Critical OpenSSH Vulnerability Puts Millions of Linux Servers at Risk

The flaw, known as 'regreSSHion,' allows unauthenticated remote code execution with root access, affecting over 14 million servers.

The vulnerability, CVE-2024-6387, stems from a code regression reintroducing a 2006 flaw.
It allows attackers to execute arbitrary code with the highest privileges without authentication.
Researchers identified over 14 million potentially vulnerable servers, with 700,000 exposed to the Internet.
The flaw affects OpenSSH versions from 8.5p1 to 9.8p1, with no patch available yet.
Admins are advised to update configurations and apply network-based controls to mitigate risks.