More than 14 million servers are at risk of being compromised due to a serious vulnerability in the OpenSSH protocol that was originally patched many years ago. The vulnerability, known as “regreSSHion,” can allow hackers to gain root privileges on glibc-based Linux systems, potentially leading to a complete takeover of the affected servers.

OpenSSH is a widely used Secure Shell-based protocol for remote server management and file transfers. According to Qualys, the security research team that discovered the vulnerability, scans conducted by Shodan and Censys revealed that there are over 14 million internet-exposed OpenSSH servers. Qualys estimates that around 700,000 of these servers are vulnerable to the regreSSHion exploit, representing about one-third of all external-facing OpenSSH instances globally.

The CVE-2024-6387 vulnerability exploited by regreSSHion could allow an attacker to execute arbitrary code with the highest level of privileges, potentially leading to the installation of malware, data manipulation, and the creation of backdoors for persistent access. In addition, attackers could use compromised systems as footholds to infiltrate and exploit other vulnerable systems within an organization.

Surprisingly, Qualys had actually fixed this vulnerability back in 2006, only to accidentally reintroduce it in a subsequent release of OpenSSH in October 2020. This type of software issue is known as regression, where a previously resolved flaw resurfaces due to unintended changes or updates. In this case, the vulnerability was originally reported and patched as CVE-2006-5051 almost two decades ago.

While the exploit is considered difficult to execute and may require multiple attempts by attackers, the proliferation of artificial intelligence tools could significantly increase the success rate of exploitation. Qualys recommends updating OpenSSH servers to version 9.8p1 to address the vulnerability, as well as implementing network-based access controls and network segmentation to prevent lateral movement by attackers.

As a temporary workaround, researchers suggest adjusting the LoginGraceTime setting in the sshd configuration file to mitigate the risk, although this could potentially make servers vulnerable to denial-of-service attacks. While the vulnerability is primarily focused on glibc-based Linux systems, researchers have not confirmed whether macOS and Windows systems are also at risk.

In conclusion, organizations with OpenSSH servers are urged to take immediate action to mitigate the regreSSHion vulnerability and protect their systems from potential exploitation. Failure to address this issue could result in severe consequences, including unauthorized access, data breaches, and network compromise. In an increasingly interconnected and digital world, cybersecurity hygiene and proactive risk management are essential to safeguarding critical infrastructure and sensitive information.

Lidhja e burimit