Security researchers report regreSSHion, one of the most significant security vulnerability discoveries in recent years in terms of scale and potential impact.
Discovered by the Qualys Threat Research Unit (TRU), regreSSHion (CVE-2024-6387) is an unauthenticated remote code execution (RCE) vulnerability in OpenSSH's server in glibc-based Linux systems that went undetected for four years. If exploited, this vulnerability could allow an attacker to execute arbitrary code with the highest privileges, which could lead to a complete system takeover, installation of malware, creation of backdoors, and more.
With over 14 million instances worldwide, the RegreSSHion is severe and critical, especially for organizations that rely heavily on OpenSSH to manage remote servers. OpenSSH is known to be a very secure software, and this vulnerability found is a glaring hole in an otherwise nearly flawless implementation.
More at Qualys.com
About Qualys:
Qualys is a pioneer and leader in disruptive cloud-based IT, security and compliance solutions. The company has more than 15.700 active customers in over 130 countries, including the majority of the Forbes Global 100 and Fortune 100 companies. Qualys helps companies optimize and consolidate their security and compliance solutions into a single platform, fundamentally secure digital transformation initiatives, and thereby achieve greater agility, better business results and significant cost reductions.