Over 16,400 Private and State-Owned Businesses Exposed to RegreSSHion Vulnerability

A critical security flaw known as RegreSSHion (CVE-2024-6387) has put over 16,400 global organizations at risk of remote compromise, according to a recent investigation by Heimdal. 

This vulnerability, with a CVSS score of 8.1, raises significant concerns within the cybersecurity community due to its potential to enable remote code execution (RCE) on Linux systems.

Discovered by Qualys in June, RegreSSHion affects a considerable number of OpenSSH servers worldwide.

If left unpatched, it could allow attackers to gain full root access to critical servers, network devices, and IoT systems, posing severe threats to the integrity and security of these infrastructures.

Malware analyst Andrei-Mihai Minca’s Shodan analysis has revealed an extensive list of vulnerable organizations, including:

• Top academic institutions in the United States, United Kingdom, and Zurich
• Major energy companies in France, Canada, and Zimbabwe
• Respected education and government bodies in the United States, Italy, and Taiwan

To prevent exploitation, Heimdal is withholding the specific identities of these organizations.

A patch is available, and it is crucial for businesses to prioritize updating affected systems to mitigate the risk of exploitation.

Morten Kjaersgaard, founder of Heimdal, emphasized the severity and complexity of the issue:

“It’s important to note that while the vulnerability is severe, actual exploitation is quite complex and time-consuming, requiring thousands of attempts and specific system configurations.”

“This makes widespread, indiscriminate exploitation less likely. However, targeted attacks by skilled threat actors remain a significant concern for organizations running vulnerable versions of OpenSSH.”

The vulnerability impacts businesses globally, with significant numbers reported in the United States (6,592), Germany (3,784), and France (1,164), among others.

Heimdal is actively reaching out to larger businesses at the highest risk to ensure they are aware of the necessity to patch this vulnerability immediately.