CVE-2024-54855
MediumCVSS 6.4Exploitation Probability (EPSS)
Low risk18th percentile - higher than 18% of all known CVEs
Summary
The Vanilla OS 2 Core image v1.1.0 from fabricators Ltd was found to contain static SSH keys, allowing attackers to perform a man-in-the-middle attack during connections with other hosts.
Risk Assessment
Static SSH keys enable an attacker to impersonate a server or client, intercept and modify network traffic, potentially leading to data theft or communication integrity compromise.
Recommendation
Immediately update the system image to a version with unique SSH keys and regenerate key pairs for all existing installations.
Original NVD description (English source)
fabricators Ltd Vanilla OS 2 Core image v1.1.0 was discovered to contain static keys for the SSH service, allowing attackers to possibly execute a man-in-the-middle attack during connections with other hosts.

