CVE-2024-54855

MEDIUM EPSS 22.8%
Published Jan 13, 20265mo ago · Modified Jun 17, 20261w ago
6.4 CVSS 3.1
Medium
Find Similar
Published Jan 13, 2026 5mo ago
Last Modified Jun 17, 2026 1w ago

Description

fabricators Ltd Vanilla OS 2 Core image v1.1.0 was discovered to contain static keys for the SSH service, allowing attackers to possibly execute a man-in-the-middle attack during connections with other hosts.

CVSS Details

Base Score
6.4
Exploitability
0.9
Impact
5.5
Vector string
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required High
User Interaction Required
Scope Unchanged
Confidentiality High
Integrity Low
Availability High

Threat Intelligence

EPSS Exploit Probability
22.8% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 1

CWE-321

Affected Products 1

VendorProductVersionRange
fabricatorsvanilla_os_core_image* <1.1.1

References 3

  • fabricators.com http://fabricators.com
    Broken Link
  • vanilla.com http://vanilla.com
    Not Applicable
  • github.com https://github.com/Vanilla-OS/core-image/security/advisories/GHSA-67pc-hqr2-g34h
    ExploitVendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.