Critical regreSSHion Vulnerability Exposes Millions of OpenSSH Servers

Earlier this month the Qualys Threat Research Unit discovered a new vulnerability in OpenSSH could potentially lead to a full system compromise. Here’s what it means and how to protect your systems.

What you need to know

A new vulnerability, CVE-2024-6387, known as regreSSHion, has been discovered in glibc-based Linux systems using OpenSSH. This is a regression of a previously fixed vulnerability (CVE-2006-5051) that re-emerged due to code changes made in October 2020. This flaw can allow attackers to execute arbitrary code with root privileges, potentially taking full control of the system, installing malware, manipulating data, and creating persistent backdoors.

Over 14 million OpenSSH servers are potentially at risk due to this vulnerability.

How to protect your organization

To mitigate the risks posed by regreSSHion, consider the following actions:

  • Immediate Patching: Ensure OpenSSH is updated with the latest patches and maintain a robust update process.
  • Access Restrictions: Limit SSH access through network-based controls.
  • Monitoring and Detection: Implement network segmentation and deploy intrusion detection systems to monitor for exploitation attempts.

If immediate patching isn’t feasible, temporarily set LoginGraceTime to 0 to hinder exploitation, though this may expose your system to denial-of-service attacks.

How Halo Security can help

Our advanced vulnerability scanners are already detecting this flaw and alerting customers. We recommend using our  technology scanning capabilities to identify all OpenSSH servers within your attack surface by filtering your Technology list by the product OpenSSH.

It’s never been more important to know your true attack surface

With the emergence of this critical vulnerability, it’s more crucial than ever to comprehend your organization’s digital footprint. Ensure every digital asset is accounted for to avoid unrecognized vulnerabilities like regreSSHion. Comprehensive attack surface management will help you keep track of exposed assets and mitigate potential threats effectively.

Maintaining an updated inventory of your attack surface is essential to defend against vulnerabilities. Stay alert and proactive in safeguarding your systems from exploitation.