{"api_version":"1","generated_at":"2026-05-12T22:17:02+00:00","cve":"CVE-2024-6387","urls":{"html":"https://cve.report/CVE-2024-6387","api":"https://cve.report/api/cve/CVE-2024-6387.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2024-6387","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2024-6387"},"summary":{"title":"Openssh: regresshion - race condition in ssh allows rce/dos","description":"A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.","state":"PUBLISHED","assigner":"redhat","published_at":"2024-07-01 13:15:06","updated_at":"2026-05-12 12:17:20"},"problem_types":["CWE-364","CWE-362","CWE-364 Signal Handler Race Condition"],"metrics":[{"version":"3.1","source":"nvd@nist.gov","type":"Primary","score":"8.1","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"3.1","source":"secalert@redhat.com","type":"Secondary","score":"8.1","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"8.1","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","data":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":8.1,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2024/07/03/1","name":"http://www.openwall.com/lists/oss-security/2024/07/03/1","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"http://www.openwall.com/lists/oss-security/2024/07/10/6","name":"http://www.openwall.com/lists/oss-security/2024/07/10/6","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.exploit-db.com/exploits/52269","name":"https://www.exploit-db.com/exploits/52269","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://github.com/zgzhang/cve-2024-6387-poc","name":"https://github.com/zgzhang/cve-2024-6387-poc","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"http://www.openwall.com/lists/oss-security/2024/07/09/2","name":"http://www.openwall.com/lists/oss-security/2024/07/09/2","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2024-002.txt.asc","name":"https://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2024-002.txt.asc","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"http://www.openwall.com/lists/oss-security/2024/07/23/4","name":"http://www.openwall.com/lists/oss-security/2024/07/23/4","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://github.com/Azure/AKS/issues/4379","name":"https://github.com/Azure/AKS/issues/4379","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2294604","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2294604","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.arista.com/en/support/advisories-notices/security-advisory/19904-security-advisory-0100","name":"https://www.arista.com/en/support/advisories-notices/security-advisory/19904-security-advisory-0100","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://github.com/PowerShell/Win32-OpenSSH/issues/2249","name":"https://github.com/PowerShell/Win32-OpenSSH/issues/2249","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.vicarius.io/vsociety/posts/regresshion-an-openssh-regression-error-cve-2024-6387","name":"https://www.vicarius.io/vsociety/posts/regresshion-an-openssh-regression-error-cve-2024-6387","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"http://www.openwall.com/lists/oss-security/2024/07/03/3","name":"http://www.openwall.com/lists/oss-security/2024/07/03/3","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"http://www.openwall.com/lists/oss-security/2024/07/10/4","name":"http://www.openwall.com/lists/oss-security/2024/07/10/4","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://lists.almalinux.org/archives/list/announce@lists.almalinux.org/thread/23BF5BMGFVEVUI2WNVAGMLKT557EU7VY/","name":"https://lists.almalinux.org/archives/list/announce@lists.almalinux.org/thread/23BF5BMGFVEVUI2WNVAGMLKT557EU7VY/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"http://www.openwall.com/lists/oss-security/2024/07/03/2","name":"http://www.openwall.com/lists/oss-security/2024/07/03/2","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://cert-portal.siemens.com/productcert/html/ssa-082556.html","name":"https://cert-portal.siemens.com/productcert/html/ssa-082556.html","refsource":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://santandersecurityresearch.github.io/blog/sshing_the_masses.html","name":"https://santandersecurityresearch.github.io/blog/sshing_the_masses.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://github.com/oracle/oracle-linux/issues/149","name":"https://github.com/oracle/oracle-linux/issues/149","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2024:4389","name":"https://access.redhat.com/errata/RHSA-2024:4389","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"http://www.openwall.com/lists/oss-security/2024/07/23/6","name":"http://www.openwall.com/lists/oss-security/2024/07/23/6","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://ubuntu.com/security/CVE-2024-6387","name":"https://ubuntu.com/security/CVE-2024-6387","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://support.apple.com/kb/HT214120","name":"https://support.apple.com/kb/HT214120","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"http://www.openwall.com/lists/oss-security/2024/07/10/2","name":"http://www.openwall.com/lists/oss-security/2024/07/10/2","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"http://www.openwall.com/lists/oss-security/2024/07/04/2","name":"http://www.openwall.com/lists/oss-security/2024/07/04/2","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0010","name":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0010","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/security/cve/CVE-2024-6387","name":"https://access.redhat.com/security/cve/CVE-2024-6387","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"http://www.openwall.com/lists/oss-security/2024/07/03/5","name":"http://www.openwall.com/lists/oss-security/2024/07/03/5","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://news.ycombinator.com/item?id=40843778","name":"https://news.ycombinator.com/item?id=40843778","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://security.netapp.com/advisory/ntap-20240701-0001/","name":"https://security.netapp.com/advisory/ntap-20240701-0001/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://support.apple.com/kb/HT214118","name":"https://support.apple.com/kb/HT214118","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"http://www.openwall.com/lists/oss-security/2024/07/10/3","name":"http://www.openwall.com/lists/oss-security/2024/07/10/3","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"http://www.openwall.com/lists/oss-security/2024/07/03/4","name":"http://www.openwall.com/lists/oss-security/2024/07/03/4","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2024:4479","name":"https://access.redhat.com/errata/RHSA-2024:4479","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://github.com/openela-main/openssh/commit/e1f438970e5a337a17070a637c1b9e19697cad09","name":"https://github.com/openela-main/openssh/commit/e1f438970e5a337a17070a637c1b9e19697cad09","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server","name":"https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Press/Media Coverage","Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.akamai.com/blog/security-research/2024-openssh-vulnerability-regression-what-to-know-and-do","name":"https://www.akamai.com/blog/security-research/2024-openssh-vulnerability-regression-what-to-know-and-do","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://lists.mindrot.org/pipermail/openssh-unix-announce/2024-July/000158.html","name":"https://lists.mindrot.org/pipermail/openssh-unix-announce/2024-July/000158.