CVE-2024-3094

XZ-Utils Supply Chain Backdoor Vulnerability Updated Advisory (CVE-2024-3094)

April 7, 2024

Vulnerability Overview Recently, NSFOCUS CERT detected that the security community disclosed a supply chain backdoor vulnerability in XZ-Utils (CVE-2024-3094), with a CVSS score of 10. Since the underlying layer of SSH relies on liblzma, when certain conditions are met, an attacker can use this vulnerability to bypass SSH authentication and gain unauthorized access on the […]

Search

Subscribe to the NSFOCUS Blog