A critical vulnerability has been identified in OpenSSH affecting all supported versions of FreeBSD. This security flaw could potentially allow for unauthenticated remote code execution with root privileges. Although there have been no confirmed reports of active exploitation at this time, the risk remains high due to the possibility of complete system compromise. Users are urged to apply the latest patches provided by FreeBSD as soon as possible or, alternatively, to temporarily mitigate the issue by setting LoginGraceTime to 0 in the sshd_config file.
| Product | freebsd, ssh |
| Date | 2024-08-19 16:05:22 |
Technical Summary
CVE-2024-7589 is a critical vulnerability in OpenSSH that affects all supported versions of FreeBSD. This issue could potentially allow for unauthenticated remote code execution with root privileges. Although there have been no confirmed cases of active exploitation, the risk remains high due to the possibility of complete system compromise. Users must urgently apply the latest patches provided by FreeBSD or temporarily mitigate the issue by setting LoginGraceTime to 0 in the sshd_config file.
[Callforaction-THREAT-Footer]
