PatchSiren

PatchSiren cyber security CVE debrief

CVE-2024-54855 Vanilla-OS CVE debrief

CVE-2024-54855 is a vulnerability in fabricators Ltd Vanilla OS 2 Core image v1.1.0, involving static keys for the SSH service. This could allow attackers to execute a man-in-the-middle attack during connections with other hosts. The CVSS score is 6.4, with a severity of MEDIUM. Users of fabricators Ltd Vanilla OS 2 Core image v1.1.0 should be aware of this vulnerability and take necessary actions to mitigate the risk. The technical details involve the use of static keys for the SSH service, potentially allowing attackers to execute a man-in-the-middle attack. Medium priority should be given to addressing this vulnerability.

Vendor
Vanilla-OS
Product
core-image
CVSS
MEDIUM 6.4
CISA KEV
Not listed in stored evidence
Original CVE published
2026-01-13
Original CVE updated
2026-07-05
Advisory published
2026-01-13
Advisory updated
2026-07-05

Who should care

Users of fabricators Ltd Vanilla OS 2 Core image v1.1.0 should be aware of this vulnerability and take necessary actions to mitigate the risk.

Technical summary

The vulnerability is caused by the use of static keys for the SSH service in fabricators Ltd Vanilla OS 2 Core image v1.1.0. This could allow attackers to possibly execute a man-in-the-middle attack during connections with other hosts. The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:H.

Defensive priority

Medium priority should be given to addressing this vulnerability, as it has a CVSS score of 6.4 and could potentially be used to execute a man-in-the-middle attack.

Recommended defensive actions

  • Inventory and verify affected systems
  • Apply vendor patches or updates
  • Monitor for suspicious activity
  • Consider compensating controls

Evidence notes

The CVE record was published on 2026-01-13T16:15:54.730Z and was last modified on 2026-07-05T17:17:14.253Z. The NVD entry is currently Modified. Evidence is limited to public sources and may not reflect the full scope or current status of the vulnerability. Defenders should verify affected systems and apply vendor patches or updates as necessary.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-01-13T16:15:54.730Z and has not been modified since then. The NVD entry is currently Modified.