Thousands of servers could be at risk due to major OpenSSH security flaw

A pair of hands using a keyboard
(Image credit: Getty Images)

OpenSSH, regarded as one of the “most secure software implementations in the world” has a “glaring gap” that allows threat actors to completely take over Linux systems that have it installed, experts have warned.

A report from Qualys claims the vulnerability has been present in OpenSSH for four years, and is currently affecting some 14 million endpoints worldwide.

Qualys dubbed its finding ‘regreSSHion’, and says it is now tracked as CVE-2024-6387. The flaw was named ‘regreSSHion’ since it is a regression of the previously patched vulnerability CVE-2006-5051, fixed back in 2006. A regression is a flaw that was once fixed but was later reintroduced.


“If exploited, this vulnerability allows an attacker to execute arbitrary code with the highest privileges, leading to complete system takeover, installation of malware, creation of backdoors, and more,” the researchers said.

In a blog post detailing the findings, Qualys says that anonymized data from its CSAM 3.0 with External Attack Surface Management data revealed approximately 700,000 external internet-facing instances as vulnerable. 

“This accounts for 31% of all internet-facing instances with OpenSSH in our global customer base,” the researchers added. “Interestingly, over 0.14% of vulnerable internet-facing instances with OpenSSH service have an End-Of-Life/End-Of-Support version of OpenSSH running.”

As per the warning given out by the researchers, the vulnerability is as serious as the Apache Log4J issue discovered back in 2021. That issue, tracked as CVE-2021-44228, and dubbed Log4Shell, was found in the Log4J logging library, widely used in Java applications. It allowed threat actors to execute malicious code remotely, and essentially take over the entire endpoint. 

It was said that it impacted a vast number of organizations across different industries, including powerhouses such as Apple, Amazon, Tesla, and others. While the exact number of companies affected is impossible to determine, general consensus is that Log4Shell affected hundreds of millions of applications and devices globally.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.