CVE-2024-6387: OpenSSH regreSSHion Attack (CVE-2024-6387)

Published Jun 27, 2024
·
Updated

A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.

Credit

CVE-2024-6387, Mickey Jin@@patch1t, CVE-2023-6277, CVE-2023-52356, Yisumi, sqrtpwn, Minghao Lin(Zhejiang University), Jiaxun Zhu(Zhejiang University), Patrick Wardle(DoubleYou), Adam M., Zhongquan Li@@Guluisacat(Dawn Security Lab of JingDong), Csaba Fitzl@@theevilbit(Kandji), Claudio Bozzato(Cisco Talos), Francesco Benvenuto(Cisco Talos), CVE-2024-23296, Yadhu Krishna M(Cyber Security At Suma Soft Pvt), Narendra Bhati(Cyber Security At Suma Soft Pvt), Manager(Cyber Security At Suma Soft Pvt), Pune (India), Kirin@@Pwnrin, Joshua Jones, an anonymous researcher, Marcio Almeida(Tanto Security), Jiahui Hu (梅零落)(NorthSea), Meng Zhang (鲸落)(NorthSea), Matthew Loewen, Michael DePlante@@izobashi(Trend Micro Zero Day Initiative), D4m0n, Amir Bazine(CrowdStrike Counter Adversary Operations), Karsten König(CrowdStrike Counter Adversary Operations), CVE-2024-2004, CVE-2024-2379, CVE-2024-2398, CVE-2024-2466, Minghao Lin(Baidu Security), (Baidu Security), Ye Zhang@@VAR10CK(Baidu Security), IES Red Team(ByteDance), Linwz(DEVCORE), Yeto, CertiK SkyFall Team, Yann Gascuel(Alter Solutions), w0wbox, Junsung Lee(Trend Micro Zero Day Initiative), (CrowdStrike Counter Adversary Operations), Gandalf4a, Wang Yu(Cyberserval), CVE-2024-40805, Rodolphe BRUNETTI@@eisw0lf, Pedro Tôrres@@t0rr3sp3dr0, Mickey Jin@@patch1t(Kandji), (Kandji), Mateen Alinaghi, Csaba Fitzl@@theevilbit(Offensive Security), Wojciech Regula(SecuRing), (Dawn Security Lab of JingDong), Jiwon Park, Bistrit Dahal, Srijan Poudel, Arsenii Kostromin (0x3c3e), ajajfxhj, Huang Xilin(Ant Group Light), Maksymilian Motyl, Johan Carlsson (joaxcar), Seunghyun Lee@@0x10n(KAIST Hacking Lab working with Trend Micro Zero Day Initiative), CVE-2024-4558, Matthew Butler, Gary Kwong, Andreas Jaegersberger, Ro Achterberg, Abhay Kailasia@@abhay_kailasia(Lakshmi Narain College of Technology Bhopal India)

