Vulnerability Description
An authentication bypass in the SSH service of gost v2.11.5 allows attackers to intercept communications via setting the HostKeyCallback function to ssh.InsecureIgnoreHostKey
CVSS Score
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Related Weaknesses (CWE)
References
- https://gist.github.com/nyxfqq/a7242170b1118e78436a62dee4e09e8a
- https://github.com/ginuerzh/gost/blob/729d0e70005607dc7c69fc1de62fd8fe21f85355/s
- https://github.com/ginuerzh/gost/issues/1034
- https://gist.github.com/nyxfqq/a7242170b1118e78436a62dee4e09e8a
- https://github.com/ginuerzh/gost/blob/729d0e70005607dc7c69fc1de62fd8fe21f85355/s
- https://github.com/ginuerzh/gost/issues/1034
FAQ
What is CVE-2024-39223?
CVE-2024-39223 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An authentication bypass in the SSH service of gost v2.11.5 allows attackers to intercept communications via setting the HostKeyCallback function to ssh.InsecureIgnoreHostKey
How severe is CVE-2024-39223?
CVE-2024-39223 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2024-39223?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.