Cyber Resilience

CVE-2024-47857

Critical

Published: 31 January 2025

Published
31 January 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0029 53.1th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-47857 is a critical-severity Improper Input Validation (CWE-20) vulnerability in Ssh Communication Security PrivX (inferred from references). Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 46.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2024-47857 is an improper input validation vulnerability (CWE-20) in SSH Communication Security PrivX versions 18.0 through 36.0. It arises from insufficient validation of public key signatures during native SSH connections routed through a proxy port. The issue carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity with potential for high confidentiality, integrity, and availability impacts.

An existing PrivX account A can exploit this flaw to impersonate another existing PrivX account B. This enables the attacker to access SSH target hosts authorized for account B, allowing unauthorized remote execution or data exfiltration over the network with low complexity and no special privileges beyond possessing a valid account.

Mitigation guidance and patch details are available in the vendor advisory at https://info.ssh.com/impersonation-vulnerability-privx, along with additional information at https://ssh.com. Security practitioners should review these resources promptly for deployment instructions.

EU & UK References

Vulnerability details

SSH Communication Security PrivX versions between 18.0-36.0 implement insufficient validation on public key signatures when using native SSH connections via a proxy port. This allows an existing PrivX "account A" to impersonate another existing PrivX "account B" and gain access…

more

to SSH target hosts to which the "account B" has access.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1021.004 SSH Lateral Movement
Adversaries may use [Valid Accounts](https://attack.
T1078.002 Domain Accounts Stealth
Adversaries may obtain and abuse credentials of a domain account as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.
Why these techniques?

CVE enables network exploitation of the PrivX SSH proxy (T1190) via signature validation bypass, directly facilitating impersonation of valid domain accounts (T1078.002) to access and execute over authorized SSH remote services (T1021.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-4755Shared CWE-20
CVE-2026-6973Shared CWE-20
CVE-2026-23836Shared CWE-20
CVE-2025-12275Shared CWE-20
CVE-2025-21344Shared CWE-20
CVE-2025-43347Shared CWE-20
CVE-2026-29143Shared CWE-20
CVE-2026-2880Shared CWE-20
CVE-2025-1514Shared CWE-20
CVE-2026-26063Shared CWE-20

Affected Assets

Ssh
Communication Security PrivX
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires information input validation of public key signatures in the SSH proxy port, comprehensively addressing the insufficient validation vulnerability (CWE-20).

prevent

Mandates identification, reporting, and correction of the specific flaw in PrivX, preventing exploitation through timely patching as advised by the vendor.

prevent

Manages public key authenticators by mapping them to authorized PrivX accounts and ensuring cryptographic strength, mitigating impersonation risks from invalid signatures.

References