Affected Software

186 affected componentsFixes available
Microsoft Azure Arc Resource Bridge
Patch available
Microsoft Azure Arc Resource Bridge
Microsoft Azure Arc Resource Bridge
Patch available
Apple macOS Sonoma<14.6
14.6
Microsoft CBL Mariner 2.0 ARM
Patch available
Microsoft CBL Mariner 2.0 x64
Patch available
F5 BIG-IP Next>=20.1.0<=20.2.1
F5 BIG-IP Next Central Manager>=20.1.0<=20.2.1
F5 BIG-IP Next SPK>=1.7.0<=1.9.2
F5 BIG-IP Next CNF>=1.1.0<=1.3.1
Microsoft Azure Kubernetes Service Node on Ubuntu Linux
Patch available
Microsoft Azure Kubernetes Service Node on Azure Linux
Patch available
Apple macOS Monterey<12.7.6
12.7.6
Apple macOS Ventura<13.6.8
13.6.8
Fortinet FortiADC>=7.4.0<=7.4.4
Fortinet FortiADC>=7.2.0<=7.2.6
Fortinet FortiAIOps>=2.0.0<=2.0.1
Fortinet FortiAnalyzer>=7.4.0<=7.4.3
Fortinet FortiAnalyzer>=7.2.0<=7.2.5
Fortinet FortiAnalyzer>=7.0.0<=7.0.12
Fortinet FortiAnalyzer>=6.4.0<=6.4.14
Fortinet FortiAnalyzer-BigData=.
Fortinet FortiAuthenticator>=6.6.0<=6.6.1
Fortinet FortiDDoS>=5.7.0<=5.7.3
Fortinet FortiDDoS-F>=7.0.0<=7.0.1
Fortinet FortiDeceptor>=5.3.0<=5.3.1
Fortinet FortiDeceptor=.
Fortinet FortiExtender>=7.4.0<=7.4.5
Fortinet FortiExtender>=7.2.0<=7.2.5
Fortinet FortiExtender>=7.0.0<=7.0.5
Fortinet FortiGuest=.
Fortinet FortiGuest>=1.2.0<=1.2.1
Fortinet FortiGuest>=1.1
Fortinet FortiGuest>=1.0
Fortinet FortiMail>=7.4.0<=7.4.2
Fortinet FortiMail>=7.2.0<=7.2.6
Fortinet FortiMail>=7.0.0<=7.0.7
Fortinet FortiMail>=6.4.0<=6.4.8
Fortinet FortiManager>=7.4.0<=7.4.3
Fortinet FortiManager>=7.2.0<=7.2.5
Fortinet FortiManager>=7.0.0<=7.0.12
Fortinet FortiManager>=6.4.0<=6.4.14
Fortinet FortiManager Cloud>=7.2.3<=7.2.4
Fortinet FortiManager Cloud=.
Fortinet FortiManager Cloud=.
Fortinet FortiManager Cloud>=7.0.6<=7.0.7
Fortinet FortiNAC-F=.
Fortinet FortiNAC-F>=7.2.0<=7.2.6
Fortinet FortiRecorder>=7.2.0<=7.2.1
Fortinet FortiRecorder>=7.0.0<=7.0.4
Fortinet FortiRecorder>=6.4.0<=6.4.5
Fortinet FortiRecorder>=6.0.0<=6.0.12
Fortinet FortiSandbox>=4.4.0<=4.4.6
Fortinet FortiSandbox>=4.2.0<=4.2.7
Fortinet FortiSandbox>=4.0.0<=4.0.5
Fortinet FortiSandbox>=3.2
Fortinet FortiSwitch>=7.4.0<=7.4.3
Fortinet FortiSwitch>=7.2.0<=7.2.8
Fortinet FortiVoice>=7.0.0<=7.0.2
Fortinet FortiVoice>=6.4.0<=6.4.9
Fortinet FortiWLC>=8.6.0<=8.6.7
Fortinet FortiWeb=.
Fortinet FortiWeb>=7.4.0<=7.4.4
Fortinet FortiWeb>=7.2.0<=7.2.9
redhat/openssh 8.7p1<38
38
All of the following
SonicWall Sma 6200 Firmware
SonicWall Sma 6200
All of the following
SonicWall Sma 7200 Firmware
SonicWall Sma 7200
Arista EOS>=4.32.0<=4.32.1f
Canonical Ubuntu Linux=23.10
Canonical Ubuntu Linux=24.04
AlmaLinux Almalinux=9.0
All of the following
SonicWall Sma 6210 Firmware
SonicWall Sma 6210
All of the following
SonicWall Sma 7210 Firmware
SonicWall Sma 7210
All of the following
SonicWall Sma 8200v Firmware
SonicWall Sma 8200v
All of the following
SonicWall Sra Ex 7000 Firmware
SonicWall Sra Ex 7000
All of the following
NetApp A1k Firmware
NetApp A1k
All of the following
NetApp A70 Firmware
NetApp A70
All of the following
NetApp A90 Firmware
NetApp A90
All of the following
NetApp A700s Firmware
NetApp A700s
All of the following
NetApp 8300 Firmware
NetApp 8300
All of the following
NetApp 8700 Firmware
NetApp 8700
All of the following
NetApp A400 Firmware
NetApp A400
All of the following
NetApp C400 Firmware
NetApp C400
All of the following
NetApp A250 Firmware
NetApp A250
All of the following
NetApp 500f Firmware
NetApp 500f
All of the following
NetApp C250 Firmware
NetApp C250
All of the following
NetApp A800 Firmware
NetApp A800
All of the following
NetApp C800 Firmware
NetApp C800
All of the following
NetApp A900 Firmware
NetApp A900
All of the following
NetApp A9500 Firmware
NetApp A9500
All of the following
NetApp C190 Firmware
NetApp C190
All of the following
NetApp A150 Firmware
NetApp A150
All of the following
NetApp A220 Firmware
NetApp A220
All of the following
NetApp Fas2720 Firmware
NetApp Fas2720
All of the following
NetApp Fas2750 Firmware
NetApp Fas2750
All of the following
NetApp Fas2820 Firmware
NetApp Fas2820
All of the following
NetApp Bootstrap Os
NetApp Hci Compute Node
Apple macOS>=12.0<12.7.6
Apple macOS>=13.0<13.6.8
Apple macOS>=14.0<14.6
OpenBSD OpenSSH<4.4
OpenBSD OpenSSH>=8.6<=9.8
OpenBSD OpenSSH=4.4
OpenBSD OpenSSH=8.5-p1
OpenBSD OpenSSH=8.6
redhat OpenShift Container Platform=4.0
redhat Enterprise Linux=9.0
redhat Enterprise Linux Eus=9.4
redhat Enterprise Linux For Arm 64=9.0_aarch64
redhat Enterprise Linux For Arm 64 Eus=9.4_aarch64
redhat Enterprise Linux For Ibm Z Systems=9.0_s390x
redhat Enterprise Linux For Ibm Z Systems Eus=9.4_s390x
redhat Enterprise Linux For Power Little Endian=9.0_ppc64le
redhat Enterprise Linux For Power Little Endian Eus=9.4_ppc64le
redhat Enterprise Linux Server Aus=9.4
SUSE Linux Enterprise Micro=6.0
Debian Debian Linux=12.0
Canonical Ubuntu Linux=22.04
Canonical Ubuntu Linux=22.10
Canonical Ubuntu Linux=23.04
Amazon Amazon Linux=2023.0
NetApp Active Iq Unified Manager Vmware Vsphere
NetApp E-Series SANtricity OS Controller>=11.0.0<=11.70.2
NetApp Ontap=9
NetApp ONTAP Select Deploy administration utility
NetApp Ontap Tools Vmware Vsphere=9
NetApp Ontap Tools Vmware Vsphere=10
FreeBSD FreeBSD=13.2
FreeBSD FreeBSD=13.2-p1
FreeBSD FreeBSD=13.2-p10
FreeBSD FreeBSD=13.2-p11
FreeBSD FreeBSD=13.2-p2
FreeBSD FreeBSD=13.2-p3
FreeBSD FreeBSD=13.2-p4
FreeBSD FreeBSD=13.2-p5
FreeBSD FreeBSD=13.2-p6
FreeBSD FreeBSD=13.2-p7
FreeBSD FreeBSD=13.2-p8
FreeBSD FreeBSD=13.2-p9
FreeBSD FreeBSD=13.3
FreeBSD FreeBSD=13.3-p1
FreeBSD FreeBSD=13.3-p2
FreeBSD FreeBSD=13.3-p3
FreeBSD FreeBSD=14.0
FreeBSD FreeBSD=14.0-beta5
FreeBSD FreeBSD=14.0-p1
FreeBSD FreeBSD=14.0-p2
FreeBSD FreeBSD=14.0-p3
FreeBSD FreeBSD=14.0-p4
FreeBSD FreeBSD=14.0-p5
FreeBSD FreeBSD=14.0-p6
FreeBSD FreeBSD=14.0-p7
FreeBSD FreeBSD=14.0-rc3
FreeBSD FreeBSD=14.0-rc4-p1
FreeBSD FreeBSD=14.1
FreeBSD FreeBSD=14.1-p1
NetBSD NetBSD<=10.0.0
debian/openssh
1:8.4p1-5+deb11u31:8.4p1-5+deb11u71:9.2p1-2+deb12u101:9.2p1-2+deb12u91:10.0p1-7+deb13u41:10.0p1-7+deb13u21:10.3p1-11:10.3p1-2

