CVE-2024-54855
Unknown Unknown - Not Provided
Static SSH Key Exposure in Vanilla OS 2 Enables MITM Attacks

Publication date: 2026-01-13

Last updated on: 2026-02-10

Assigner: MITRE

Description
fabricators Ltd Vanilla OS 2 Core image v1.1.0 was discovered to contain static keys for the SSH service, allowing attackers to possibly execute a man-in-the-middle attack during connections with other hosts.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-13
Last Modified
2026-02-10
Generated
2026-06-16
AI Q&A
2026-01-14
EPSS Evaluated
2026-06-14
NVD
CVE-2024-54855
EUVD
EUVD-2024-55374
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
fabricators vanilla_os_core_image to 1.1.1 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-321 The product uses a hard-coded, unchangeable cryptographic key.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves static SSH host keys embedded in Vanilla OS core-image versions prior to v1.1.1. Because these keys are hard-coded and identical across all installations, an attacker with some privileges can extract the private SSH host keys (for example, from a Docker container running the vulnerable image). This allows the attacker to perform man-in-the-middle (MITM) attacks during SSH connections by impersonating the target server, intercepting communications, and potentially executing arbitrary commands on the compromised host. [2]

Impact Analysis

The vulnerability can lead to unauthorized data access through man-in-the-middle attacks on SSH connections, allowing attackers to intercept sensitive information. It also poses risks of service disruption and limited data modification. Attackers can impersonate servers, intercept SSH sessions without detection, and execute arbitrary commands, potentially compromising system integrity and availability. [2]

Detection Guidance

You can detect this vulnerability by checking if your Vanilla OS core-image version is prior to v1.1.1, as those versions contain static SSH host keys. To verify if the SSH host keys are static or reused, you can compare the SSH host key fingerprints across multiple installations. Commands such as 'ssh-keygen -lf /etc/ssh/ssh_host_rsa_key.pub' can be used to list the fingerprint of the SSH host key. If multiple systems show identical fingerprints, it indicates the presence of static keys and vulnerability to MITM attacks. [2]

Mitigation Strategies

The immediate mitigation step is to upgrade the Vanilla OS core-image to version v1.1.1 or later, where unique SSH host keys are generated per installation. If upgrading is not immediately possible, regenerate the SSH host keys manually on each affected system to replace the static keys and prevent reuse. This will mitigate the risk of man-in-the-middle attacks caused by the static keys. [2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2024-54855. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart