{"id":1184,"date":"2024-10-01T08:00:00","date_gmt":"2024-10-01T15:00:00","guid":{"rendered":"https:\/\/www.cycognito.com\/blog\/?p=1184"},"modified":"2024-09-30T10:09:51","modified_gmt":"2024-09-30T17:09:51","slug":"emerging-security-issue-hashicorp-vault-ssh-cve-2024-7594","status":"publish","type":"post","link":"https:\/\/www.cycognito.com\/blog\/emerging-security-issue-hashicorp-vault-ssh-cve-2024-7594\/","title":{"rendered":"Emerging Security Issue: HashiCorp Vault SSH CVE-2024-7594"},"content":{"rendered":"\n

What is CVE-2024-7594? <\/h2>\n\n\n\n

CVE-2024-7594 is a severe unrestricted authentication issue affecting HashiCorp\u2019s Vault\u2019s SSH secrets engine. The National Institute of Standards and Technology<\/a> (NIST) has not yet evaluated this vulnerability\u2019s CVSS score but HashiCorp assigned it a base score of 7.5 (high).  <\/p>\n\n\n\n

An outside security researcher, J\u00f6rn Heissler<\/a>, discovered an issue with the valid_principals field in Vault\u2019s SSH secrets engine. This field did not require the valid_principals list to contain a value by default. By allowing this field to receive an empty string as valid, a malicious authorized user can request an SSH certificate that allows the attacker to authenticate as any user on the host. <\/p>\n\n\n\n

A successful attack could allow a bad actor unrestricted SSH access to systems, potentially leading to data breaches, service disruptions, and unauthorized control over critical infrastructure.<\/p>\n\n\n\n

What assets are affected by this vulnerability? <\/h2>\n\n\n\n

This vulnerability affects Vault Community Edition versions 1.7.7-1.17.5 and Vault Enterprise versions  1.7.7-1.17.5, as well as 1.16.9 and 1.15.14<\/p>\n\n\n\n

Is a fix available? <\/h2>\n\n\n\n

HashiCorp has released patches for CVE-2024-7594; organizations can deploy Vault Community Edition 1.17.6 or Vault Enterprise 1.17.6, 1.16.10, and 1.15.15 to remediate this issue.   <\/p>\n\n\n\n

Are there any other actions to take? <\/h2>\n\n\n\n

If it isn\u2019t possible to patch vulnerable instances, organizations can mitigate this vulnerability by setting the SSH secrets engine valid_principals<\/a> field to a non-empty value.<\/p>\n\n\n\n

Is CVE-2024-7594 being actively exploited? <\/h2>\n\n\n\n

As of October 1st, 2024, there have been no reports of active exploitation of this vulnerability.   <\/p>\n\n\n\n

How is CyCognito helping customers identify assets vulnerable to CVE-2024-7594? <\/h2>\n\n\n\n

CyCognito is investigating methods to deploy to actively detect this vulnerability. Meanwhile, users can check their assets may be vulnerable using provided filters in the CyCognito platform. All customers have access to an in-platform emerging security issue announcement as of October 1st, 2024. <\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Figure 1: The alert sent by CyCognito for CVE-2024-7594<\/p>\n\n\n\n

How can CyCognito help your organization? <\/h2>\n\n\n\n

CyCognito is an exposure management platform that reduces risk by discovering, testing and prioritizing security issues. The platform scans billions of websites, cloud applications and APIs and uses advanced AI to identify the most critical risks and guide remediation. Emerging companies, government agencies and Fortune 500 organizations rely on CyCognito to secure and protect from growing threats. Want to see how it works? Check out our website and explore our platform with a self-guided, interactive dashboard product tour<\/a>. To learn how CyCognito can help you understand your external attack surface and exposed risks, please visit our Contact Us page<\/a> to schedule a demo.<\/p>\n","protected":false},"excerpt":{"rendered":"

