Search for vulnerabilities
Vulnerability details: VCID-xfvf-5w15-aaah
Vulnerability ID VCID-xfvf-5w15-aaah
Aliases CVE-2024-6387
Summary A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
Status Published
Exploitability 2.0
Weighted Severity 8.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-364 Signal Handler Race Condition
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
System Score Found at
cvssv3.1 8.1 https://access.redhat.com/errata/RHSA-2024:4312
ssvc Track* https://access.redhat.com/errata/RHSA-2024:4312
cvssv3.1 8.1 https://access.redhat.com/errata/RHSA-2024:4340
ssvc Track* https://access.redhat.com/errata/RHSA-2024:4340
cvssv3.1 8.1 https://access.redhat.com/errata/RHSA-2024:4389
ssvc Track* https://access.redhat.com/errata/RHSA-2024:4389
cvssv3.1 8.1 https://access.redhat.com/errata/RHSA-2024:4469
ssvc Track* https://access.redhat.com/errata/RHSA-2024:4469
cvssv3.1 8.1 https://access.redhat.com/errata/RHSA-2024:4474
ssvc Track* https://access.redhat.com/errata/RHSA-2024:4474
cvssv3.1 8.1 https://access.redhat.com/errata/RHSA-2024:4479
ssvc Track* https://access.redhat.com/errata/RHSA-2024:4479
cvssv3.1 8.1 https://access.redhat.com/errata/RHSA-2024:4484
ssvc Track* https://access.redhat.com/errata/RHSA-2024:4484
cvssv3 8.1 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-6387.json
cvssv3.1 8.1 https://access.redhat.com/security/cve/CVE-2024-6387
ssvc Track* https://access.redhat.com/security/cve/CVE-2024-6387
epss 0.00261 https://api.first.org/data/v1/epss?cve=CVE-2024-6387
epss 0.00286 https://api.first.org/data/v1/epss?cve=CVE-2024-6387
epss 0.00286 https://api.first.org/data/v1/epss?cve=CVE-2024-6387
epss 0.00286 https://api.first.org/data/v1/epss?cve=CVE-2024-6387
epss 0.00286 https://api.first.org/data/v1/epss?cve=CVE-2024-6387
epss 0.00286 https://api.first.org/data/v1/epss?cve=CVE-2024-6387
epss 0.00286 https://api.first.org/data/v1/epss?cve=CVE-2024-6387
epss 0.00286 https://api.first.org/data/v1/epss?cve=CVE-2024-6387
epss 0.00286 https://api.first.org/data/v1/epss?cve=CVE-2024-6387
epss 0.00286 https://api.first.org/data/v1/epss?cve=CVE-2024-6387
epss 0.00286 https://api.first.org/data/v1/epss?cve=CVE-2024-6387
epss 0.00286 https://api.first.org/data/v1/epss?cve=CVE-2024-6387
epss 0.00319 https://api.first.org/data/v1/epss?cve=CVE-2024-6387
epss 0.00319 https://api.first.org/data/v1/epss?cve=CVE-2024-6387
epss 0.00319 https://api.first.org/data/v1/epss?cve=CVE-2024-6387
epss 0.00390 https://api.first.org/data/v1/epss?cve=CVE-2024-6387
epss 0.47939 https://api.first.org/data/v1/epss?cve=CVE-2024-6387
epss 0.47939 https://api.first.org/data/v1/epss?cve=CVE-2024-6387
epss 0.47939 https://api.first.org/data/v1/epss?cve=CVE-2024-6387
epss 0.50805 https://api.first.org/data/v1/epss?cve=CVE-2024-6387
epss 0.50805 https://api.first.org/data/v1/epss?cve=CVE-2024-6387
epss 0.50805 https://api.first.org/data/v1/epss?cve=CVE-2024-6387
epss 0.50805 https://api.first.org/data/v1/epss?cve=CVE-2024-6387
epss 0.50805 https://api.first.org/data/v1/epss?cve=CVE-2024-6387
epss 0.50805 https://api.first.org/data/v1/epss?cve=CVE-2024-6387
epss 0.50805 https://api.first.org/data/v1/epss?cve=CVE-2024-6387
epss 0.52037 https://api.first.org/data/v1/epss?cve=CVE-2024-6387
epss 0.52037 https://api.first.org/data/v1/epss?cve=CVE-2024-6387
epss 0.54043 https://api.first.org/data/v1/epss?cve=CVE-2024-6387
epss 0.54043 https://api.first.org/data/v1/epss?cve=CVE-2024-6387
epss 0.54043 https://api.first.org/data/v1/epss?cve=CVE-2024-6387
epss 0.54043 https://api.first.org/data/v1/epss?cve=CVE-2024-6387
epss 0.54043 https://api.first.org/data/v1/epss?cve=CVE-2024-6387
epss 0.54043 https://api.first.org/data/v1/epss?cve=CVE-2024-6387
epss 0.54043 https://api.first.org/data/v1/epss?cve=CVE-2024-6387
epss 0.54043 https://api.first.org/data/v1/epss?cve=CVE-2024-6387
epss 0.54043 https://api.first.org/data/v1/epss?cve=CVE-2024-6387
epss 0.54043 https://api.first.org/data/v1/epss?cve=CVE-2024-6387
epss 0.54043 https://api.first.org/data/v1/epss?cve=CVE-2024-6387
epss 0.54043 https://api.first.org/data/v1/epss?cve=CVE-2024-6387
epss 0.54043 https://api.first.org/data/v1/epss?cve=CVE-2024-6387
epss 0.54043 https://api.first.org/data/v1/epss?cve=CVE-2024-6387
epss 0.54043 https://api.first.org/data/v1/epss?cve=CVE-2024-6387
