CVE-2024-47857 Information

Description

SSH Communication Security PrivX versions between 18.0-36.0 implement insufficient validation on public key signatures when using native SSH connections via a proxy port. This allows an existing PrivX ccount A\ to impersonate another existing PrivX ccount B\ and gain access to SSH target hosts to which the ccount B\ has access.

Reference

https://info.ssh.com/impersonation-vulnerability-privx https://ssh.com