CVE-2024-47857
Published: 31 January 2025
Summary
CVE-2024-47857 is a critical-severity Improper Input Validation (CWE-20) vulnerability in Ssh Communication Security PrivX (inferred from references). Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 46.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2024-47857 is an improper input validation vulnerability (CWE-20) in SSH Communication Security PrivX versions 18.0 through 36.0. It arises from insufficient validation of public key signatures during native SSH connections routed through a proxy port. The issue carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity with potential for high confidentiality, integrity, and availability impacts.
An existing PrivX account A can exploit this flaw to impersonate another existing PrivX account B. This enables the attacker to access SSH target hosts authorized for account B, allowing unauthorized remote execution or data exfiltration over the network with low complexity and no special privileges beyond possessing a valid account.
Mitigation guidance and patch details are available in the vendor advisory at https://info.ssh.com/impersonation-vulnerability-privx, along with additional information at https://ssh.com. Security practitioners should review these resources promptly for deployment instructions.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-42883
Vulnerability details
SSH Communication Security PrivX versions between 18.0-36.0 implement insufficient validation on public key signatures when using native SSH connections via a proxy port. This allows an existing PrivX "account A" to impersonate another existing PrivX "account B" and gain access…
more
to SSH target hosts to which the "account B" has access.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE enables network exploitation of the PrivX SSH proxy (T1190) via signature validation bypass, directly facilitating impersonation of valid domain accounts (T1078.002) to access and execute over authorized SSH remote services (T1021.004).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires information input validation of public key signatures in the SSH proxy port, comprehensively addressing the insufficient validation vulnerability (CWE-20).
Mandates identification, reporting, and correction of the specific flaw in PrivX, preventing exploitation through timely patching as advised by the vendor.
Manages public key authenticators by mapping them to authorized PrivX accounts and ensuring cryptographic strength, mitigating impersonation risks from invalid signatures.