epss 0.55567 https://api.first.org/data/v1/epss?cve=CVE-2024-6387
epss 0.55567 https://api.first.org/data/v1/epss?cve=CVE-2024-6387
epss 0.5924 https://api.first.org/data/v1/epss?cve=CVE-2024-6387
epss 0.5924 https://api.first.org/data/v1/epss?cve=CVE-2024-6387
epss 0.61598 https://api.first.org/data/v1/epss?cve=CVE-2024-6387
epss 0.62183 https://api.first.org/data/v1/epss?cve=CVE-2024-6387
epss 0.62183 https://api.first.org/data/v1/epss?cve=CVE-2024-6387
epss 0.62183 https://api.first.org/data/v1/epss?cve=CVE-2024-6387
epss 0.62984 https://api.first.org/data/v1/epss?cve=CVE-2024-6387
epss 0.62984 https://api.first.org/data/v1/epss?cve=CVE-2024-6387
epss 0.82958 https://api.first.org/data/v1/epss?cve=CVE-2024-6387
epss 0.83673 https://api.first.org/data/v1/epss?cve=CVE-2024-6387
epss 0.83673 https://api.first.org/data/v1/epss?cve=CVE-2024-6387
epss 0.83673 https://api.first.org/data/v1/epss?cve=CVE-2024-6387
epss 0.83673 https://api.first.org/data/v1/epss?cve=CVE-2024-6387
epss 0.83673 https://api.first.org/data/v1/epss?cve=CVE-2024-6387
epss 0.83673 https://api.first.org/data/v1/epss?cve=CVE-2024-6387
epss 0.83673 https://api.first.org/data/v1/epss?cve=CVE-2024-6387
cvssv3.1 8.1 https://bugzilla.redhat.com/show_bug.cgi?id=2294604
ssvc Track* https://bugzilla.redhat.com/show_bug.cgi?id=2294604
cvssv3.1 8.1 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3 8.1 https://nvd.nist.gov/vuln/detail/CVE-2024-6387
cvssv3.1 8.1 https://nvd.nist.gov/vuln/detail/CVE-2024-6387
cvssv3.1 8.1 https://santandersecurityresearch.github.io/blog/sshing_the_masses.html
ssvc Track* https://santandersecurityresearch.github.io/blog/sshing_the_masses.html
archlinux High https://security.archlinux.org/AVG-2855
cvssv3.1 8.1 https://www.openssh.com/txt/release-9.8
ssvc Track* https://www.openssh.com/txt/release-9.8
cvssv3.1 8.1 https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt
ssvc Track* https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt
Reference id Reference type URL
https://access.redhat.com/errata/RHSA-2024:4479
https://access.redhat.com/errata/RHSA-2024:4484
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-6387.json
https://access.redhat.com/security/cve/CVE-2024-6387
https://api.first.org/data/v1/epss?cve=CVE-2024-6387
https://archlinux.org/news/the-sshd-service-needs-to-be-restarted-after-upgrading-to-openssh-98p1/
https://arstechnica.com/security/2024/07/regresshion-vulnerability-in-openssh-gives-attackers-root-on-linux/
https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server
http://seclists.org/fulldisclosure/2024/Jul/18
http://seclists.org/fulldisclosure/2024/Jul/19
http://seclists.org/fulldisclosure/2024/Jul/20
https://explore.alas.aws.amazon.com/CVE-2024-6387.html
https://forum.vmssoftware.com/viewtopic.php?f=8&t=9132
https://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2024-002.txt.asc
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/AlmaLinux/updates/issues/629
https://github.com/Azure/AKS/issues/4379
https://github.com/microsoft/azurelinux/issues/9555
https://github.com/openela-main/openssh/commit/e1f438970e5a337a17070a637c1b9e19697cad09
https://github.com/oracle/oracle-linux/issues/149
https://github.com/PowerShell/Win32-OpenSSH/discussions/2248
https://github.com/PowerShell/Win32-OpenSSH/issues/2249
https://github.com/rapier1/hpn-ssh/issues/87
https://github.com/zgzhang/cve-2024-6387-poc
https://lists.almalinux.org/archives/list/announce@lists.almalinux.org/thread/23BF5BMGFVEVUI2WNVAGMLKT557EU7VY/
https://lists.mindrot.org/pipermail/openssh-unix-announce/2024-July/000158.html
https://lists.mindrot.org/pipermail/openssh-unix-dev/2024-July/041431.html
https://news.ycombinator.com/item?id=40843778
https://packetstorm.news/files/id/190587/
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0010
https://santandersecurityresearch.github.io/blog/sshing_the_masses.html
https://security.netapp.com/advisory/ntap-20240701-0001/
https://security-tracker.debian.org/tracker/CVE-2024-6387
https://sig-security.rocky.page/issues/CVE-2024-6387/
https://stackdiary.com/openssh-race-condition-in-sshd-allows-remote-code-execution/
https://support.apple.com/kb/HT214118
https://support.apple.com/kb/HT214119
https://support.apple.com/kb/HT214120
https://ubuntu.com/security/CVE-2024-6387
https://ubuntu.com/security/notices/USN-6859-1
https://www.akamai.com/blog/security-research/2024-openssh-vulnerability-regression-what-to-know-and-do
https://www.arista.com/en/support/advisories-notices/security-advisory/19904-security-advisory-0100
https://www.exploit-db.com/exploits/52269
https://www.freebsd.org/security/advisories/FreeBSD-SA-24:04.openssh.asc
https://www.openssh.com/txt/release-9.8
https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt
https://www.splunk.com/en_us/blog/security/cve-2024-6387-regresshion-vulnerability.html
https://www.suse.com/security/cve/CVE-2024-6387.html
https://www.theregister.com/2024/07/01/regresshion_openssh/
https://www.vicarius.io/vsociety/posts/regresshion-an-openssh-regression-error-cve-2024-6387
http://www.openwall.com/lists/oss-security/2024/07/01/12
http://www.openwall.com/lists/oss-security/2024/07/01/13
http://www.openwall.com/lists/oss-security/2024/07/02/1
http://www.openwall.com/lists/oss-security/2024/07/03/1
http://www.openwall.com/lists/oss-security/2024/07/03/11
http://www.openwall.com/lists/oss-security/2024/07/03/2
http://www.openwall.com/lists/oss-security/2024/07/03/3
http://www.openwall.com/lists/oss-security/2024/07/03/4
http://www.openwall.com/lists/oss-security/2024/07/03/5
http://www.openwall.com/lists/oss-security/2024/07/04/1
http://www.openwall.com/lists/oss-security/2024/07/04/2
http://www.openwall.com/lists/oss-security/2024/07/08/2
http://www.openwall.com/lists/oss-security/2024/07/08/3
http://www.openwall.com/lists/oss-security/2024/07/09/2
http://www.openwall.com/lists/oss-security/2024/07/09/5
http://www.openwall.com/lists/oss-security/2024/07/10/1
http://www.openwall.com/lists/oss-security/2024/07/10/2
http://www.openwall.com/lists/oss-security/2024/07/10/3
http://www.openwall.com/lists/oss-security/2024/07/10/4
http://www.openwall.com/lists/oss-security/2024/07/10/6
http://www.openwall.com/lists/oss-security/2024/07/11/1
http://www.openwall.com/lists/oss-security/2024/07/11/3
http://www.openwall.com/lists/oss-security/2024/07/23/4
http://www.openwall.com/lists/oss-security/2024/07/23/6
http://www.openwall.com/lists/oss-security/2024/07/28/2
http://www.openwall.com/lists/oss-security/2024/07/28/3
2294604 https://bugzilla.redhat.com/show_bug.cgi?id=2294604
ASA-202407-1 https://security.archlinux.org/ASA-202407-1
AVG-2855 https://security.archlinux.org/AVG-2855
cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*
cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:ontap_tools:9:*:*:*:*:vmware_vsphere:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:ontap_tools:9:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.4:-:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:4.4:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:8.5:p1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:8.5:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:9.8:-:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:9.8:-:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*
cpe:2.3:o:amazon:linux_2023:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:amazon:linux_2023:-:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:22.04:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:22.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:22.10:*:*:*:-:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:22.10:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:23.04:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:23.04:*:*:*:lts:*:*:*
cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.2:-:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:13.2:-:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.2:p1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:13.2:p1:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.2:p10:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:13.2:p10:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.2:p11:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:13.2:p11:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.2:p2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:13.2:p2:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.2:p3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:13.2:p3:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.2:p4:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:13.2:p4:