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Release Notes"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"http://www.openwall.com/lists/oss-security/2024/07/09/5","name":"http://www.openwall.com/lists/oss-security/2024/07/09/5","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"http://www.openwall.com/lists/oss-security/2024/07/10/1","name":"http://www.openwall.com/lists/oss-security/2024/07/10/1","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"http://www.openwall.com/lists/oss-security/2024/07/04/1","name":"http://www.openwall.com/lists/oss-security/2024/07/04/1","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.theregister.com/2024/07/01/regresshion_openssh/","name":"https://www.theregister.com/2024/07/01/regresshion_openssh/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Press/Media Coverage","Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://sig-security.rocky.page/issues/CVE-2024-6387/","name":"https://sig-security.rocky.page/issues/CVE-2024-6387/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://security-tracker.debian.org/tracker/CVE-2024-6387","name":"https://security-tracker.debian.org/tracker/CVE-2024-6387","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.freebsd.org/security/advisories/FreeBSD-SA-24:04.openssh.asc","name":"https://www.freebsd.org/security/advisories/FreeBSD-SA-24:04.openssh.asc","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.splunk.com/en_us/blog/security/cve-2024-6387-regresshion-vulnerability.html","name":"https://www.splunk.com/en_us/blog/security/cve-2024-6387-regresshion-vulnerability.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"http://www.openwall.com/lists/oss-security/2024/07/28/2","name":"http://www.openwall.com/lists/oss-security/2024/07/28/2","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"http://www.openwall.com/lists/oss-security/2024/07/11/3","name":"http://www.openwall.com/lists/oss-security/2024/07/11/3","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://github.com/microsoft/azurelinux/issues/9555","name":"https://github.com/microsoft/azurelinux/issues/9555","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://stackdiary.com/openssh-race-condition-in-sshd-allows-remote-code-execution/","name":"https://stackdiary.com/openssh-race-condition-in-sshd-allows-remote-code-execution/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Press/Media Coverage","Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"http://www.openwall.com/lists/oss-security/2024/07/28/3","name":"http://www.openwall.com/lists/oss-security/2024/07/28/3","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://packetstorm.news/files/id/190587/","name":"https://packetstorm.news/files/id/190587/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"http://seclists.org/fulldisclosure/2024/Jul/20","name":"http://seclists.org/fulldisclosure/2024/Jul/20","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://arstechnica.com/security/2024/07/regresshion-vulnerability-in-openssh-gives-attackers-root-on-linux/","name":"https://arstechnica.com/security/2024/07/regresshion-vulnerability-in-openssh-gives-attackers-root-on-linux/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Press/Media Coverage","Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://cert-portal.siemens.com/productcert/html/ssa-446545.html","name":"https://cert-portal.siemens.com/productcert/html/ssa-446545.html","refsource":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"http://www.openwall.com/lists/oss-security/2024/07/01/12","name":"http://www.openwall.com/lists/oss-security/2024/07/01/12","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"http://seclists.org/fulldisclosure/2024/Jul/18","name":"http://seclists.org/fulldisclosure/2024/Jul/18","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2024:4484","name":"https://access.redhat.com/errata/RHSA-2024:4484","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"http://www.openwall.com/lists/oss-security/2024/07/11/1","name":"http://www.openwall.com/lists/oss-security/2024/07/11/1","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://support.apple.com/kb/HT214119","name":"https://support.apple.com/kb/HT214119","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2024:4474","name":"https://access.redhat.com/errata/RHSA-2024:4474","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"http://www.openwall.com/lists/oss-security/2024/07/01/13","name":"http://www.openwall.com/lists/oss-security/2024/07/01/13","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://forum.vmssoftware.com/viewtopic.php?f=8&t=9132","name":"https://forum.vmssoftware.com/viewtopic.php?f=8&t=9132","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2024:4312","name":"https://access.redhat.com/errata/RHSA-2024:4312","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"http://www.openwall.com/lists/oss-security/2024/07/08/2","name":"http://www.openwall.com/lists/oss-security/2024/07/08/2","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt","name":"https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2024:4340","name":"https://access.redhat.com/errata/RHSA-2024:4340","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"http://seclists.org/fulldisclosure/2024/Jul/19","name":"http://seclists.org/fulldisclosure/2024/Jul/19","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://github.com/PowerShell/Win32-OpenSSH/discussions/2248","name":"https://github.com/PowerShell/Win32-OpenSSH/discussions/2248","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.suse.com/security/cve/CVE-2024-6387.html","name":"https://www.suse.com/security/cve/CVE-2024-6387.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"http://www.openwall.com/lists/oss-security/2024/07/08/3","name":"http://www.openwall.com/lists/oss-security/2024/07/08/3","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"http://www.openwall.com/lists/oss-security/2024/07/02/1","name":"http://www.openwall.com/lists/oss-security/2024/07/02/1","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://github.com/AlmaLinux/updates/issues/629","name":"https://github.com/AlmaLinux/updates/issues/629","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://lists.mindrot.org/pipermail/openssh-unix-dev/2024-July/041431.html","name":"https://lists.mindrot.org/pipermail/openssh-unix-dev/2024-July/041431.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.openssh.com/txt/release-9.8","name":"https://www.openssh.com/txt/release-9.8","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://archlinux.org/news/the-sshd-service-needs-to-be-restarted-after-upgrading-to-openssh-98p1/","name":"https://archlinux.org/news/the-sshd-service-needs-to-be-restarted-after-upgrading-to-openssh-98p1/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"http://www.openwall.com/lists/oss-security/2024/07/03/11","name":"http://www.openwall.com/lists/oss-security/2024/07/03/11","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2024:4469","name":"https://access.redhat.com/errata/RHSA-2024:4469","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://explore.alas.aws.amazon.com/CVE-2024-6387.html","name":"https://explore.alas.aws.amazon.com/CVE-2024-6387.