OpenSSH Vulnerability regreSSHion Identified, More Than 14 Million Servers at Risk: Report

As per the report, the OpenSSH vulnerability is a regression of the previously patched vulnerability CVE-2006-5051.

Advertisement
Written by Akash Dutta, Edited by Siddharth Suvarna | Updated: 2 July 2024 16:11 IST
Highlights
  • It is reportedly a RCE vulnerability in OpenSSH’s server
  • The vulnerability has been labelled as CVE-2024-6387
  • OpenSSH versions earlier than 4.4p1 are vulnerable to this condition

OpenBSD systems are reportedly unaffected by this bug

Photo Credit: Reuters

OpenSSH servers in large numbers are reportedly affected by a newly discovered vulnerability. This vulnerability is said to be a regression of a previously patched vulnerability that has resurfaced. As per the report, more than 14 million servers were found to be at risk, particularly those with versions earlier than 4.4p1 can be affected by this vulnerability dubbed regreSSHion. This regression was reportedly introduced in October 2020 (OpenSSH 8.5p1). The vulnerability has been labelled and is being tracked as CVE-2024-6387.

Researchers identify major OpenSSH vulnerability

Cybersecurity firm Qualys, which discovered the vulnerability, said in a post that CVE-2024-6387 is a remote unauthenticated code execution (RCE) vulnerability in OpenSSH's server (sshd). OpenSSH, also referred to as OpenBSD Secure Shell (SSH), is a suite of tools that facilitate secure communication over a network. It is a widely implemented SSH protocol that provides a safe encrypted channel over an unsecured network. The system is used for both internal networks as well as over the Internet.

Advertisement

During the investigation, the cybersecurity firm reportedly found more than 14 million potentially vulnerable OpenSSH server instances that were exposed to the Internet. Among them, there were reportedly 7,00,000 external internet-facing instances that were vulnerable to the condition. This high number of exposed servers highlights the scale of risk these systems face.

As per the report, the current vulnerability is a regression of a previously patched vulnerability from 2006 dubbed CVE-2006-5051, which is why it is also being called regreSSHion. An attacker can hypothetically execute arbitrary code with the highest privileges and compromise the entire system due to this vulnerability. Further threat actors can also bypass critical security mechanisms to gain root access to the impacted server.

Advertisement

However, Qualys also pointed out that this vulnerability is not easy to exploit due to it being a remote race condition, and it will likely require multiple break-in attempts before an attack results in success.

The cybersecurity firm recommended enterprises using OpenSSH to apply available patches as soon as possible and to prioritise the ongoing update process. Enterprises are also asked to limit SSH access through network-based controls to minimise the attack risks.

Is the Samsung Galaxy Z Flip 5 the best foldable phone you can buy in India right now? We discuss the company's new clamshell-style foldable handset on the latest episode of Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.
Affiliate links may be automatically generated - see our ethics statement for details.
 
Post your comments

Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.

Further reading: OpenSSH, Cybersecurity, OpenSSH Vulnerability, CVE
Mudrex, KoinX Partner to Process Crypto Taxes for Users in India
Advertisement
Popular on Gadgets
Latest Gadgets
Popular Mobile Brands
#Trending Stories
  1. iQOO 15 Apex Edition Arrives in India as a Special Variant of iQOO 15
  2. OnePlus Nord 6 Camera Configuration Revealed as India Launch Draws Near
  3. Redmi Note 15 SE 5G to Launch With a Larger Battery Than Note 15 5G
  4. Google Finally Lets Users Change Their Gmail Address
  5. Google Pixel 11 Pro Leaked Renders Hint at These Design Updates
  6. Lava Bold N2 Lite Arrives With a 5,000mAh Battery at This Price in India
  7. iQOO 15 Apex Colour Option Revealed, Will Launch in India on April 1
  8. Gmail Rolls Out AI Inbox With Smart Prioritisation for These Users
  9. Oracle Begins Layoffs Affecting Thousands: Report
  10. Oppo K15 Pro Series With Active Cooling Fan Launched: See Price
#Latest Stories
  1. Samsung Enables Blood Pressure Monitoring on Some Galaxy Watch Models in the US; Watch 9 Development Tipped
  2. Oppo K15 Pro+ and Oppo K15 Pro Launched With Active Cooling Fan, Up to 8,000mAh Battery: Price, Features
  3. Oracle to Reportedly Lay Off Thousands of Employees
  4. iQOO 15 Apex Edition Launched in India With 144Hz Refresh Rate, Snapdragon 8 Elite Gen 5 Chip: Price, Specifications
  5. Disney Reportedly Keen on Acquiring Fortnite Maker Epic Games at Some Point
  6. Lava Bold N2 Lite Launched in India With 5,000mAh Battery, 6.75-Inch Display: Price, Specifications
  7. Oppo K15 Pro Key Specifications Revealed Ahead of China Launch; Dimensity 8500 Super SoC Confirmed
  8. Google Pixel 11 Pro Leaked Renders Indicate It Might Sport Thinner Bezels Than the Pixel 10 Pro
  9. Gmail's AI Inbox Feature With Smart Prioritisation Rolls Out for Google AI Ultra Subscribers in the US
  10. Ray-Ban Meta Optics Styles Launched as Meta’s First Prescription-Focussed Smart Glasses: Price, Specifications
Gadgets 360 is available in
Follow Us
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2026. All rights reserved.