OpenSSH Remote Code Execution Vulnerability

A vulnerability was identified in OpenSSH. A remote attacker could exploit this vulnerability to trigger remote code execution on the targeted system.

Note:

CVE-2024-6387 affected sshd(8) was present in Portable OpenSSH versions between 8.5p1 and 9.7p1 (inclusive) that may allow arbitrary code execution with root privileges.

[Updated on 2024-07-05]

Updated System / Technologies affected, Solutions, Source and Related Links.

Impact

• Remote Code Execution

System / Technologies affected

• OpenSSH versions between 8.5p1 and 9.7p1 (inclusive)

[Updated on 2024-07-05]

For Cisco Products

For detail, please refer to the links below:

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssh-rce-2024

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

The vendors have issued fixes:

https://www.openssh.com/txt/release-9.8

For Cisco Products

For detail, please refer to the links below:

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssh-rce-2024

Vulnerability Identifier

• CVE-2024-6387

Source

• OpenSSH
• Cisco

Related Link

• https://www.openssh.com/txt/release-9.8
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssh-rce-2024