[UPDATE] OpenSSH: Multiple Vulnerabilities Enable Code Execution
A BSI Warn- und Informationsdienst (WID): Schwachstellen-Informationen (Security Advisories) ·
Admiralty grading (A–F · 1–6)
Source reliability
- A Completely reliable
- B Usually reliable
- C Fairly reliable
- D Not usually reliable
- E Unreliable
- F Cannot be judged
Information credibility
- 1 Confirmed
- 2 Probably true
- 3 Possibly true
- 4 Doubtful
- 5 Improbable
- 6 Cannot be judged
NATO Admiralty (AJP-2.1) grades confidence, independent of the risk score. Cross-source corroboration isn't tracked for non-CVE news, so single-source items are capped at a lower credibility number; a low number does not imply low quality.
Key insight
BSI warning on local code execution vulnerabilities in OpenSSH requires immediate patch assessment for all Linux systems in the infrastructure.
Description
The BSI issues a warning on multiple vulnerabilities in OpenSSH that allow local attackers to execute arbitrary code. The vulnerabilities enable privilege escalation on affected systems. Since OpenSSH is installed as the standard SSH service on virtually all Linux servers and workstations, this presents a critical risk. Severity and precise CVE numbers require further research in the BSI notice; however, local exploitation vectors already presuppose access to the system.
Risk score
- cvss base
- 0.00
- kev bonus
- 0.00
- epss bonus
- 0.00
- poc bonus
- 0.00
- raw before weight
- 0.00
- industry weight
- 1.10
- freshness factor
- 1.00
- exploitability factor
- 1.00
- days old
- 0.00
- vendor mismatch penalty
- 0.00
Path: operational