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.2:p5:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:13.2:p5:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.2:p6:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:13.2:p6:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.2:p7:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:13.2:p7:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.2:p8:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:13.2:p8:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.2:p9:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:13.2:p9:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.3:-:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:13.3:-:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.3:p1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:13.3:p1:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.3:p2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:13.3:p2:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.3:p3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:13.3:p3:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.0:-:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:14.0:-:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.0:beta5:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:14.0:beta5:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.0:p1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:14.0:p1:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.0:p2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:14.0:p2:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.0:p3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:14.0:p3:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.0:p4:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:14.0:p4:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.0:p5:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:14.0:p5:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.0:p6:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:14.0:p6:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.0:p7:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:14.0:p7:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.0:rc3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:14.0:rc3:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.0:rc4-p1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:14.0:rc4-p1:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.1:-:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:14.1:-:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.1:p1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:14.1:p1:*:*:*:*:*:*
cpe:2.3:o:netbsd:netbsd:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netbsd:netbsd:*:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:9.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:9.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.4_aarch64:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.4_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.4_s390x:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.4_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_micro:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_micro:6.0:*:*:*:*:*:*:*
cpe:/a:redhat:ceph_storage:5 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ceph_storage:5
cpe:/a:redhat:ceph_storage:6 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ceph_storage:6
cpe:/a:redhat:ceph_storage:7 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ceph_storage:7
cpe:/a:redhat:enterprise_linux:9::appstream https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream
cpe:/a:redhat:openshift:4.13::el8 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el8
cpe:/a:redhat:openshift:4.13::el9 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el9
cpe:/a:redhat:openshift:4.14::el8 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el8
cpe:/a:redhat:openshift:4.14::el9 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el9
cpe:/a:redhat:openshift:4.15::el8 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.15::el8
cpe:/a:redhat:openshift:4.15::el9 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.15::el9
cpe:/a:redhat:openshift:4.16::el9 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.16::el9
