CVE-2024-47857

Critical CVSS: 9.8

SSH Communication Security PrivX versions between 18.0-36.0 implement insufficient validation on public key signatures when using native SSH connections via a proxy port. This allows an existing PrivX "account A" to impersonate another existing PrivX "account B" and gain access to SSH target hosts to which the "account B" has access.

Vendor

Product

CWE

CWE-20

Yayın Tarihi

2025-01-31 17:15:14

Güncelleme

2025-03-18 20:15:24

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-20 CRITICAL 2025

Referanslar

https://info.ssh.com/impersonation-vulnerability-privx https://ssh.com