Impersonation Vulnerability in PrivX by SSH Communication Security
CVE-2024-47857

9.8CRITICAL

Key Information:

Vendor: SSH Communication Security
Status: PrivX
Vendor: CVE Published:; 31 January 2025

🔔 Create SSH Communication Security Vulnerability Alert

What is CVE-2024-47857?

An impersonation vulnerability exists in PrivX versions from 18.0 to 36.0, where insufficient validation of public key signatures occurs during native SSH connections via a proxy port. This flaw allows users on one PrivX account to impersonate another user, enabling unauthorized access to SSH-targeted hosts that the impersonated account can access. Organizations should prioritize patching and implementing necessary security measures to mitigate risks associated with this vulnerability.

References

https://ssh.com

https://info.ssh.com/impersonation-vulnerability-privx

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 31, 2025
Vulnerability Reserved
Oct 4, 2024

JSON