cpe:/a:redhat:rhel_e4s:9.0::appstream https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream
cpe:/a:redhat:rhel_eus:9.2::appstream https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.2::appstream
cpe:/o:redhat:enterprise_linux:10 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9::baseos https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos
cpe:/o:redhat:rhel_e4s:9.0::baseos https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.0::baseos
cpe:/o:redhat:rhel_eus:9.2::baseos https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.2::baseos
CVE-2024-6387 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/52269.c
CVE-2024-6387 https://nvd.nist.gov/vuln/detail/CVE-2024-6387
GLSA-202407-09 https://security.gentoo.org/glsa/202407-09
RHSA-2024:4312 https://access.redhat.com/errata/RHSA-2024:4312
RHSA-2024:4340 https://access.redhat.com/errata/RHSA-2024:4340
RHSA-2024:4389 https://access.redhat.com/errata/RHSA-2024:4389
RHSA-2024:4469 https://access.redhat.com/errata/RHSA-2024:4469
RHSA-2024:4474 https://access.redhat.com/errata/RHSA-2024:4474
USN-6859-1 https://usn.ubuntu.com/6859-1/
Data source Exploit-DB
Date added April 22, 2025
Description OpenSSH server (sshd) 9.8p1 - Race Condition
Ransomware campaign use Unknown
Source publication date April 22, 2025
Exploit type remote
Platform linux
Source update date April 22, 2025
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/errata/RHSA-2024:4312
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-07-02T13:18:34Z/ Found at https://access.redhat.com/errata/RHSA-2024:4312
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/errata/RHSA-2024:4340
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-07-02T13:18:34Z/ Found at https://access.redhat.com/errata/RHSA-2024:4340
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/errata/RHSA-2024:4389
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-07-02T13:18:34Z/ Found at https://access.redhat.com/errata/RHSA-2024:4389
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/errata/RHSA-2024:4469
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-07-02T13:18:34Z/ Found at https://access.redhat.com/errata/RHSA-2024:4469
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/errata/RHSA-2024:4474
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-07-02T13:18:34Z/ Found at https://access.redhat.com/errata/RHSA-2024:4474
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/errata/RHSA-2024:4479
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-07-02T13:18:34Z/ Found at https://access.redhat.com/errata/RHSA-2024:4479
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/errata/RHSA-2024:4484
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-07-02T13:18:34Z/ Found at https://access.redhat.com/errata/RHSA-2024:4484
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-6387.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/security/cve/CVE-2024-6387
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-07-02T13:18:34Z/ Found at https://access.redhat.com/security/cve/CVE-2024-6387
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://bugzilla.redhat.com/show_bug.cgi?id=2294604
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-07-02T13:18:34Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=2294604
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2024-6387
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2024-6387
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://santandersecurityresearch.github.io/blog/sshing_the_masses.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-07-02T13:18:34Z/ Found at https://santandersecurityresearch.github.io/blog/sshing_the_masses.html
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.openssh.com/txt/release-9.8
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-07-02T13:18:34Z/ Found at https://www.openssh.com/txt/release-9.8
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-07-02T13:18:34Z/ Found at https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt
Exploit Prediction Scoring System (EPSS)
Percentile 0.65242
EPSS Score 0.00261
Published At Jan. 16, 2025, midnight
Date Actor Action Source VulnerableCode Version
2024-06-28T10:20:11.042841+00:00 SUSE Severity Score Importer Import https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml 34.0.0rc4