CVE-2024-47857 – PrivX SSH Impersonation Privilege Escalation

The following table lists the changes that have been made to the CVE-2024-47857 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability’s severity, exploitability, or other characteristics.

  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Feb. 03, 2025

    Action Type Old Value New Value
    Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    Added CWE CWE-863
  • New CVE Received by [email protected]

    Jan. 31, 2025

    Action Type Old Value New Value
    Added Description SSH Communication Security PrivX versions between 18.0-36.0 implement insufficient validation on public key signatures when using native SSH connections via a proxy port. This allows an existing PrivX “account A” to impersonate another existing PrivX “account B” and gain access to SSH target hosts to which the “account B” has access.
    Added Reference https://info.ssh.com/impersonation-vulnerability-privx
    Added Reference https://ssh.com

نوشته های مشابه

CVE-2024-53355 – EasyVirt DCScope CO2Scope Incorrect Access Control Vulnerability

CVE-2024-53356 – EasyVirt DCScope & CO2Scope Privilege Escalation Weak Encryption

CVE-2024-55062 – EasyVirt DCScope Command Injection Vulnerability

CVE-2024-53584 – OpenPanel OS Command Injection Vulnerability