The regression vulnerability in OpenSSH: a threat to enterprise security

A serious vulnerability has been found in OpenSSH’s server

A Remote Unauthenticated Code Execution (RCE) vulnerability in OpenSSH’s server (sshd) on glibc-based Linux systems, identified as CVE-2024-6387 has been discovered and it represents a severe risk to enterprise security. This vulnerability allows unauthenticated remote code execution as root, creating a significant security threat for organizations relying on OpenSSH for secure communication.

What you need to know

A serious vulnerability has been found in OpenSSH on glibc-based Linux systems, which represents an important security risk that might impact your organization and millions of organizations, with now, exposed OpenSSH servers. You can act against it by following a few steps: updating to the latest security patches, enforcing strict access controls, and conducting regular security audits and vulnerability assessments. Malleum offers comprehensive cybersecurity services to help safeguard against this and other cyber threats. Read the full article for more information.

Contact us for a thorough assessment and tailored security solutions.

Magnitude of the OpenSSH Vulnerability

The regreSSHion vulnerability affects OpenSSH in its default configuration. Qualys has found over 14 million potentially vulnerable OpenSSH server internet instances.

Anonymized data reveals:

  • Approximately 700,000 external internet-facing instances are vulnerable.
  • These account for 31% of all internet-facing OpenSSH instances within a global customer base.
  • 0.14% of these vulnerable instances are running End-Of-Life/End-Of-Support versions of OpenSSH, which are no longer maintained for security updates.

In a blog post on July 1, the Qualys Threat Research Unit warned that the flaw CVE-2024-6387 is very dangerous. It could let attackers run any code they want with the highest privileges. This means the attacker could take over the entire system, install malware, change data, and create hidden ways to keep accessing the system.

How to mitigate the risks associated with the regression OpenSSH vulnerability?

What can you do right now:

  • Make sure you are up to date with the latest security patches for OpenSSH
  • Ensure there is a strict access controls to limit SSH access to only authorized persons and systems
  • Utilize network-based controls to minimize the attack surface and thus reduce the risk of unauthorized access
  • To contain any potential breach, and limit the impact of an attack, you can divide the network into segments
  • You can also deploy intrusion detection systems (IDS) to monitor network traffic for suspicious activities and implement a notification system to notify teams of potential exploitation attempts, enabling a fast response.
  • Finally, you can also do regular security audits and vulnerability assessments to identify potential weaknesses and remove them.

Those are just immediate steps you can follow for your enterprise to mitigate the risks associated with the regression Open SSH vulnerabilities.

We can do it for you:

Malleum specializes in comprehensive cybersecurity solutions, offering a wide range of services including strategy and advisory, risk and compliance, enterprise fortification, cyber resiliency assessments, application security, and hardware protection to safeguard businesses in the digital age.

We can conduct the vulnerability assessment for you, partner with you, and deep dig into your organization to ensure there is no risk left regarding this OpenSSH vulnerability. Contact us now to discuss this with our cyber experts.

Conclusion

The regression vulnerability in OpenSSH can be a major threat to enterprise security. By understanding the nature of this vulnerability and implementing immediate risk mitigation steps, organizations can better protect their infrastructure and maintain the integrity of their secure communications, securing their business and customers’ data.

The discovery of this vulnerability shows us well the ongoing challenges in cybersecurity and the critical need for vigilant and proactive security practices to safeguard against evolving threats.

Malleum provides tailored solutions to each organization, regarding your size, your budget, and needs.