Qualys reports one of the most significant vulnerabilities found in recent years in terms of scale and potential impact.
The regreSSHion (CVE-2024-6387) discovered by the Qualys Threat Research Unit (TRU) is an unauthenticated remote code execution (RCE) vulnerability in OpenSSH’s server in glibc-based Linux systems that went undetected for four years.
If this vulnerability is exploited, an attacker can execute arbitrary code with the highest privileges, which can lead to a complete system takeover, the installation of malware, the creation of backdoors and more.
With over 14 million instances worldwide, the regreSSHion is serious and critical, especially for organizations that rely heavily on OpenSSH to manage remote servers. OpenSSH is known for being a very secure software. This vulnerability is a glaring gap in an otherwise almost flawless implementation.
(lb/Qualys)