The National Cyber Security Centre SK-CERT warns of a vulnerability in OpenSSH that could be exploited by remote unauthenticated attackers for remote code execution (RCE) or denial of service (DoS).
OpenSSH is a popular tool used for secure communication, remote access or secure data transfer. It is an open-source implementation of the Secure Shell (SSH) communications protocol and is most often used on servers with Linux, BSD operating systems as well as on various devices such as Wi-Fi routers, IP phones and more.
The vulnerability is tracked as CVE-2023-25136. It is a double-free vulnerability. Exploiting this type of vulnerability for a denial of service is trivial, but today a proof-of-concept is available on how to exploit this vulnerability for much more dangerous remote code execution.
The critical vulnerability CVE-2023-25136 was assigned a CVSS score of 9.8.
Versions affected by this vulnerability:
- OpenSSH v. 9.1 and earlier
Regarding the mentioned vulnerability, the National Cyber Security Centre SK-CERT recommends the following to all users who use the vulnerable version of OpenSSH:
- immediately update the vulnerable version to the latest version,
- in the event of a cybersecurity incident detection, report the incident to the National Cyber Security Centre SK-CERT at [email protected].
« Späť na zoznam