Description
Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the SSH server or to prevent access via firewall rules.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Affected products
- erlang / OTP>= OTP-27.0-rc1, < OTP-27.3.3 β >= OTP-27.0-rc1, < OTP-27.3.3
- erlang / OTP>= OTP-26.0-rc1, < OTP-26.2.5.11 β >= OTP-26.0-rc1, < OTP-26.2.5.11
- erlang / OTP< OTP-25.3.2.20 β < OTP-25.3.2.20
Exploits & PoCs
- nucleiErlang/OTP SSH - Remote Code Executionby iamnoooob,rootxharsh,pdresearch,darses
References
- VENDOR_ADVISORYhttps://github.com/erlang/otp/security/advisories/GHSA-37cp-fgq5-7wc2
- PATCHhttps://github.com/erlang/otp/commit/0fcd9c56524b28615e8ece65fc0c3f66ef6e4c12
- PATCHhttps://github.com/erlang/otp/commit/6eef04130afc8b0ccb63c9a0d8650209cf54892f
- PATCHhttps://github.com/erlang/otp/commit/b1924d37fd83c070055beb115d5d6a6a9490b891