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://ubuntu.com/security/notices/USN-6859-1","name":"https://ubuntu.com/security/notices/USN-6859-1","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://github.com/rapier1/hpn-ssh/issues/87","name":"https://github.com/rapier1/hpn-ssh/issues/87","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2024-6387","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-6387","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","version":"unaffected 0:8.7p1-38.el9_4.1 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","version":"unaffected 0:8.7p1-38.el9_4.1 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions","version":"unaffected 0:8.7p1-12.el9_0.1 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.2 Extended Update Support","version":"unaffected 0:8.7p1-30.el9_2.4 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.13","version":"unaffected 413.92.202407091321-0 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.14","version":"unaffected 414.92.202407091253-0 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.15","version":"unaffected 415.92.202407091355-0 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.16","version":"unaffected 416.94.202407081958-0 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Ceph Storage 5","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Ceph Storage 6","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Ceph Storage 7","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","version":"","platforms":[]},{"source":"ADP","vendor":"Siemens","product":"Industrial Edge Management OS (IEM-OS)","version":"affected * custom","platforms":[]},{"source":"ADP","vendor":"Siemens","product":"SIMATIC S7-1500 CPU 1518-4 PN/DP MFP","version":"affected V3.1.5 * custom","platforms":[]},{"source":"ADP","vendor":"Siemens","product":"SIMATIC S7-1500 CPU 1518-4 PN/DP MFP","version":"affected V3.1.5 * custom","platforms":[]},{"source":"ADP","vendor":"Siemens","product":"SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP","version":"affected V3.1.5 * custom","platforms":[]},{"source":"ADP","vendor":"Siemens","product":"SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP","version":"affected V3.1.5 * custom","platforms":[]},{"source":"ADP","vendor":"Siemens","product":"SINAMICS IIoT module","version":"affected V1.0 HF1 custom","platforms":[]},{"source":"ADP","vendor":"Siemens","product":"SINEMA Remote Connect Server","version":"affected V3.2 SP2 custom","platforms":[]},{"source":"ADP","vendor":"Siemens","product":"SINUMERIK ONE","version":"affected V6.24 custom","platforms":[]},{"source":"ADP","vendor":"Siemens","product":"SIPLUS S7-1500 CPU 1518-4 PN/DP MFP","version":"affected V3.1.5 * custom","platforms":[]}],"timeline":[{"source":"CNA","time":"2024-06-27T00:00:00.000Z","lang":"en","value":"Reported to Red Hat."},{"source":"CNA","time":"2024-07-01T08:00:00.000Z","lang":"en","value":"Made public."}],"solutions":[],"workarounds":[{"source":"CNA","title":"","value":"The below process can protect against a Remote Code Execution attack by disabling the LoginGraceTime parameter on Red Hat Enterprise Linux 9. However, the sshd server is still vulnerable to a Denial of Service if an attacker exhausts all the connections.\n\n1) As root user, open the /etc/ssh/sshd_config\n2) Add or edit the parameter configuration:\n~~~\nLoginGraceTime 0\n~~~\n3) Save and close the file\n4) Restart the sshd daemon:\n~~~\nsystemctl restart sshd.service\n~~~\n\nSetting LoginGraceTime to 0 disables the SSHD server's ability to drop connections if authentication is not completed within the specified timeout. If this mitigation is implemented, it is highly recommended to use a tool like 'fail2ban' alongside a firewall to monitor log files and manage connections appropriately.\n\nIf any of the mitigations mentioned above is used, please note that the removal of LoginGraceTime parameter from sshd_config is not automatic when the updated package is installed.","time":"","lang":"en"}],"exploits":[],"credits":[{"source":"CNA","value":"Red Hat would like to thank Qualys Threat Research Unit (TRU) (Qualys) for reporting this issue.","lang":"en"}],"nvd_cpes":[{"cve_year":"2024","cve_id":"6387","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"almalinux","cpe5":"almalinux","cpe6":"9.0","cpe7":"-","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"6387","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"macos","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"6387","vulnerable":"1","versionEndIncluding":"4.32.1f","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"arista","cpe5":"eos","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"6387","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"23.10","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"6387","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"24.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"6387","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"500f","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"6387","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"500f_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"6387","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"8300","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"6387","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"8300_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"6387","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"8700","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"6387","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"8700_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"6387","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"a150","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"6387","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"a150_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"6387","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"a1k","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"6387","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"a1k_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"6387","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"a220","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"6387","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"a220_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"6387","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"a250","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"6387","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"a250_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"6387","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"a400","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"6387","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"a400_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"6387","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"a70","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"6387","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"a700s","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"6387","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"a700s_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"6387","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"a70_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"6387","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"a800","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"6387","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"a800_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"6387","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"a90","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"6387","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"a900","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"6387","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