regreSSHion: RCE in OpenSSH’s server
- Level: High
- CVE(s): CVE-2024-6387
- Affected Devices: MHD-8100-4G Rev.1.1
Overview
On Monday, July 1, 2024. The Qualys Threat Research Unit published a security advisory detailing a re-introduction of a previously patched unauthenticated Remote Code Execution (RCE) vulnerability in OpenSSH’s server (sshd) on glibc-based Linux systems, assigned to CVE-2024-6387, dubbed regreSSHion.
Vulnerable OpenSSH Versions
Qualys reports that the following versions of OpenSSH are vulnerable to CVE-2024-6387:
| Version | Vulnerable |
|---|---|
| OpenSSH < 4.4p1 | Yes (unless patches have been backported against (CVE-2006-5051 and CVE-2008-4109) |
| 4.4p1 <= OpenSSH < 8.5p1 | No |
| 8.5p1 <= OpenSSH < 9.8p1 | Yes |
Are SMSEagle products are affected?
The device model MHD-8100 4G Rev.1.1 is affected by the vulnerability.
Remediation
Update your OS packages using a console command:
get-apt-updates
Related Information
SMSEagle Security Advisories
SMSEagle continuously monitors and reports cybersecurity threats, enabling our customers to proactively take necessary mitigation steps to maintain the security of their devices. To assist you in managing and mitigating security risks SMSEagle offers product advisories.