Remediation

Patch Available

http://www.openwall.com/lists/oss-security/2024/07/03/3

Patch Available

https://github.com/openela-main/openssh/commit/e1f438970e5a337a17070a637c1b9e19697cad09

Patch Available

https://lists.mindrot.org/pipermail/openssh-unix-dev/2024-July/041431.html

Patch Available

https://news.ycombinator.com/item?id=40843778

Mitigation

Set LoginGraceTime to 0 in /etc/ssh/sshd_config. This makes sshd vulnerable to a denial of service (the exhaustion of all MaxStartups connections), but it makes it safe from this vulnerability.

Event History

Jun 27, 2024
Data Sourced
via Red Hat·03:50 PM
DescriptionSeverityAffected Software
Jul 1, 2024
CVE Published
via MITRE·12:37 PM
Data Sourced
via MITRE·12:37 PM
DescriptionSeverityWeakness
Data Sourced
via NVD·01:15 PM
RemedyDescriptionSeverityWeaknessAffected Software
News Published
via BleepingComputer·01:37 PM
News Published
via BleepingComputer·01:38 PM
News Published
via The Register·02:01 PM
News Published
via The Register·02:05 PM
Advisory Published
via F5·06:06 PM
Jul 2, 2024
News Published
via ZDNet·01:02 PM
Jul 6, 2024
News Published
via ZDNet·02:24 PM
Jul 9, 2024
Advisory Published
via FortiGuard·12:00 AM
Jul 11, 2024
Data Sourced
via Microsoft·07:00 AM
DescriptionSeverityWeakness
News Published
via The Register·07:13 PM
Oct 25, 2024
Advisory Published
via FortiGuard·11:55 PM
Apr 22, 2025
Exploit Published
12:00 AM
Apr 24, 2025
Known Exploited
07:55 PM
Sep 30, 2025
Data Sourced
via Ubuntu·02:44 PM
RemedyDescriptionSeverityAffected Software
Data Sourced
via Launchpad·02:45 PM
Description
May 16, 2026
Data Sourced
via Debian·02:59 PM
DescriptionAffected Software
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2024-6387?

CVE-2024-6387 is considered a critical vulnerability due to the potential for remote code execution in OpenSSH.

2

How do I fix CVE-2024-6387?

To mitigate CVE-2024-6387, update OpenSSH to the latest version provided by your vendor.

3

Which OpenSSH versions are affected by CVE-2024-6387?

CVE-2024-6387 affects various OpenSSH versions, but specifically those versions before the fixed releases should be considered vulnerable.

4

What types of systems are impacted by CVE-2024-6387?

CVE-2024-6387 impacts systems running vulnerable versions of OpenSSH, including servers and devices using CBL Mariner, Fortinet products, and various Linux distributions.

5

Can CVE-2024-6387 be exploited remotely?

Yes, CVE-2024-6387 can be exploited by an unauthenticated remote attacker under specific conditions.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203