"a900_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"6387","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"a90_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"6387","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"a9500","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"6387","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"a9500_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"6387","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"bootstrap_os","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"6387","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"c190","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"6387","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"c190_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"6387","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"c250","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"6387","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"c250_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"6387","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"c400","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"6387","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"c400_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"6387","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"c800","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"6387","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"c800_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"6387","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"fas2720","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"6387","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"fas2720_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"6387","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"fas2750","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"6387","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"fas2750_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"6387","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"fas2820","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"6387","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"fas2820_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"6387","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"hci_compute_node","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"6387","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"sonicwall","cpe5":"sma_6200","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"6387","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"sonicwall","cpe5":"sma_6200_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"6387","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"sonicwall","cpe5":"sma_6210","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"6387","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"sonicwall","cpe5":"sma_6210_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"6387","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"sonicwall","cpe5":"sma_7200","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"6387","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"sonicwall","cpe5":"sma_7200_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"6387","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"sonicwall","cpe5":"sma_7210","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"6387","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"sonicwall","cpe5":"sma_7210_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"6387","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"sonicwall","cpe5":"sma_8200v","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"6387","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"sonicwall","cpe5":"sma_8200v_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"6387","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"sonicwall","cpe5":"sra_ex_7000","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"6387","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"sonicwall","cpe5":"sra_ex_7000_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2024-6387","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","timestamp":"2024-07-02T13:18:34.695298Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2024-07-02T13:18:46.662Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"},{"providerMetadata":{"dateUpdated":"2025-04-24T18:35:27.934Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"url":"https://www.vicarius.io/vsociety/posts/regresshion-an-openssh-regression-error-cve-2024-6387"},{"url":"https://www.exploit-db.com/exploits/52269"},{"url":"https://packetstorm.news/files/id/190587/"},{"tags":["x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2024/07/01/12"},{"tags":["x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2024/07/01/13"},{"tags":["x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2024/07/02/1"},{"tags":["x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2024/07/03/1"},{"tags":["x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2024/07/03/11"},{"tags":["x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2024/07/03/2"},{"tags":["x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2024/07/03/3"},{"tags":["x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2024/07/03/4"},{"tags":["x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2024/07/03/5"},{"tags":["x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2024/07/04/1"},{"tags":["x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2024/07/04/2"},{"tags":["x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2024/07/08/2"},{"tags":["x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2024/07/08/3"},{"tags":["x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2024/07/09/2"},{"tags":["x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2024/07/09/5"},{"tags":["x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2024/07/10/1"},{"tags":["x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2024/07/10/2"},{"tags":["x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2024/07/10/3"},{"tags":["x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2024/07/10/4"},{"tags":["x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2024/07/10/6"},{"tags":["x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2024/07/11/1"},{"tags":["x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2024/07/11/3"},{"tags":["x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2024/07/23/4"},{"tags":["x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2024/07/23/6"},{"tags":["x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2024/07/28/2"},{"tags":["x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2024/07/28/3"},{"name":"RHSA-2024:4312","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2024:4312"},{"name":"RHSA-2024:4340","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2024:4340"},{"name":"RHSA-2024:4389","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2024:4389"},{"name":"RHSA-2024:4469","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2024:4469"},{"name":"RHSA-2024:4474","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2024:4474"},{"name":"RHSA-2024:4479","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2024:4479"},{"name":"RHSA-2024:4484","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2024:4484"},{"tags":["vdb-entry","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/security/cve/CVE-2024-6387"},{"tags":["x_transferred"],"url":"https://archlinux.org/news/the-