CVE-2024-7594 is a severe unrestricted authentication issue affecting HashiCorp\u2019s Vault\u2019s SSH secrets engine, specifically Vault Community Edition versions 1.7.7-1.17.5 and Vault Enterprise versions 1.7.7-1.17.5, as well as 1.16.9 and 1.15.14. HashiCorp has released patches for CVE-2024-7594 and organizations can mitigate vulnerable instances by setting the SSH secrets engine valid_principals field to a non-empty value. CyCognito is investigating methods to deploy to actively detect this vulnerability, but more information about this issue is available to users in the CyCognito platform. <\/p>\n","protected":false},"author":7,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[58,193,192,191,57],"class_list":["post-1184","post","type-post","status-publish","format-standard","hentry","category-research","tag-cve","tag-hashicorp","tag-unrestricted-authentication","tag-vault-ssh","tag-vulnerability"],"yoast_head":"\nEmerging Security Issue: HashiCorp Vault SSH CVE-2024-7594 | CyCognito Blog<\/title>\n<meta name=\"description\" content=\"CVE-2024-7594 is a severe issue affecting HashiCorp\u2019s Vault software. More information about this issue is available to users in the CyCognito platform.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.cycognito.com\/blog\/emerging-security-issue-hashicorp-vault-ssh-cve-2024-7594\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Emerging Security Issue: HashiCorp Vault SSH CVE-2024-7594\" \/>\n<meta property=\"og:description\" content=\"CVE-2024-7594 is a severe issue affecting HashiCorp\u2019s Vault software. More information about this issue is available to users in the CyCognito platform.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.cycognito.com\/blog\/emerging-security-issue-hashicorp-vault-ssh-cve-2024-7594\/\" \/>\n<meta property=\"og:site_name\" content=\"CyCognito Blog\" \/>\n<meta property=\"article:published_time\" content=\"2024-10-01T15:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/banner-blog-2024-10-01-2400x1256-email.png\" \/>\n\t<meta property=\"og:image:width\" content=\"2400\" \/>\n\t<meta property=\"og:image:height\" content=\"1256\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Emma Zaballos\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Emma Zaballos\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/emerging-security-issue-hashicorp-vault-ssh-cve-2024-7594\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/emerging-security-issue-hashicorp-vault-ssh-cve-2024-7594\/\"},\"author\":{\"name\":\"Emma Zaballos\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/42c314196e7f096a74bd885693643d58\"},\"headline\":\"Emerging Security Issue: HashiCorp Vault SSH CVE-2024-7594\",\"datePublished\":\"2024-10-01T15:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/emerging-security-issue-hashicorp-vault-ssh-cve-2024-7594\/\"},\"wordCount\":440,\"publisher\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/emerging-security-issue-hashicorp-vault-ssh-cve-2024-7594\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/CVE-2024-7594-Figure-1-1280x753.png\",\"keywords\":[\"CVE\",\"HashiCorp\",\"Unrestricted Authentication\",\"Vault SSH\",\"Vulnerability\"],\"articleSection\":[\"Research\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/emerging-security-issue-hashicorp-vault-ssh-cve-2024-7594\/\",\"url\":\"https:\/\/www.cycognito.com\/blog\/emerging-security-issue-hashicorp-vault-ssh-cve-2024-7594\/\",\"name\":\"Emerging Security Issue: HashiCorp Vault SSH CVE-2024-7594 | CyCognito Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/emerging-security-issue-hashicorp-vault-ssh-cve-2024-7594\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/emerging-security-issue-hashicorp-vault-ssh-cve-2024-7594\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/CVE-2024-7594-Figure-1-1280x753.png\",\"datePublished\":\"2024-10-01T15:00:00+00:00\",\"description\":\"CVE-2024-7594 is a severe issue affecting HashiCorp\u2019s Vault software. More information about this issue is available to users in the CyCognito platform.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/emerging-security-issue-hashicorp-vault-ssh-cve-2024-7594\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.cycognito.com\/blog\/emerging-security-issue-hashicorp-vault-ssh-cve-2024-7594\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/emerging-security-issue-hashicorp-vault-ssh-cve-2024-7594\/#primaryimage\",\"url\":\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/CVE-2024-7594-Figure-1.png\",\"contentUrl\":\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/CVE-2024-7594-Figure-1.png\",\"width\":1944,\"height\":1144},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/emerging-security-issue-hashicorp-vault-ssh-cve-2024-7594\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.cycognito.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Emerging Security Issue: HashiCorp Vault SSH CVE-2024-7594\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#website\",\"url\":\"https:\/\/www.cycognito.com\/blog\/\",\"name\":\"Cycognito Blog\",\"description\":\"Research, Product News and Latest Updates\",\"publisher\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.cycognito.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#organization\",\"name\":\"Cycognito\",\"url\":\"https:\/\/www.cycognito.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/logo-1720x550-1.png\",\"contentUrl\":\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/logo-1720x550-1.png\",\"width\":1720,\"height\":550,\"caption\":\"Cycognito\"},\"image\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/42c314196e7f096a74bd885693643d58\",\"name\":\"Emma Zaballos\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/7ff812a5ab34a955a1e815e6719c68a7?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/7ff812a5ab34a955a1e815e6719c68a7?s=96&d=mm&r=g\",\"caption\":\"Emma Zaballos\"},\"description\":\"Product Marketing Manager\",\"url\":\"https:\/\/www.cycognito.com\/blog\/author\/emma-zaballos\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Emerging Security Issue: HashiCorp Vault SSH CVE-2024-7594 | CyCognito Blog","description":"CVE-2024-7594 is a severe issue affecting HashiCorp\u2019s Vault software. More information about this issue is available to users in the CyCognito platform.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.cycognito.com\/blog\/emerging-security-issue-hashicorp-vault-ssh-cve-2024-7594\/","og_locale":"en_US","og_type":"article","og_title":"Emerging Security Issue: HashiCorp Vault SSH CVE-2024-7594","og_description":"CVE-2024-7594 is a severe issue affecting HashiCorp\u2019s Vault software. More information about this issue is available to users in the CyCognito platform.","og_url":"https:\/\/www.cycognito.com\/blog\/emerging-security-issue-hashicorp-vault-ssh-cve-2024-7594\/","og_site_name":"CyCognito Blog","article_published_time":"2024-10-01T15:00:00+00:00","og_image":[{"width":2400,"height":1256,"url":"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/banner-blog-2024-10-01-2400x1256-email.png","type":"image\/png"}],"author":"Emma Zaballos","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Emma Zaballos","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.cycognito.com\/blog\/emerging-security-issue-hashicorp-vault-ssh-cve-2024-7594\/#article","isPartOf":{"@id":"https:\/\/www.cycognito.com\/blog\/emerging-security-issue-hashicorp-vault-ssh-cve-2024-7594\/"},"author":{"name":"Emma Zaballos","@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/42c314196e7f096a74bd885693643d58"},"headline":"Emerging Security Issue: HashiCorp Vault SSH CVE-2024-7594","datePublished":"2024-10-01T15:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.cycognito.com\/blog\/emerging-security-issue-hashicorp-vault-ssh-cve-2024-7594\/"},"wordCount":440,"publisher":{"@id":"https:\/\/www.cycognito.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.cycognito.com\/blog\/emerging-security-issue-hashicorp-vault-ssh-cve-2024-7594\/#primaryimage"},"thumbnailUrl":"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/CVE-2024-7594-Figure-1-1280x753.png","keywords":["CVE","HashiCorp","Unrestricted Authentication","Vault SSH","Vulnerability"],"articleSection":["Research"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.cycognito.com\/blog\/emerging-security-issue-hashicorp-vault-ssh-cve-2024-7594\/","url":"https:\/\/www.cycognito.com\/blog\/emerging-security-issue-hashicorp-vault-ssh-cve-2024-7594\/","name":"Emerging Security Issue: HashiCorp Vault SSH CVE-2024-7594 | CyCognito Blog","isPartOf":{"@id":"https:\/\/www.cycognito.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.cycognito.com\/blog\/emerging-security-issue-hashicorp-vault-ssh-cve-2024-7594\/#primaryimage"},"image":{"@id":"https:\/\/www.cycognito.com\/blog\/emerging-security-issue-hashicorp-vault-ssh-cve-2024-7594\/#primaryimage"},"thumbnailUrl":"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/CVE-2024-7594-Figure-1-1280x753.png","datePublished":"2024-10-01T15:00:00+00:00","description":"CVE-2024-7594 is a severe issue affecting HashiCorp\u2019s Vault software. More information about this issue is available to users in the CyCognito platform.","breadcrumb":{"@id":"https:\/\/www.cycognito.com\/blog\/emerging-security-issue-hashicorp-vault-ssh-cve-2024-7594\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.cycognito.com\/blog\/emerging-security-issue-hashicorp-vault-ssh-cve-2024-7594\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.cycognito.com\/blog\/emerging-security-issue-hashicorp-vault-ssh-cve-2024-7594\/#primaryimage","url":"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/CVE-2024-7594-Figure-1.png","contentUrl":"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/CVE-2024-7594-Figure-1.png","width":1944,"height":1144},{"@type":"BreadcrumbList","@id":"https:\/\/www.cycognito.com\/blog\/emerging-security-issue-hashicorp-vault-ssh-cve-2024-7594\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.cycognito.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Emerging Security Issue: HashiCorp Vault SSH CVE-2024-7594"}]},{"@type":"WebSite","@id":"https:\/\/www.cycognito.com\/blog\/#website","url":"https:\/\/www.cycognito.com\/blog\/","name":"Cycognito Blog","description":"Research, Product News and Latest Updates","publisher":{"@id":"https:\/\/www.cycognito.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.cycognito.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.cycognito.com\/blog\/#organization","name":"Cycognito","url":"https:\/\/www.cycognito.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/logo-1720x550-1.png","contentUrl":"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/logo-1720x550-1.png","width":1720,"height":550,"caption":"Cycognito"},"image":{"@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/42c314196e7f096a74bd885693643d58","name":"Emma Zaballos","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/7ff812a5ab34a955a1e815e6719c68a7?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/7ff812a5ab34a955a1e815e6719c68a7?s=96&d=mm&r=g","caption":"Emma Zaballos"},"description":"Product Marketing Manager","url":"https:\/\/www.cycognito.com\/blog\/author\/emma-zaballos\/"}]}},"_links":{"self":[{"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/posts\/1184","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/comments?post=1184"}],"version-history":[{"count":2,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/posts\/1184\/revisions"}],"predecessor-version":[{"id":1187,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/posts\/1184\/revisions\/1187"}],"wp:attachment":[{"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/media?parent=1184"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/categories?post=1184"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/tags?post=1184"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}