CVE Catalog

CVE-2024-54855

MediumCVSS 6.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.26%

18th percentile - higher than 18% of all known CVEs

Summary

The Vanilla OS 2 Core image v1.1.0 from fabricators Ltd was found to contain static SSH keys, allowing attackers to perform a man-in-the-middle attack during connections with other hosts.

Risk Assessment

Static SSH keys enable an attacker to impersonate a server or client, intercept and modify network traffic, potentially leading to data theft or communication integrity compromise.

Recommendation

Immediately update the system image to a version with unique SSH keys and regenerate key pairs for all existing installations.

Original NVD description (English source)

fabricators Ltd Vanilla OS 2 Core image v1.1.0 was discovered to contain static keys for the SSH service, allowing attackers to possibly execute a man-in-the-middle attack during connections with other hosts.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS