A significant security flaw, known as ‘regreSSHion’, has been discovered in OpenSSH, a widely trusted security software used by servers worldwide. This vulnerability, identified as CVE-2024-6387, has been present for over four years and poses a serious threat to approximately 14 million endpoints globally. If exploited, ‘regreSSHion’ allows attackers to gain complete control of the system, install malicious code, create backdoors, and execute other harmful actions.
Concerningly, up to 700,000 external internet-facing OpenSSH instances are vulnerable, making up 31% of the total instances in Qualys’ global customer base. Security experts have compared the severity of this vulnerability to the Log4Shell issue in Apache Log4J, which affected hundreds of millions of applications and devices worldwide in 2021.
As of now, there is no evidence of ‘regreSSHion’ being actively exploited. However, users and organizations are strongly advised to update OpenSSH to the latest version to patch the vulnerability and ensure the security of their systems.