PatchSiren cyber security CVE debrief
CVE-2024-54855 Vanilla-OS CVE debrief
CVE-2024-54855 is a vulnerability in fabricators Ltd Vanilla OS 2 Core image v1.1.0, involving static keys for the SSH service. This could allow attackers to execute a man-in-the-middle attack during connections with other hosts. The CVSS score is 6.4, with a severity of MEDIUM. Users of fabricators Ltd Vanilla OS 2 Core image v1.1.0 should be aware of this vulnerability and take necessary actions to mitigate the risk. The technical details involve the use of static keys for the SSH service, potentially allowing attackers to execute a man-in-the-middle attack. Medium priority should be given to addressing this vulnerability.
- Vendor
- Vanilla-OS
- Product
- core-image
- CVSS
- MEDIUM 6.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-01-13
- Original CVE updated
- 2026-07-05
- Advisory published
- 2026-01-13
- Advisory updated
- 2026-07-05
Who should care
Users of fabricators Ltd Vanilla OS 2 Core image v1.1.0 should be aware of this vulnerability and take necessary actions to mitigate the risk.
Technical summary
The vulnerability is caused by the use of static keys for the SSH service in fabricators Ltd Vanilla OS 2 Core image v1.1.0. This could allow attackers to possibly execute a man-in-the-middle attack during connections with other hosts. The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:H.
Defensive priority
Medium priority should be given to addressing this vulnerability, as it has a CVSS score of 6.4 and could potentially be used to execute a man-in-the-middle attack.
Recommended defensive actions
- Inventory and verify affected systems
- Apply vendor patches or updates
- Monitor for suspicious activity
- Consider compensating controls
Evidence notes
The CVE record was published on 2026-01-13T16:15:54.730Z and was last modified on 2026-07-05T17:17:14.253Z. The NVD entry is currently Modified. Evidence is limited to public sources and may not reflect the full scope or current status of the vulnerability. Defenders should verify affected systems and apply vendor patches or updates as necessary.
Official resources
-
CVE-2024-54855 CVE record
CVE.org
-
CVE-2024-54855 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Exploit, Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-01-13T16:15:54.730Z and has not been modified since then. The NVD entry is currently Modified.