CVE-2024-47857

Name of the Vulnerable Software and Affected Versions: SSH Communication Security PrivX versions 18.0 through 36.0

Description: The issue is related to insufficient validation of public key signatures in SSH connections via a proxy port. This allows an existing account to impersonate another account and gain access to target SSH hosts that the impersonated account has access to.

Recommendations: For versions 18.0 through 36.0, consider disabling native SSH connections via a proxy port until a patch is available. Restrict access to sensitive hosts and accounts to minimize the risk of exploitation. As a temporary workaround, limit the use of public key signatures for authentication until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.