OpenSSH, regarded as one of the “most secure software implementations in the world” has a “glaring gap” that allows threat actors to completely take over Linux systems that have it installed, experts have warned.
A report from Qualys claims the vulnerability has been present in OpenSSH for four years, and is currently affecting some 14 million endpoints worldwide.
Qualys dubbed its finding ‘regreSSHion’, and says it is now tracked as CVE-2024-6387. The flaw was named ‘regreSSHion’ since it is a regression of the previously patched vulnerability CVE-2006-5051, fixed back in 2006. A regression is a flaw that was once fixed but was later reintroduced.
