Vanilla Os Core Image
CVE-2024-54855
MEDIUM
Severity by source
AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:H
Lifecycle Timeline
3DescriptionNVD
fabricators Ltd Vanilla OS 2 Core image v1.1.0 was discovered to contain static keys for the SSH service, allowing attackers to possibly execute a man-in-the-middle attack during connections with other hosts.
AnalysisAI
fabricators Ltd Vanilla OS 2 Core image v1.1.0 was discovered to contain static keys for the SSH service, allowing attackers to possibly execute a man-in-the-middle attack during connections with other hosts. [CVSS 6.4 MEDIUM]
Technical ContextAI
Classified as CWE-321 (Use of Hard-coded Cryptographic Key). Affects the static keys for the SSH component of Vanilla Os Core Image. fabricators Ltd Vanilla OS 2 Core image v1.1.0 was discovered to contain static keys for the SSH service, allowing attackers to possibly execute a man-in-the-middle attack during connections with other hosts.
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
Same weakness CWE-321 – Use of Hard-coded Cryptographic Key
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today