CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-47857: SSH Communication Security PrivX versions between 18.0-36.0 implement insufficient validation on public key signatures when using native SSH...

Description

SSH Communication Security PrivX versions between 18.0-36.0 implement insufficient validation on public key signatures when using native SSH connections via a proxy port. This allows an existing PrivX "account A" to impersonate another existing PrivX "account B" and gain access to SSH target hosts to which the "account B" has access.

Classification

CVE ID: CVE-2024-47857

Affected Products

Vendor: n/a

Product: n/a

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.77% (scored less or equal to compared to others)

EPSS Date: 2025-03-01 (when was this score calculated)

References

https://ssh.com
https://info.ssh.com/impersonation-vulnerability-privx

Timeline

2025-02-01 00:30:30 UTC
CVE

SSH Communication Security PrivX versions between 18.0-36.0 implement insufficient validation on public key signatures when using native SSH...