CVE-2024-6387 | Armis Vulnerability Intelligence Database

Description Preview

A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). This vulnerability arises from a race condition that can lead sshd to handle certain signals in an unsafe manner. An unauthenticated, remote attacker may exploit this vulnerability by failing to authenticate within a specified time period, which could result in remote code execution (RCE) or denial of service (DoS). The vulnerability affects OpenSSH versions from 8.5p1 up to 9.7p1, and it has been classified with a CVSS base score of 8.1, indicating a high severity level.

Overview

CVE ID: CVE-2024-6387
Published Date: July 1, 2024
Severity: High (CVSS Score: 8.1)
Attack Vector: Network
Impact: High impact on confidentiality, integrity, and availability
Affected Versions: OpenSSH versions 8.5p1 to 9.7p1
Vulnerability Type: Signal Handler Race Condition (CWE-364)

Remediation

To mitigate the risk associated with CVE-2024-6387, it is recommended to:

Update OpenSSH to a version that is not affected by this vulnerability (e.g., versions beyond 9.7p1).
As a temporary workaround, disable the LoginGraceTime parameter in the SSH daemon configuration:
- Open the /etc/ssh/sshd_config file as the root user.
- Add or edit the following line:
```
LoginGraceTime 0
```
- Save and close the file.
- Restart the SSH daemon with:
```
systemctl restart sshd.service
```
Note: Disabling LoginGraceTime may expose the server to denial of service attacks if an attacker exhausts all connections. It is advisable to use additional security measures, such as fail2ban, to monitor connections.

References

Industry ExposureMost to least
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.

Public Administration: Medium
Public Administration
Manufacturing: Medium
Manufacturing
Health Care & Social Assistance: Medium
Health Care & Social Assistance
Educational Services: Medium
Educational Services
Professional, Scientific, & Technical Services: Medium
Professional, Scientific, & Technical Services
Finance and Insurance: Medium
Finance and Insurance
Transportation & Warehousing: Medium
Transportation & Warehousing
Retail Trade: Medium
Retail Trade
Utilities: Medium
Utilities
Other Services (except Public Administration): Medium
Other Services (except Public Administration)
Arts, Entertainment & Recreation: Low
Arts, Entertainment & Recreation
Information: Low
Information
Management of Companies & Enterprises: Low
Management of Companies & Enterprises
Agriculture, Forestry Fishing & Hunting: Low
Agriculture, Forestry Fishing & Hunting
Accommodation & Food Services: Low
Accommodation & Food Services
Mining: Low
Mining
Construction: Low
Construction
Real Estate Rental & Leasing: Low
Real Estate Rental & Leasing
Administrative, Support, Waste Management & Remediation Services: Low
Administrative, Support, Waste Management & Remediation Services
Wholesale Trade: Low
Wholesale Trade

^{CVE-2024-6387:}CVE-2024-6387 is a security regression in OpenSSH that introduces a race condition in the SSH daemon (sshd), potentially allowing unauthenticated remote attackers to execute arbitrary code or cause a denial of service.

Description Preview

Overview

Remediation

References

Focus on What Matters

Let's talk!