CVE-2024-55560 identifies a critical security vulnerability in MailCleaner, an email security gateway product, affecting versions prior to the commit identified as 28d913e. The core issue is that the software installs with default SSH host keys—specifically ssh_host_dsa_key, ssh_host_rsa_key, and ssh_host_ed25519_key—that remain unchanged after installation. These default keys are likely publicly known or easily obtainable, which undermines the cryptographic trust model of SSH connections to the MailCleaner server. An attacker with network access can exploit this by performing man-in-the-middle (MITM) attacks, impersonating the MailCleaner server, or decrypting SSH traffic, thereby compromising confidentiality and integrity of communications. The vulnerability is remotely exploitable over the network without any authentication or user interaction, as indicated by the CVSS vector AV:N/AC:L/PR:N/UI:N. The CVSS score of 9.8 reflects the critical nature of this flaw, impacting confidentiality, integrity, and availability (C:H/I:H/A:H). Although no known exploits have been reported in the wild yet, the ease of exploitation and severity make this a high-priority issue. The vulnerability affects all installations using the default keys, which is a common scenario if administrators do not manually regenerate SSH host keys post-installation. The absence of patch links suggests that users should update to versions including the commit 28d913e or later, where this issue is resolved by regenerating unique SSH host keys during setup. This vulnerability highlights the importance of unique cryptographic key generation in security appliances to prevent impersonation and MITM attacks.

The impact of CVE-2024-55560 is severe for organizations relying on MailCleaner for email security. Attackers exploiting this vulnerability can impersonate the MailCleaner server, intercept or alter email traffic, and potentially gain unauthorized access to internal networks. This compromises the confidentiality and integrity of sensitive communications and can lead to further lateral movement within the network. The availability of the service may also be disrupted if attackers manipulate SSH connections or credentials. Given the critical CVSS score and the lack of required authentication, the vulnerability poses a significant risk to organizations’ email infrastructure, potentially enabling espionage, data breaches, and service outages. The threat is especially acute for enterprises, government agencies, and service providers that depend on MailCleaner for filtering and securing email traffic. Without timely mitigation, attackers could leverage this vulnerability to undermine trust in secure communications and gain footholds for broader attacks.

To mitigate CVE-2024-55560, organizations should immediately verify if their MailCleaner installations are using default SSH host keys. Administrators must regenerate SSH host keys (DSA, RSA, ED25519) to unique values immediately after installation or upgrade. This can typically be done by deleting the existing default keys and running the SSH key generation commands (e.g., ssh-keygen) on the MailCleaner server. Additionally, upgrading MailCleaner to the version including commit 28d913e or later is critical, as this update ensures default keys are not reused. Network administrators should also monitor SSH connections to MailCleaner servers for anomalies indicative of MITM attacks. Implementing strict SSH host key verification policies and using out-of-band methods to verify host keys can further reduce risk. Finally, organizations should audit their email security infrastructure regularly to detect any signs of compromise related to this vulnerability.