Recent information has revealed a critical OpenSSH vulnerability, CVE-2024-6387, named regreSSHion. This race condition allows unauthenticated attackers to execute remote code.
Compared to Log4Shell, the vulnerability could result in a complete system takeover, including the deployment of malware and backdoors. Over 14 million potentially vulnerable instances of OpenSSH were found on the internet.
While Qualys has not released proof-of-concept (PoC) code, others have started making what appear to be PoC exploits public. However, Palo Alto Networks has tested some PoC code and could not achieve remote code execution, stating there is no need for panic.
Read more – regreSSHion OpenSSH Flaw: Potential Exploitation Attempts Seen, but Mass Attacks Unlikely
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.