sshd-service-needs-to-be-restarted-after-upgrading-to-openssh-98p1/"},{"tags":["x_transferred"],"url":"https://arstechnica.com/security/2024/07/regresshion-vulnerability-in-openssh-gives-attackers-root-on-linux/"},{"tags":["x_transferred"],"url":"https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server"},{"name":"RHBZ#2294604","tags":["issue-tracking","x_refsource_REDHAT","x_transferred"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2294604"},{"tags":["x_transferred"],"url":"https://explore.alas.aws.amazon.com/CVE-2024-6387.html"},{"tags":["x_transferred"],"url":"https://forum.vmssoftware.com/viewtopic.php?f=8&t=9132"},{"tags":["x_transferred"],"url":"https://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2024-002.txt.asc"},{"tags":["x_transferred"],"url":"https://github.com/AlmaLinux/updates/issues/629"},{"tags":["x_transferred"],"url":"https://github.com/Azure/AKS/issues/4379"},{"tags":["x_transferred"],"url":"https://github.com/PowerShell/Win32-OpenSSH/discussions/2248"},{"tags":["x_transferred"],"url":"https://github.com/PowerShell/Win32-OpenSSH/issues/2249"},{"tags":["x_transferred"],"url":"https://github.com/microsoft/azurelinux/issues/9555"},{"tags":["x_transferred"],"url":"https://github.com/openela-main/openssh/commit/e1f438970e5a337a17070a637c1b9e19697cad09"},{"tags":["x_transferred"],"url":"https://github.com/oracle/oracle-linux/issues/149"},{"tags":["x_transferred"],"url":"https://github.com/rapier1/hpn-ssh/issues/87"},{"tags":["x_transferred"],"url":"https://github.com/zgzhang/cve-2024-6387-poc"},{"tags":["x_transferred"],"url":"https://lists.almalinux.org/archives/list/announce@lists.almalinux.org/thread/23BF5BMGFVEVUI2WNVAGMLKT557EU7VY/"},{"tags":["x_transferred"],"url":"https://lists.mindrot.org/pipermail/openssh-unix-announce/2024-July/000158.html"},{"tags":["x_transferred"],"url":"https://lists.mindrot.org/pipermail/openssh-unix-dev/2024-July/041431.html"},{"tags":["x_transferred"],"url":"https://news.ycombinator.com/item?id=40843778"},{"tags":["x_transferred"],"url":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0010"},{"tags":["x_transferred"],"url":"https://santandersecurityresearch.github.io/blog/sshing_the_masses.html"},{"tags":["x_transferred"],"url":"https://security-tracker.debian.org/tracker/CVE-2024-6387"},{"tags":["x_transferred"],"url":"https://security.netapp.com/advisory/ntap-20240701-0001/"},{"tags":["x_transferred"],"url":"https://sig-security.rocky.page/issues/CVE-2024-6387/"},{"tags":["x_transferred"],"url":"https://stackdiary.com/openssh-race-condition-in-sshd-allows-remote-code-execution/"},{"tags":["x_transferred"],"url":"https://ubuntu.com/security/CVE-2024-6387"},{"tags":["x_transferred"],"url":"https://ubuntu.com/security/notices/USN-6859-1"},{"tags":["x_transferred"],"url":"https://www.akamai.com/blog/security-research/2024-openssh-vulnerability-regression-what-to-know-and-do"},{"tags":["x_transferred"],"url":"https://www.arista.com/en/support/advisories-notices/security-advisory/19904-security-advisory-0100"},{"tags":["x_transferred"],"url":"https://www.freebsd.org/security/advisories/FreeBSD-SA-24:04.openssh.asc"},{"tags":["x_transferred"],"url":"https://www.openssh.com/txt/release-9.8"},{"tags":["x_transferred"],"url":"https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt"},{"tags":["x_transferred"],"url":"https://www.splunk.com/en_us/blog/security/cve-2024-6387-regresshion-vulnerability.html"},{"tags":["x_transferred"],"url":"https://www.suse.com/security/cve/CVE-2024-6387.html"},{"tags":["x_transferred"],"url":"https://www.theregister.com/2024/07/01/regresshion_openssh/"},{"tags":["x_transferred"],"url":"https://support.apple.com/kb/HT214119"},{"tags":["x_transferred"],"url":"https://support.apple.com/kb/HT214118"},{"tags":["x_transferred"],"url":"https://support.apple.com/kb/HT214120"},{"tags":["x_transferred"],"url":"http://seclists.org/fulldisclosure/2024/Jul/20"},{"tags":["x_transferred"],"url":"http://seclists.org/fulldisclosure/2024/Jul/18"},{"tags":["x_transferred"],"url":"http://seclists.org/fulldisclosure/2024/Jul/19"}],"title":"CVE Program Container","x_generator":{"engine":"ADPogram 0.0.1"}},{"affected":[{"defaultStatus":"unknown","product":"Industrial Edge Management OS (IEM-OS)","vendor":"Siemens","versions":[{"lessThan":"*","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"SIMATIC S7-1500 CPU 1518-4 PN/DP MFP","vendor":"Siemens","versions":[{"lessThan":"*","status":"affected","version":"V3.1.5","versionType":"custom"}]},{"defaultStatus":"unknown","product":"SIMATIC S7-1500 CPU 1518-4 PN/DP MFP","vendor":"Siemens","versions":[{"lessThan":"*","status":"affected","version":"V3.1.5","versionType":"custom"}]},{"defaultStatus":"unknown","product":"SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP","vendor":"Siemens","versions":[{"lessThan":"*","status":"affected","version":"V3.1.5","versionType":"custom"}]},{"defaultStatus":"unknown","product":"SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP","vendor":"Siemens","versions":[{"lessThan":"*","status":"affected","version":"V3.1.5","versionType":"custom"}]},{"defaultStatus":"unknown","product":"SINAMICS IIoT module","vendor":"Siemens","versions":[{"lessThan":"V1.0 HF1","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"SINEMA Remote Connect Server","vendor":"Siemens","versions":[{"lessThan":"V3.2 SP2","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"SINUMERIK ONE","vendor":"Siemens","versions":[{"lessThan":"V6.24","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"SIPLUS S7-1500 CPU 1518-4 PN/DP MFP","vendor":"Siemens","versions":[{"lessThan":"*","status":"affected","version":"V3.1.5","versionType":"custom"}]}],"providerMetadata":{"dateUpdated":"2026-05-12T11:39:26.672Z","orgId":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e","shortName":"siemens-SADP"},"references":[{"url":"https://cert-portal.siemens.com/productcert/html/ssa-446545.html"},{"url":"https://cert-portal.siemens.com/productcert/html/ssa-082556.html"}],"x_adpType":"supplier"}],"cna":{"affected":[{"collectionURL":"https://www.openssh.com/","defaultStatus":"unaffected","packageName":"OpenSSH","repo":"https://anongit.mindrot.org/openssh.git","versions":[{"lessThanOrEqual":"9.7p1","status":"affected","version":"8.5p1","versionType":"custom"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream","cpe:/o:redhat:enterprise_linux:9::baseos"],"defaultStatus":"affected","packageName":"openssh","product":"Red Hat Enterprise Linux 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:8.7p1-38.el9_4.1","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream","cpe:/o:redhat:enterprise_linux:9::baseos"],"defaultStatus":"affected","packageName":"openssh","product":"Red Hat Enterprise Linux 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:8.7p1-38.el9_4.1","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:rhel_e4s:9.0::appstream","cpe:/o:redhat:rhel_e4s:9.0::baseos"],"defaultStatus":"affected","packageName":"openssh","product":"Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:8.7p1-12.el9_0.1","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:rhel_eus:9.2::baseos","cpe:/a:redhat:rhel_eus:9.2::appstream"],"defaultStatus":"affected","packageName":"openssh","product":"Red Hat Enterprise Linux 9.2 Extended Update Support","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:8.7p1-30.el9_2.4","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:openshift:4.13::el9","cpe:/a:redhat:openshift:4.13::el8"],"defaultStatus":"affected","packageName":"rhcos","product":"Red Hat OpenShift Container