Serious vulnerability in OpenSSH threatens millions of servers

OpenSSH is one of the most trusted security software in the world. The discovered vulnerability is said to affect approximately 14 million endpoint devices globally.

According to experts at Qualys, if the 'regreSSHion' vulnerability is successfully exploited, an attacker can completely take control of the system, install malicious code, create backdoors and perform many other dangerous acts.

In up to 700,000 cases, representing 31% of the total number of cases in Qualys' global customer base, OpenSSH facing the external internet was identified as vulnerable.

In fact, 'regreSSHion' is a re-introduction of a vulnerability that was previously patched in 2006.

Experts warn the 'regreSSHion' vulnerability has the same severity as the Log4Shell issue in Apache Log4J in 2021, one of the most serious computer security vulnerabilities ever discovered affecting hundreds of millions applications and devices worldwide.

Currently, there is no information that this vulnerability has been exploited in practice, but experts recommend that users and organizations need to update OpenSSH to the latest version to patch the vulnerability and ensure system security. system.

Lesley Montoya

Update 04 July 2024