Technology News

OpenSSH Vulnerability regreSSHion Identified, More Than 14 Million Servers at Risk: Report

As per the report, the OpenSSH vulnerability is a regression of the previously patched vulnerability CVE-2006-5051.

Written by Akash Dutta, Edited by Siddharth Suvarna | Updated: 2 July 2024 16:11 IST
OpenSSH Vulnerability regreSSHion Identified, More Than 14 Million Servers at Risk: Report

Photo Credit: Reuters

OpenBSD systems are reportedly unaffected by this bug

Highlights
  • It is reportedly a RCE vulnerability in OpenSSH’s server
  • The vulnerability has been labelled as CVE-2024-6387
  • OpenSSH versions earlier than 4.4p1 are vulnerable to this condition
Advertisement

OpenSSH servers in large numbers are reportedly affected by a newly discovered vulnerability. This vulnerability is said to be a regression of a previously patched vulnerability that has resurfaced. As per the report, more than 14 million servers were found to be at risk, particularly those with versions earlier than 4.4p1 can be affected by this vulnerability dubbed regreSSHion. This regression was reportedly introduced in October 2020 (OpenSSH 8.5p1). The vulnerability has been labelled and is being tracked as CVE-2024-6387.

Researchers identify major OpenSSH vulnerability

Cybersecurity firm Qualys, which discovered the vulnerability, said in a post that CVE-2024-6387 is a remote unauthenticated code execution (RCE) vulnerability in OpenSSH's server (sshd). OpenSSH, also referred to as OpenBSD Secure Shell (SSH), is a suite of tools that facilitate secure communication over a network. It is a widely implemented SSH protocol that provides a safe encrypted channel over an unsecured network. The system is used for both internal networks as well as over the Internet.

During the investigation, the cybersecurity firm reportedly found more than 14 million potentially vulnerable OpenSSH server instances that were exposed to the Internet. Among them, there were reportedly 7,00,000 external internet-facing instances that were vulnerable to the condition. This high number of exposed servers highlights the scale of risk these systems face.

As per the report, the current vulnerability is a regression of a previously patched vulnerability from 2006 dubbed CVE-2006-5051, which is why it is also being called regreSSHion. An attacker can hypothetically execute arbitrary code with the highest privileges and compromise the entire system due to this vulnerability. Further threat actors can also bypass critical security mechanisms to gain root access to the impacted server.

However, Qualys also pointed out that this vulnerability is not easy to exploit due to it being a remote race condition, and it will likely require multiple break-in attempts before an attack results in success.

The cybersecurity firm recommended enterprises using OpenSSH to apply available patches as soon as possible and to prioritise the ongoing update process. Enterprises are also asked to limit SSH access through network-based controls to minimise the attack risks.

Is the Samsung Galaxy Z Flip 5 the best foldable phone you can buy in India right now? We discuss the company's new clamshell-style foldable handset on the latest episode of Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.
Affiliate links may be automatically generated - see our ethics statement for details.
Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: OpenSSH, Cybersecurity, OpenSSH Vulnerability, CVE
Akash Dutta
Akash Dutta
Akash Dutta is a Senior Sub Editor at Gadgets 360. He is particularly interested in the social impact of technological developments and loves reading about emerging fields such as AI, metaverse, and fediverse. In his free time, he can be seen supporting his favourite football club - Chelsea, watching movies and anime, and sharing passionate opinions on food. More
Mudrex, KoinX Partner to Process Crypto Taxes for Users in India
OpenSSH Vulnerability regreSSHion Identified, More Than 14 Million Servers at Risk: Report
Comment
Share on Facebook Gadgets360 Twitter Share Tweet Snapchat Share Reddit Comment google-newsGoogle News
 
 

Advertisement

Featured
Follow Us
Latest Videos
More Videos
Tech News in Hindi
More Technology News in Hindi
Popular on Gadgets
Latest Gadgets
Popular Mobile Brands
#Trending Stories
  1. Amazon Prime Day Sale 2024 Dates Announced: Here's What to Know
  2. Google Pixel 9 Seen in a Pink Colour Option in Leaked Video
  3. Oppo Reno 12 5G Series India Launch Date Tipped
  4. Samsung Galaxy Watch 7, Galaxy Watch Ultra Price, Specifications Leaked
  5. iQoo Z9 Lite 5G Design Revealed; to Launch in India on This Date
  6. Indian Bike Driving 3D Cheat Codes May 2024 List
  7. Fujifilm Instax Mini SE Launched in India: See Price, Availability
  8. Realme GT 6 to Launch in China on July 9; Rear Panel Design Teased
  9. Vivo Y28s 5G Price in India Leaked: Here's How Much It Might Cost
#Latest Stories
  1. Google Maps Patent Hints at a Multi-Car Navigation Feature, Enabling Easier Group Travel
  2. Google Pixel 9 Alleged Hands-on Video Shows Off Pink Colour Variant With Rounded Corners
  3. OpenSSH Vulnerability regreSSHion Identified, More Than 14 Million Servers at Risk: Report
  4. Mudrex, KoinX Partner to Process Crypto Taxes for Users in India
  5. iQoo Z9 Lite 5G India Launch Date Set for July 15; Design Revealed
  6. Dead Rising Deluxe Remaster Will Launch in September, Pre-Orders Now Live
  7. Apple Could Reportedly Introduce a Paid Apple Intelligence Subscription to Drive Revenue
  8. Samsung Galaxy Tab S10 Series Could Be Launched Without Standard Model: Report
  9. Google Reportedly Completes Design Process for Tensor G5 Chipset for Pixel 10 Series
  10. Google App Reportedly Testing New Incognito Mode Shortcut for Quicker Access on Latest Beta Version
Gadgets 360 is available in
Follow Us
Download Our Apps
App Store App Store
Available in Hindi
App Store
© Copyright Red Pixels Ventures Limited 2024. All rights reserved.
Trending Products »
Latest Tech News »