Cisco Affected by OpenSSH Vulnerability - 20240709001

Overview

The WA SOC has been made aware of a security vulnerability detected in OpenSSH's server (sshd). The vulnerability contains a race condition which can lead to sshd to handle certain signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.

What is vulnerable?

Products Affected	CVE	CVSS	Severity
Red Hat Enterprise Linux 9	CVE-2024-6387	8.1	High

What has been observed?

There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.

Recommendation

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of one month... (refer Patch Management):

• Remote Unauthenticated Code Execution Vulnerability in OpenSSH Server (regreSSHion): July 2024

Additional References

• WASOC CVE-2024-6387 Advisory
• SecurityOnline: https://securityonline.info/cisco-confirms-critical-openssh-regresshion-cve-2024-6387-flaw-in-multiple-products/
• Tenable: https://www.tenable.com/cve/CVE-2024-6387