CVE-2024-39223

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions gost version 2.11.5

Description An authentication bypass in the SSH service allows attackers to intercept communications by setting the HostKeyCallback function to ssh.InsecureIgnoreHostKey. This issue is related to missing key verification in gost.

Recommendations For gost version 2.11.5, consider disabling the SSH service until a patch is available. As a temporary workaround, avoid setting the HostKeyCallback function to ssh.InsecureIgnoreHostKey to prevent authentication bypass. Restrict access to the SSH service to minimize the risk of exploitation.

Fix

IDOR

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-289CWE-639

Related Identifiers

CVE-2024-39223

GHSA-8WXX-35QC-VP6R

GO-2024-3224

OPENSUSE-SU-2024:0350-1

OPENSUSE-SU-2024:14447-1

OPENSUSE-SU-2024_3911-1

SUSE-SU-2024:3911-1

Affected Products

Suse

Gost

CVE-2024-39223

Weakness Enumeration

Related Identifiers

Affected Products

References · 77