Plataforma
other
Componente
wolfssh
Corrigido em
1.4.17
CVE-2024-2873 describes an authentication bypass vulnerability affecting wolfSSH versions prior to 1.4.17. This flaw allows a malicious client to establish channels without undergoing proper user authentication, effectively granting unauthorized access to the server. The vulnerability was published on March 25, 2024, and a patch is available in version 1.4.17.
The impact of this vulnerability is severe. An attacker can bypass authentication and gain unauthorized access to the wolfSSH server. This could lead to sensitive data exposure, system compromise, and potential lateral movement within the network. Successful exploitation could allow attackers to execute arbitrary commands, steal credentials, or disrupt services. The ability to create channels without authentication significantly reduces the barrier to entry for malicious actors.
This vulnerability is considered critical due to the ease of exploitation and the potential for significant impact. While no public proof-of-concept (POC) has been released as of the publication date, the authentication bypass nature of the vulnerability suggests a high probability of exploitation. It has not yet been added to the CISA KEV catalog. The vulnerability was publicly disclosed on March 25, 2024.
Organizations utilizing wolfSSH for remote access and system administration are at risk, particularly those with legacy configurations or limited network segmentation. Environments relying on wolfSSH for secure communication and data transfer are also vulnerable. Shared hosting environments where multiple users share the same server instance should be especially vigilant.
disclosure
Status do Exploit
EPSS
0.35% (percentil 57%)
Vetor CVSS
The primary mitigation for CVE-2024-2873 is to immediately upgrade wolfSSH to version 1.4.17 or later. If upgrading is not immediately feasible, consider implementing strict network segmentation to limit the potential blast radius of a successful attack. While a direct workaround is unavailable, reviewing and tightening firewall rules to restrict access to the wolfSSH port (typically 22) from untrusted sources can offer a temporary layer of defense. After upgrading, confirm the fix by attempting to establish a channel without providing valid authentication credentials; the connection should be rejected.
Atualize o wolfSSH para a versão 1.4.17 ou superior. Isso corrige a vulnerabilidade de omissão de autenticação. Você pode obter a última versão do repositório oficial do wolfSSH.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2024-2873 is a critical vulnerability in wolfSSH versions 0–v1.4.16 that allows attackers to bypass authentication and gain unauthorized access to the server by creating channels without proper credentials.
You are affected if you are running wolfSSH versions 0–v1.4.16. Upgrade to version 1.4.17 or later to mitigate the risk.
The recommended fix is to upgrade wolfSSH to version 1.4.17 or later. If immediate upgrade is not possible, implement network segmentation and restrict access to the SSH port.
While no public exploits are currently known, the vulnerability's ease of exploitation suggests a high probability of exploitation. Monitor your systems closely.
Refer to the official wolfSSH project website or security mailing lists for the latest advisory and updates regarding CVE-2024-2873.
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.