I haven’t seen any discussion about this vulnerability here. This resurfaces in OpenSSH versions from 8.5p1 up to, but not including, 9.8p1.
This is what my rolling version of VyOS is running:
$ show version
Version: VyOS 1.5-rolling-202406020021
$ ssh -V
OpenSSH_9.2p1...
I’ll bet many in this community are vulnerable.
Summary of the exploit:
This vulnerability, if exploited, could lead to full system compromise where an attacker can execute arbitrary code with the highest privileges, resulting in a complete system takeover, installation of malware, data manipulation, and the creation of backdoors for persistent access. It could facilitate network propagation, allowing attackers to use a compromised system as a foothold to traverse and exploit other vulnerable systems within the organization.