CVE-2024-6387
critical-risk
Published 2024-07-01
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
Do I need to act?
!
44.6% chance of exploitation in next 30 days
EPSS score — higher than 55% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.1/10
High
NETWORK
/ HIGH complexity
Affected Products (20)
Sma 6200 Firmware
Sma 7200 Firmware
Sma 6210 Firmware
Sma 7210 Firmware
8300 Firmware
8700 Firmware
A400 Firmware
Affected Vendors
References (91)
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:4312
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:4340
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:4389
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:4469
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:4474
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:4479
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:4484
Third Party Advisory
https://access.redhat.com/security/cve/CVE-2024-6387
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2294604
Release Notes
https://www.openssh.com/txt/release-9.8
Mailing List
http://seclists.org/fulldisclosure/2024/Jul/18
Mailing List
http://seclists.org/fulldisclosure/2024/Jul/19
Mailing List
http://seclists.org/fulldisclosure/2024/Jul/20
and 71 more references
70
/ 100
critical-risk
Severity
24/34 · High
Exploitability
17/34 · Moderate
Exposure
29/34 · Critical