Platform 4.13","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"413.92.202407091321-0","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:openshift:4.14::el8","cpe:/a:redhat:openshift:4.14::el9"],"defaultStatus":"affected","packageName":"rhcos","product":"Red Hat OpenShift Container Platform 4.14","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"414.92.202407091253-0","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:openshift:4.15::el8","cpe:/a:redhat:openshift:4.15::el9"],"defaultStatus":"affected","packageName":"rhcos","product":"Red Hat OpenShift Container Platform 4.15","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"415.92.202407091355-0","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:openshift:4.16::el9"],"defaultStatus":"affected","packageName":"rhcos","product":"Red Hat OpenShift Container Platform 4.16","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"416.94.202407081958-0","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:ceph_storage:5"],"defaultStatus":"unaffected","packageName":"openssh","product":"Red Hat Ceph Storage 5","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:ceph_storage:6"],"defaultStatus":"unaffected","packageName":"openssh","product":"Red Hat Ceph Storage 6","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:ceph_storage:7"],"defaultStatus":"unaffected","packageName":"openssh","product":"Red Hat Ceph Storage 7","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:enterprise_linux:10"],"defaultStatus":"unaffected","packageName":"openssh","product":"Red Hat Enterprise Linux 10","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:enterprise_linux:6"],"defaultStatus":"unaffected","packageName":"openssh","product":"Red Hat Enterprise Linux 6","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:enterprise_linux:7"],"defaultStatus":"unaffected","packageName":"openssh","product":"Red Hat Enterprise Linux 7","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:enterprise_linux:8"],"defaultStatus":"unaffected","packageName":"openssh","product":"Red Hat Enterprise Linux 8","vendor":"Red Hat"}],"credits":[{"lang":"en","value":"Red Hat would like to thank Qualys Threat Research Unit (TRU) (Qualys) for reporting this issue."}],"datePublic":"2024-07-01T08:00:00.000Z","descriptions":[{"lang":"en","value":"A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period."}],"metrics":[{"other":{"content":{"namespace":"https://access.redhat.com/security/updates/classification/","value":"Important"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":8.1,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-364","description":"Signal Handler Race Condition","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2025-12-11T06:17:03.387Z","orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat"},"references":[{"name":"RHSA-2024:4312","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2024:4312"},{"name":"RHSA-2024:4340","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2024:4340"},{"name":"RHSA-2024:4389","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2024:4389"},{"name":"RHSA-2024:4469","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2024:4469"},{"name":"RHSA-2024:4474","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2024:4474"},{"name":"RHSA-2024:4479","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2024:4479"},{"name":"RHSA-2024:4484","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2024:4484"},{"tags":["vdb-entry","x_refsource_REDHAT"],"url":"https://access.redhat.com/security/cve/CVE-2024-6387"},{"name":"RHBZ#2294604","tags":["issue-tracking","x_refsource_REDHAT"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2294604"},{"url":"https://santandersecurityresearch.github.io/blog/sshing_the_masses.html"},{"url":"https://www.openssh.com/txt/release-9.8"},{"url":"https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt"}],"timeline":[{"lang":"en","time":"2024-06-27T00:00:00.000Z","value":"Reported to Red Hat."},{"lang":"en","time":"2024-07-01T08:00:00.000Z","value":"Made public."}],"title":"Openssh: regresshion - race condition in ssh allows rce/dos","workarounds":[{"lang":"en","value":"The below process can protect against a Remote Code Execution attack by disabling the LoginGraceTime parameter on Red Hat Enterprise Linux 9. However, the sshd server is still vulnerable to a Denial of Service if an attacker exhausts all the connections.\n\n1) As root user, open the /etc/ssh/sshd_config\n2) Add or edit the parameter configuration:\n~~~\nLoginGraceTime 0\n~~~\n3) Save and close the file\n4) Restart the sshd daemon:\n~~~\nsystemctl restart sshd.service\n~~~\n\nSetting LoginGraceTime to 0 disables the SSHD server's ability to drop connections if authentication is not completed within the specified timeout. If this mitigation is implemented, it is highly recommended to use a tool like 'fail2ban' alongside a firewall to monitor log files and manage connections appropriately.\n\nIf any of the mitigations mentioned above is used, please note that the removal of LoginGraceTime parameter from sshd_config is not automatic when the updated package is installed."}],"x_generator":{"engine":"cvelib 1.8.0"},"x_redhatCweChain":"CWE-364: Signal Handler Race Condition"}},"cveMetadata":{"assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","assignerShortName":"redhat","cveId":"CVE-2024-6387","datePublished":"2024-07-01T12:37:25.431Z","dateReserved":"2024-06-27T13:41:03.421Z","dateUpdated":"2026-05-12T11:39:26.672Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2024-07-01 13:15:06","lastModifiedDate":"2026-05-12 12:17:20","problem_types":["CWE-364","CWE-362","CWE-364 Signal Handler Race Condition"],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}]},"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:sonicwall:sma_6200_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"92EF92CC-8175-4319-A529-AF979BAE5FCE"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:sonicwall:sma_6200:-:*:*:*:*:*:*:*","matchCriteriaId":"17BDC1B0-BE6A-4680-A78E-5338AD709095"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:sonicwall:sma_7200_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"2FCBF1E6-3A6E-430A-AB34-AA48D4478C5F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:sonicwall:sma_7200:-:*:*:*:*:*:*:*","matchCriteriaId":"4C366A02-074C-4F98-AE68-30E0FF85CD00"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*","versionStartIncluding":"4.32.0","versionEndIncluding":"4.32.1f","matchCriteriaId":"A5DA3089-31AA-499E-9C23-788503BE55B7"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:23.10:*:*:*:*:*:*:*","matchCriteriaId":"602CE21C-E1A9-4407-A504-CF4E58F596F5"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:24.04:*:*:*:lts:*:*:*","matchCriteriaId":"BF90B5A4-6E55-4369-B9D4-E7A061E797D2"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:almalinux:almalinux:9.0:-:*:*:*:*:*:*","matchCriteriaId":"57B93E9A-1483-4FF7-BF45-BD0D7D9F1747"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:sonicwall:sma_6210_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"F87F7D08-7A28-493A-96BB-74C142109F8D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:sonicwall:sma_6210:-:*:*:*:*:*:*:*","matchCriteriaId":"0734D1E1-2F59-4832-875F-AB03994B8992"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:sonicwall:sma_7210_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"7592AE3D-D749-4494-9A55-71E2FD9BDFC0"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:sonicwall:sma_7210:-:*:*:*:*:*:*:*","matchCriteriaId":"A15BA659-19D1-49AA-B249-EAE5E63B9B9A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:sonicwall:sma_8200v_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"3CE83596-82B9-4656-8E50-50D79DF06FB0"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:sonicwall:sma_8200v:-:*:*:*:*:*:*:*","matchCriteriaId":"68369A76-B0C3-4736-9EE6-4E0034111591"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:sonicwall:sra_ex_7000_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"CCF845D8-65AE-4165-9742-B56E86AB7D21"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:sonicwall:sra_ex_7000:-:*:*:*:*:*:*:*","matchCriteriaId":"0D435EFD-7B02-4921-8AC5-BBF07277F4B2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:a1k_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"7F65C59D-249A-4790-892C-B78CF82E51CF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netapp:a1k:-:*:*:*:*:*:*:*","matchCriteriaId":"8E0E9D71-AF09-41F4-A1C7-94F616AF2832"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:a70_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"6F7D6B02-55FE-4BF1-8607-A0D703E61055"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netapp:a70:-:*:*:*:*:*:*:*","matchCriteriaId":"D0FFEBCB-88AF-4AB2-A347-FB9420D2302A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:a90_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"550C1E38-56A3-4676-9D28-D66F66BA2FC8"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netapp:a90:-:*:*:*:*:*:*:*","matchCriteriaId":"4812740A-7E14-4B43-8E08-3FACA2585B48"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:a700s_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"FDD92BFA-9117-4E6E-A13F-ED064B4B7284"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netapp:a700s:-:*:*:*:*:*:*:*","matchCriteriaId":"4B7DA42F-5D64-4967-A2D4-6210FE507841"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:8300_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"4E73901F-666D-4D8B-BDFD-93DD2F70C74B"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netapp:8300:-:*:*:*:*:*:*:*","matchCriteriaId":"D0FD5AED-42CF-4918-B32C-D675738EF15C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:8700_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"34B25BEF-8708-4E2C-8BA6-EBCD5267EB04"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netapp:8700:-:*:*:*:*:*:*:*","matchCriteriaId":"CE0F11D2-B5D9-46B4-BFC5-C86BC87D516A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:a400_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"04E3BD77-8915-4FFC-8483-5DB5D610F829"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netapp:a400:-:*:*:*:*:*:*:*","matchCriteriaId":"97E94ECB-BB51-4364-BEDD-8648C193196F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:c400_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"9AC7AD92-8B33-4137-A4EC-08641E4AF857"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netapp:c400:-:*:*:*:*:*:*:*","matchCriteriaId":"AD443748-B0D1-4C1A-A62E-BD5FB5967370"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:a250_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"1236B66D-EB11-4324-929F-E2B86683C3C7"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netapp:a250:-:*:*:*:*:*:*:*","matchCriteriaId":"281DFC67-46BB-4FC2-BE03-3C65C9311F65"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:500f_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"ECF32BB1-9A58-4821-AE49-5D5C8200631F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netapp:500f:-:*:*:*:*:*:*:*","matchCriteriaId":"F21DE67F-CDFD-4D36-9967-633CD0240C6F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:c250_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"F1AB1EC2-2560-494A-A51B-6F20CE318FEB"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netapp:c250:-:*:*:*:*:*:*:*","matchCriteriaId":"58DE2B52-4E49-4CD0-9310-00291B0352C7"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:a800_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"B36CECA5-4545-49C2-92EB-B739407B207F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netapp:a800:-:*:*:*:*:*:*:*","matchCriteriaId":"D8E7549A-DE35-4274-B3F6-22D51C7A6613"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:c800_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"B5AE3364-DB2D-4543-B1E2-175BF8BEBEE7"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netapp:c800:-:*:*:*:*:*:*:*","matchCriteriaId":"B64173B9-2A11-4390-AC76-7DD94F0CD305"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:a900_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"93B9B933-7D69-4B33-8983-C1CEC000B38B"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netapp:a900:-:*:*:*:*:*:*:*","matchCriteriaId":"641290E6-558D-439F-AEBA-8F7BFF3D5C74"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:a9500_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"DEAA16D1-1E27-4128-BA14-5A0C59340EAA"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netapp:a9500:-:*:*:*:*:*:*:*","matchCriteriaId":"D1C0A781-C3E2-4B41-8A30-FAD9E826270E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:c190_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"75A43965-CB2E-4C28-AFC3-1ADE7A6B845C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netapp:c190:-:*:*:*:*:*:*:*","matchCriteriaId":"0D421A96-E6E9-4B27-ADE0-D8E87A82EEDE"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:a150_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"775078AE-16E0-4AF6-9022-372FC2852107"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netapp:a150:-:*:*:*:*:*:*:*","matchCriteriaId":"17D14D7F-E8E5-4669-8DB4-C634D0705EE9"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:a220_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"4F2D2745-242C-4603-899E-70C9025BDDD2"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netapp:a220:-:*:*:*:*:*:*:*","matchCriteriaId":"EFB4541D-5EF7-4266-BFF3-2DDEC95E8012"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:fas2720_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"B7FD1DA9-7980-4643-B378-7095892DA176"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netapp:fas2720:-:*:*:*:*:*:*:*","matchCriteriaId":"347E9E3E-941C-4109-B59F-B9BB05486B34"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:fas2750_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"AD661062-0D5B-4671-9D92-FEF8D7395C1E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netapp:fas2750:-:*:*:*:*:*:*:*","matchCriteriaId":"8155BF5F-DD1B-4AB4-81F8-9BCE6A8821AE"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:fas2820_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"F997DB9A-AF66-4CE1-B33B-A04493ECBA19"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netapp:fas2820:-:*:*:*:*:*:*:*","matchCriteriaId":"E0E8CD85-6C01-4B70-A1AA-750B46295194"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*","matchCriteriaId":"95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*","matchCriteriaId":"AD7447BC-F315-4298-A822-549942FC118B"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*","versionStartIncluding":"12.0","versionEndExcluding":"12.7.6","matchCriteriaId":"EA924D87-8FAE-4E34-83F7-A5E25C7450E5"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*","versionStartIncluding":"13.0","versionEndExcluding":"13.6.8","matchCriteriaId":"7008225C-B5B9-4F87-9392-DD2080717E9A"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*","versionStartIncluding":"14.0","versionEndExcluding":"14.6","matchCriteriaId":"51E2E93B-C5A3-4C83-B806-2EC555AD45FE"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*","versionEndExcluding":"4.4","matchCriteriaId":"1102FFF5-77B1-400E-93F8-AC6CFE2CC93C"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