored the CVE, they describe it as critical, presenting a significant security risk. The signal handler race condition in OpenSSH’s server allows unauthenticated remote code execution as root on glibc-based Linux systems.
- “This vulnerability, if exploited, could lead to full system compromise where an attacker can execute arbitrary code with the highest privileges, resulting in complete system takeover, installation of malware, data manipulation and the creation of backdoors for persistent access,” Bharat Jogi, senior director of Qualys threat research unit, said in the report.
Dive Insight:
OpenSSH, a collection of network security functions based on the secure shell protocol, supports multiple encryption technologies that secure communications, automated processes and file transfers.
The vulnerability, which is a regression of previously patched vulnerability CVE-2006-5051, affects OpenSSH version 8.5p1 up to 9.7p1, according to Qualys. The latest available update for OpenSSH server, version 9.8p1, fixes the vulnerability.
Qualys encourages enterprises to mitigate risk by quickly applying the latest version of the software and limiting access through network-based controls. Threat researchers also published technical details of the vulnerability on Monday.
The vulnerability likely exists in macOS and Windows, but researchers haven’t confirmed exploitability on those systems.
Exploits of CVE-2024-6387 “could facilitate network propagation, allowing attackers to use a compromised system as a foothold to traverse and exploit other vulnerable systems within the organization,” Jogi said in the report. “Moreover, gaining root access would enable attackers to bypass critical security mechanisms such as firewalls, intrusion detection systems, and logging mechanisms, further obscuring their activities.”