Skip to content
Auto-CTI
Back to today
NEW HIGH A3

[UPDATE] OpenSSH: Multiple Vulnerabilities Enable Code Execution

A BSI Warn- und Informationsdienst (WID): Schwachstellen-Informationen (Security Advisories) ·

Admiralty grading (A–F · 1–6)

Source reliability

  • A Completely reliable
  • B Usually reliable
  • C Fairly reliable
  • D Not usually reliable
  • E Unreliable
  • F Cannot be judged

Information credibility

  • 1 Confirmed
  • 2 Probably true
  • 3 Possibly true
  • 4 Doubtful
  • 5 Improbable
  • 6 Cannot be judged

NATO Admiralty (AJP-2.1) grades confidence, independent of the risk score. Cross-source corroboration isn't tracked for non-CVE news, so single-source items are capped at a lower credibility number; a low number does not imply low quality.

Key insight

BSI warning on local code execution vulnerabilities in OpenSSH requires immediate patch assessment for all Linux systems in the infrastructure.

Description

The BSI issues a warning on multiple vulnerabilities in OpenSSH that allow local attackers to execute arbitrary code. The vulnerabilities enable privilege escalation on affected systems. Since OpenSSH is installed as the standard SSH service on virtually all Linux servers and workstations, this presents a critical risk. Severity and precise CVE numbers require further research in the BSI notice; however, local exploitation vectors already presuppose access to the system.

Risk score

20
cvss base
0.00
kev bonus
0.00
epss bonus
0.00
poc bonus
0.00
raw before weight
0.00
industry weight
1.10
freshness factor
1.00
exploitability factor
1.00
days old
0.00
vendor mismatch penalty
0.00

Path: operational

ESC