*","versionStartIncluding":"8.6","versionEndIncluding":"9.8","matchCriteriaId":"F45F69D6-7E32-4483-9EFC-63697CDDD22C"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:4.4:-:*:*:*:*:*:*","matchCriteriaId":"4C37CBBB-A4AA-40D0-9609-0620FDC12BA8"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:8.5:p1:*:*:*:*:*:*","matchCriteriaId":"7945F60B-460E-4CA6-9EB4-BEE663386D50"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:8.6:-:*:*:*:*:*:*","matchCriteriaId":"CB66ECE1-715A-4074-9355-E3512F7BCDBB"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*","matchCriteriaId":"932D137F-528B-4526-9A89-CD59FA1AB0FE"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_eus:9.4:*:*:*:*:*:*:*","matchCriteriaId":"B03506D7-0FCD-47B7-90F6-DDEEB5C5A733"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:*:*:*:*:*:*:*","matchCriteriaId":"2F7DAD7C-9369-4A87-A1D0-4208D3AF0CDC"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.4_aarch64:*:*:*:*:*:*:*","matchCriteriaId":"01363FFA-F7A6-43FC-8D47-E67F95410095"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*","matchCriteriaId":"FB056B47-1F45-4CE4-81F6-872F66C24C29"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.4_s390x:*:*:*:*:*:*:*","matchCriteriaId":"F843B777-5C64-4CAE-80D6-89DC2C9515B1"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*","matchCriteriaId":"E07C1C58-0E5F-4B56-9B8D-5DE67DB00F79"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:*","matchCriteriaId":"FC3CBA5D-9E5D-4C46-B37E-7BB35BE8DADB"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:*:*:*:*:*:*:*","matchCriteriaId":"39D345D3-108A-4551-A112-5EE51991411A"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_micro:6.0:*:*:*:*:*:*:*","matchCriteriaId":"09F471C6-69AF-4E78-8143-17E783C80B9F"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*","matchCriteriaId":"46D69DCC-AE4D-4EA5-861C-D60951444C6C"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:22.04:*:*:*:lts:*:*:*","matchCriteriaId":"359012F1-2C63-415A-88B8-6726A87830DE"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:22.10:*:*:*:-:*:*:*","matchCriteriaId":"47842532-D2B6-44CB-ADE2-4AC8630A4D8C"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:23.04:*:*:*:lts:*:*:*","matchCriteriaId":"21538C5B-A130-411E-B5F7-BBBA4C9D488A"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:amazon:amazon_linux:2023.0:*:*:*:*:*:*:*","matchCriteriaId":"F7D34E98-F549-4261-A42D-B37066C638B4"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*","matchCriteriaId":"3A756737-1CC4-42C2-A4DF-E1C893B4E2D5"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"11.0.0","versionEndIncluding":"11.70.2","matchCriteriaId":"8C5DA53D-744B-4087-AEA9-257F18949E4D"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:ontap:9:*:*:*:*:*:*:*","matchCriteriaId":"A20333EE-4C13-426E-8B54-D78679D5DDB8"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*","matchCriteriaId":"E7CF3019-975D-40BB-A8A4-894E62BD3797"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:ontap_tools:9:*:*:*:*:vmware_vsphere:*:*","matchCriteriaId":"C2D814BE-93EC-42EF-88C5-EA7E7DF07BE5"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:ontap_tools:10:*:*:*:*:vmware_vsphere:*:*","matchCriteriaId":"5333B745-F7A3-46CB-8437-8668DB08CD6F"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:13.2:-:*:*:*:*:*:*","matchCriteriaId":"A87EFA20-DD6B-41C5-98FD-A29F67D2E732"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:13.2:p1:*:*:*:*:*:*","matchCriteriaId":"2888B0C1-4D85-42EC-9696-03FAD0A9C28F"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:13.2:p10:*:*:*:*:*:*","matchCriteriaId":"556F4943-7BA4-4E09-94B3-4515DC3C7807"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:13.2:p11:*:*:*:*:*:*","matchCriteriaId":"6AFEC561-D79B-498B-B59D-1D82B21BDF1A"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:13.2:p2:*:*:*:*:*:*","matchCriteriaId":"A3306F11-D3C0-41D6-BB5E-2ABDC3927715"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:13.2:p3:*:*:*:*:*:*","matchCriteriaId":"9E584FE1-3A34-492B-B10F-508DA7CBA768"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:13.2:p4:*:*:*:*:*:*","matchCriteriaId":"A5605E90-D125-4CC9-8B9F-F5EED9D4EE0C"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:13.2:p5:*:*:*:*:*:*","matchCriteriaId":"761B4382-E857-4868-9F80-189B7F60256B"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:13.2:p6:*:*:*:*:*:*","matchCriteriaId":"51B17801-15FD-4425-BA6C-BE06B14F1BFE"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:13.2:p7:*:*:*:*:*:*","matchCriteriaId":"E9CAFF74-AD36-4D29-83F3-23E0417C485D"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:13.2:p8:*:*:*:*:*:*","matchCriteriaId":"1B2D2A82-BFFE-45FE-9F79-4AF12C6DE69D"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:13.2:p9:*:*:*:*:*:*","matchCriteriaId":"E7A81663-047E-4328-BE3A-CF65AB55B29F"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:13.3:-:*:*:*:*:*:*","matchCriteriaId":"17DAE911-21E1-4182-85A0-B9F0059DDA7F"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:13.3:p1:*:*:*:*:*:*","matchCriteriaId":"ABEA48EC-24EA-4106-9465-CE66B938635F"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:13.3:p2:*:*:*:*:*:*","matchCriteriaId":"8DFB5BD0-E777-4CAA-B2E0-3F3357D06D01"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:13.3:p3:*:*:*:*:*:*","matchCriteriaId":"BC8C769C-A23E-4F61-AC42-4DA64421B096"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.0:-:*:*:*:*:*:*","matchCriteriaId":"FA25530A-133C-4D7C-8993-D5C42D79A0B5"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.0:beta5:*:*:*:*:*:*","matchCriteriaId":"DB7B021E-F4AD-44AC-96AB-8ACAF8AB1B88"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.0:p1:*:*:*:*:*:*","matchCriteriaId":"69A72B5A-2189-4700-8E8B-1E5E7CA86C40"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.0:p2:*:*:*:*:*:*","matchCriteriaId":"5771F187-281B-4680-B562-EFC7441A8F88"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.0:p3:*:*:*:*:*:*","matchCriteriaId":"0A4437F5-9DDA-4769-974E-23BFA085E0DB"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.0:p4:*:*:*:*:*:*","matchCriteriaId":"A9C3A3D4-C9F4-41EB-B532-821AF83470B1"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.0:p5:*:*:*:*:*:*","matchCriteriaId":"878A1F0A-087F-47D7-9CA5-A54BB8D6676A"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.0:p6:*:*:*:*:*:*","matchCriteriaId":"CE73CDC3-B5A7-4921-89C6-8F9DC426CB3E"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.0:p7:*:*:*:*:*:*","matchCriteriaId":"50A5E650-31FB-45BE-8827-641B58A83E45"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.0:rc3:*:*:*:*:*:*","matchCriteriaId":"038E5B85-7F60-4D71-8D3F-EDBF6E036CE0"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.0:rc4-p1:*:*:*:*:*:*","matchCriteriaId":"BF309824-D379-4749-A1FA-BCB2987DD671"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.1:-:*:*:*:*:*:*","matchCriteriaId":"79D770C6-7A57-4A49-8164-C55391F62301"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.1:p1:*:*:*:*:*:*","matchCriteriaId":"AA813990-8C8F-4EE8-9F2B-9F73C510A7B2"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netbsd:netbsd:*:*:*:*:*:*:*:*","versionEndIncluding":"10.0.0","matchCriteriaId":"A6A2EBE8-012E-470E-9E56-56ACBE345F78"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2024","CveId":"6387","Ordinal":"1","Title":"Openssh: regresshion - race condition in ssh allows rce/dos","CVE":"CVE-2024-6387","Year":"2024"},"notes":[{"CveYear":"2024","CveId":"6387","Ordinal":"1","NoteData":"A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.","Type":"Description","Title":"Openssh: regresshion - race condition in ssh allows rce/dos"}]}}}