Skip to main content
CVE Vulnerability Database

CVE-2024-0723: freeSSHd DoS Vulnerability on Windows

CVE-2024-0723 is a denial of service vulnerability in freeSSHd 1.0.9 on Windows that can be exploited remotely. This article covers the technical details, affected versions, security impact, and mitigation.

Published:

CVE-2024-0723 Overview

CVE-2024-0723 is a denial of service vulnerability affecting freeSSHd version 1.0.9 running on Microsoft Windows. The flaw allows a remote, unauthenticated attacker to disrupt the SSH service availability through network-based exploitation. The vulnerability is categorized under [CWE-404] Improper Resource Shutdown or Release.

Public disclosure of the exploit has occurred through Packet Storm Security, increasing the risk of opportunistic attacks. The vulnerability carries identifier VDB-251547 in the VulDB database. Although the impact is limited to availability, the network attack vector and absence of authentication requirements make exposed freeSSHd instances attractive targets.

Critical Impact

Remote unauthenticated attackers can crash the freeSSHd service on Windows hosts, eliminating SSH-based remote access and file transfer functionality until manual restart.

Affected Products

  • freeSSHd 1.0.9
  • Microsoft Windows (all supported versions running freeSSHd)
  • Any Windows environment using freeSSHd for SSH or SFTP services

Discovery Timeline

  • 2024-01-19 - CVE-2024-0723 published to NVD
  • 2026-06-17 - Last updated in NVD database

Technical Details for CVE-2024-0723

Vulnerability Analysis

The vulnerability resides in freeSSHd 1.0.9, a Windows-based SSH server that is no longer actively maintained. An attacker sends crafted network traffic to the listening SSH service to trigger a denial of service condition. The exact code path remains undocumented in the public advisory, but the impact is confirmed as service unavailability.

The issue is classified under [CWE-404], which covers improper release or shutdown of resources. This typically indicates that the daemon fails to properly clean up allocated resources or handle malformed input, leading to a crash or hang. The lack of an active maintainer for freeSSHd amplifies the long-term risk for organizations still running the software.

The EPSS probability of 3.649% (88th percentile) indicates elevated likelihood of exploitation activity compared to the average CVE. Public exploit material is referenced through Packet Storm Security, lowering the technical barrier for attackers.

Root Cause

The root cause is improper resource handling within the freeSSHd service when processing certain network input. Resources are not released or terminated correctly, producing a fault condition in the server process. Because freeSSHd 1.0.9 is the last released version and the project is abandoned, no upstream fix exists.

Attack Vector

Exploitation occurs over the network against the exposed freeSSHd listening port, typically TCP/22. The attacker requires no credentials and no user interaction. A single crafted session or malformed packet sequence is sufficient to produce the denial of service.

No verified exploit code is reproduced here. The Packet Storm advisory describes the trigger conditions for the denial of service. See the Packet Storm DoS Vulnerability advisory for technical details.

Detection Methods for CVE-2024-0723

Indicators of Compromise

  • Unexpected termination or unresponsiveness of the FreeSSHDService.exe process on Windows hosts
  • Windows Event Log entries showing application crashes tied to freeSSHd
  • Inbound TCP connections to port 22 from unknown sources immediately preceding service failure
  • Loss of SSH/SFTP connectivity to Windows endpoints running freeSSHd

Detection Strategies

  • Monitor process lifecycle events for FreeSSHDService.exe, alerting on unscheduled stops or restarts
  • Inspect Windows Application Event Log for faulting application records referencing freeSSHd binaries
  • Deploy network detection rules to flag malformed SSH protocol handshakes against Windows hosts on TCP/22
  • Correlate SSH connection attempts with subsequent service availability changes using endpoint telemetry

Monitoring Recommendations

  • Enable service availability monitoring with automatic restart policies for SSH services on Windows
  • Aggregate Windows Event Logs and SSH access logs into a central SIEM for correlation
  • Track external scanning activity targeting TCP/22 against assets identified as Windows endpoints
  • Inventory all hosts running freeSSHd to maintain accurate exposure visibility

How to Mitigate CVE-2024-0723

Immediate Actions Required

  • Identify and inventory all Windows systems running freeSSHd 1.0.9 across the environment
  • Restrict inbound access to the freeSSHd listening port using host-based and network firewalls
  • Replace freeSSHd with a maintained SSH server such as OpenSSH for Windows or Bitvise SSH Server
  • Decommission freeSSHd on hosts where SSH services are not strictly required

Patch Information

No vendor patch is available for CVE-2024-0723. The freeSSHd project is no longer actively maintained, and version 1.0.9 is the final release. Affected organizations must migrate to a supported SSH server implementation. Microsoft provides a native OpenSSH server feature on modern Windows versions that serves as a direct replacement.

Workarounds

  • Restrict freeSSHd access through Windows Firewall rules limiting source IPs to known administrative networks
  • Place freeSSHd behind a VPN or bastion host to eliminate direct internet exposure
  • Disable the freeSSHd service when SSH access is not actively required
  • Configure automatic service recovery in Windows Service Control Manager to restart the daemon after a crash
bash
# Example: Enable native Windows OpenSSH server as replacement
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0
Start-Service sshd
Set-Service -Name sshd -StartupType 'Automatic'
New-NetFirewallRule -Name sshd -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.