Remote Code Execution in OpenSSH on FreeBSD (CVE-2024-7589)

ISGroup Cybersecurity

A critical vulnerability has been identified in OpenSSH affecting all supported versions of FreeBSD. This security flaw could potentially allow for unauthenticated remote code execution with root privileges. Although there have been no confirmed reports of active exploitation at this time, the risk remains high due to the possibility of complete system compromise. Users are urged to apply the latest patches provided by FreeBSD as soon as possible or, alternatively, to temporarily mitigate the issue by setting LoginGraceTime to 0 in the sshd_config file.

Productfreebsd, ssh
Date2024-08-19 16:05:22

Technical Summary

CVE-2024-7589 is a critical vulnerability in OpenSSH that affects all supported versions of FreeBSD. This issue could potentially allow for unauthenticated remote code execution with root privileges. Although there have been no confirmed cases of active exploitation, the risk remains high due to the possibility of complete system compromise. Users must urgently apply the latest patches provided by FreeBSD or temporarily mitigate the issue by setting LoginGraceTime to 0 in the sshd_config file.

[Callforaction-THREAT-Footer]