CVE-2024-2873 – This vulnerability in wolfSSH allows malicious ... (How to Fix)

Q: What is the severity of CVE-2024-2873?

CVE-2024-2873 has a CVSS score of 9.1 (CRITICAL). This vulnerability in wolfSSH allows malicious clients to create SSH channels without authenticating first, leading to unauthorized access to SSH server functionality. It affects all systems running vulnerable versions of wolfSSH server implementations. The high CVSS score reflects the authentication bypass nature of this flaw.

📋 TL;DR

This vulnerability in wolfSSH allows malicious clients to create SSH channels without authenticating first, leading to unauthorized access to SSH server functionality. It affects all systems running vulnerable versions of wolfSSH server implementations. The high CVSS score reflects the authentication bypass nature of this flaw.

💻 Affected Systems

Products:

wolfSSH

Versions: All versions before 1.4.17

Operating Systems: All operating systems running wolfSSH

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects wolfSSH server implementations; client implementations are not vulnerable.

📦 What is this software?

Wolfssh by Wolfssh

View all CVEs affecting Wolfssh →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of SSH server allowing unauthorized command execution, file access, and potential lateral movement within the network.

🟠

Likely Case

Unauthorized access to SSH server capabilities including shell access, file transfers, and port forwarding without valid credentials.

🟢

If Mitigated

Limited impact if network segmentation restricts SSH access and proper authentication controls are enforced elsewhere.

🌐 Internet-Facing: HIGH - SSH servers exposed to the internet are directly vulnerable to unauthenticated attacks.

🏢 Internal Only: HIGH - Internal SSH servers remain vulnerable to any internal attacker or compromised system.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability allows unauthenticated channel creation, making exploitation straightforward for attackers with network access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.4.17

Vendor Advisory: https://www.wolfssl.com/docs/security-vulnerabilities/

Restart Required: Yes

Instructions:

1. Download wolfSSH version 1.4.17 or later from official sources
2. Replace existing wolfSSH installation with patched version
3. Restart all services using wolfSSH
4. Verify the new version is active

🔧 Temporary Workarounds

Network Access Control

linux

Restrict SSH access to trusted networks only using firewall rules

iptables -A INPUT -p tcp --dport 22 -s trusted_network -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j DROP

SSH Port Change

linux

Change default SSH port to reduce automated scanning

Edit /etc/ssh/sshd_config: Port 2222
systemctl restart sshd

🧯 If You Can't Patch

Implement strict network segmentation to isolate vulnerable SSH servers
Deploy intrusion detection systems to monitor for unauthorized SSH access attempts

🔍 How to Verify

Check if Vulnerable:

Check wolfSSH version: if version is less than 1.4.17, the system is vulnerable

Check Version:

wolfssh-config --version or check library version in application

Verify Fix Applied:

Confirm wolfSSH version is 1.4.17 or higher and test SSH authentication functionality

📡 Detection & Monitoring

Log Indicators:

SSH connections without authentication logs
Multiple failed authentication attempts followed by successful channel creation
Unusual SSH session patterns

Network Indicators:

SSH traffic from unexpected sources
SSH connections without proper authentication handshake
Abnormal SSH channel creation patterns

SIEM Query:

source="ssh.log" AND (event="channel opened" NOT event="authentication successful")

📊 Metadata

CVE ID: CVE-2024-2873

CVSS v3 Score: 9.1 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE: CWE-287

Published: March 25, 2024

Last Updated: December 5, 2025

🔗 References

https://github.com/wolfSSL/wolfssh/pull/670 Issue Tracking
https://github.com/wolfSSL/wolfssh/pull/671 Issue Tracking
https://www.wolfssl.com/docs/security-vulnerabilities/ Vendor Advisory
https://github.com/wolfSSL/wolfssh/pull/670 Issue Tracking
https://github.com/wolfSSL/wolfssh/pull/671 Issue Tracking
https://www.wolfssl.com/docs/security-vulnerabilities/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-2873, you might also want to check these: