CVE-2024-54855 identifies a security vulnerability in the Vanilla OS 2 Core image version 1.1.0 developed by fabricators Ltd. The core issue is the inclusion of static, hardcoded SSH host keys within the OS image. SSH host keys are cryptographic keys used to uniquely identify a server during SSH connections, ensuring the client can verify it is connecting to the legitimate host. When static keys are reused across multiple deployments, an attacker who obtains the private key can impersonate any affected host, enabling man-in-the-middle (MITM) attacks. This allows interception, decryption, or manipulation of SSH traffic, undermining the confidentiality and integrity of communications. The vulnerability does not require user interaction but does require the attacker to be positioned to intercept or redirect network traffic, such as on a local network or via compromised routing. No CVSS score has been assigned yet, and no public exploits are known. The vulnerability affects all systems running the specified Vanilla OS image version, which may be used in embedded or specialized environments. The lack of patch links suggests no official fix is currently available, emphasizing the need for manual mitigation steps such as regenerating SSH keys after deployment or avoiding use of the affected image. This vulnerability is critical in environments relying on SSH for secure remote management or data transfer, as it directly compromises trust in host identity verification.

For European organizations, the impact of CVE-2024-54855 can be significant, especially for those relying on Vanilla OS 2 Core image v1.1.0 in critical infrastructure, telecommunications, government, or industrial control systems. The vulnerability enables attackers to perform MITM attacks on SSH connections, potentially leading to unauthorized access, data interception, credential theft, or injection of malicious commands. This compromises confidentiality and integrity of sensitive communications and could facilitate lateral movement within networks. The absence of unique host keys means attackers can impersonate multiple hosts, increasing the attack surface. Organizations with remote management or automated SSH-based workflows are particularly vulnerable. The lack of known exploits currently reduces immediate risk, but the static nature of keys means once the private key is obtained, all deployments are compromised. This could lead to espionage, data breaches, or disruption of services. The vulnerability also undermines trust in secure communications, which is critical for compliance with European data protection regulations such as GDPR. The impact is heightened in sectors with stringent security requirements and where Vanilla OS is deployed at scale.

To mitigate CVE-2024-54855, organizations should immediately audit all systems running Vanilla OS 2 Core image v1.1.0 to identify affected devices. The primary mitigation is to regenerate SSH host keys on each deployed system to ensure unique cryptographic identities. This can be done by deleting the static keys and generating new keys using ssh-keygen or equivalent tools, followed by restarting the SSH service. Organizations should avoid deploying or provisioning new devices with the vulnerable image until an official patched version is released. Network segmentation and monitoring should be enhanced to detect unusual SSH traffic or MITM indicators. Employing SSH certificate authorities or additional host verification mechanisms can reduce reliance on static keys. Where possible, use VPNs or other secure tunnels to protect SSH traffic from interception. Regularly update and patch systems once fixes become available. Additionally, organizations should educate administrators about verifying SSH host keys and detecting anomalies during SSH connections. Implementing strict access controls and logging for SSH sessions will help detect and respond to potential exploitation attempts.