Volerion logoVolerion
Volerion logoVolerion

SSH Communication Security PrivX User Impersonation Vulnerability

Vulnerability

A user impersonation vulnerability has been identified in SSH Communication Security PrivX versions 18.0 prior to 36.0. The issue arises from inadequate validation of public key signatures in native SSH connections through a proxy port. This flaw enables a PrivX user (account A) to impersonate another user (account B) and access SSH target hosts available to account B.

Impact

Exploitation of this vulnerability allows a PrivX user to impersonate another user and gain unauthorized access to SSH target hosts that the impersonated user can access.

Remediation

Users are advised to upgrade to PrivX versions 35.3, 36.1, 37.0 or later. If an immediate upgrade is not possible, and the feature of connecting with the native SSH client via ProxyCommand is not used, the proxy port 1080 can be blocked on PrivX nodes.

Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm
spread
0.8
impact
1.3
exploitability
5.2
remediation
7.9
relevance
0.0
threat
0.0
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.