Another OpenSSH RCE Vulnerability – i.e. Patch Now! has the story

RCE means Remote Code Execution which means that the attacker does not need an account to make a successful attack.  This vulnerability is rated 9.8 out of 10 thus it is very high.

“Two critical remote code execution (RCE) vulnerabilities have been found in OpenSSH (CVE-2023-28531 and CVE-2023-38408). Because these bugs are simple to exploit and pose a severe threat to impacted systems’ confidentiality, integrity, and availability, they have received a National Vulnerability Database base score of 9.8 out of 10 (“Critical” severity).”

So what systems have OpenSSH? A lot of Linux systems and many Servers that run open source and some software that does not. Make sure your vulnerability manager can test for this vulnerability and then make sure it is not in your environment otherwise you have to patch the systems.

One uses openssh when trying to connect to a computer remotely.  So make sure yours is upgraded or you are using a different program.

Contact us to help.