CVE-2024-2873

Name of the Vulnerable Software and Affected Versions wolfSSH versions prior to 1.4.17

Description A vulnerability was found in wolfSSH's server-side state machine. This issue is related to shortcomings in the authentication procedure, allowing a malicious client to create channels without first performing user authentication, resulting in unauthorized access. A remote attacker could exploit this vulnerability to bypass existing security restrictions.

Recommendations For versions prior to 1.4.17, update to version 1.4.17 or later to resolve the issue. As a temporary workaround, consider restricting access to the server-side state machine until a patch is available. Avoid allowing clients to create channels without proper user authentication.