OpenSSH vulnerability regreSSHion puts millions of servers at risk

Researchers have uncovered a serious remote code execution vulnerability in the Open Secure Shell (OpenSSH) server that could let unauthenticated attackers obtain a root shell on servers and take them over. Through internet scanning services like Shodan and Censys, Qualys researchers identified over 14 million potentially vulnerable OpenSSH instances that were exposed to the internet.

The flaw, tracked as CVE-2024-6387, has been dubbed regreSSHion because it is a regression of an older flaw — CVE-2006-5051 — patched in …

attackers censys code code execution internet internet security millions openssh qualys regresshion remote code remote code execution researchers risk root scanning serious server servers services shell shodan unauthenticated uncovered vulnerabilities vulnerability vulnerable