CVE-2024-6387 · threatengine.sh

Home/CVE/A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lea

CVE

CVE-2024-6387

A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lea

A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.

HIGH · CVSS 8.1 EPSS 0.63835

Act now

EPSS ≥ 0.50 - high probability of exploitation in the next 30 days
EPSS percentile: top 2% of all CVEs by exploitation likelihood
Public exploit or PoC is available
CVSS base score ≥ 7.0

Sigma rules2 YARA rules0

⬡

Weakness Classification

CWE-362Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CWE-364Signal Handler Race Condition

▤

Affected Products & Versions

54

sonicwall sma 6200 firmwareall versions
sonicwall sma 7200 firmwareall versions
arista eos>= 4.32.0 and <= 4.32.1f
canonical ubuntu linuxall versions
almalinuxall versions
sonicwall sma 6210 firmwareall versions
sonicwall sma 7210 firmwareall versions
sonicwall sma 8200v firmwareall versions
Show all 54 affected productssonicwall sra ex 7000 firmwareall versions
netapp a1k firmwareall versions
netapp a70 firmwareall versions
netapp a90 firmwareall versions
netapp a700s firmwareall versions
netapp 8300 firmwareall versions
netapp 8700 firmwareall versions
netapp a400 firmwareall versions
netapp c400 firmwareall versions
netapp a250 firmwareall versions
netapp 500f firmwareall versions
netapp c250 firmwareall versions
netapp a800 firmwareall versions
netapp c800 firmwareall versions
netapp a900 firmwareall versions
netapp a9500 firmwareall versions
netapp c190 firmwareall versions
netapp a150 firmwareall versions
netapp a220 firmwareall versions
netapp fas2720 firmwareall versions
netapp fas2750 firmwareall versions
netapp fas2820 firmwareall versions
netapp bootstrap osall versions
apple macos>= 12.0 and < 12.7.6
apple macos>= 13.0 and < 13.6.8
apple macos>= 14.0 and < 14.6
openbsd openssh< 4.4
openbsd openssh>= 8.6 and <= 9.8
openbsd opensshall versions
redhat openshift container platformall versions
redhat enterprise linuxall versions
redhat enterprise linux eusall versions
redhat enterprise linux for arm 64all versions
redhat enterprise linux for arm 64 eusall versions
redhat enterprise linux for ibm z systemsall versions
redhat enterprise linux for ibm z systems eusall versions
redhat enterprise linux for power little endianall versions
redhat enterprise linux for power little endian eusall versions
redhat enterprise linux server ausall versions
suse linux enterprise microall versions
debian linuxall versions
amazon linuxall versions
netapp active iq unified managerall versions
netapp e-series santricity os controller>= 11.0.0 and <= 11.70.2
netapp ontapall versions
netapp ontap select deploy administration utilityall versions

⚠

Public Exploits & PoCs

6

remoteOpenSSH server (sshd) 9.8p1 - Race Condition2025-04-22
pocsantandersecurityresearch.github.io · sshing_the_masses.htmlsantandersecurityresearch.github.io
pocwww.qualys.com · regresshion.txtwww.qualys.com
pocpacketstorm.news · 190587packetstorm.news
pocwww.exploit-db.com · 52269www.exploit-db.com
pocwww.vicarius.io · regresshion-an-openssh-regression-error-cve-2024-6387www.vicarius.io

◈

Sigma Hunt Rules

2

Exact rules name this CVE ID. Product rules name an affected product in their title. Related rules cover techniques used by actors who exploited this CVE. Showing the most relevant matches; the complete related set is on the full drill-down.

productmediumSuspicious OpenSSH Daemon Error

productmediumOpenSSH Server Listening On Socket

See all related Sigma rules for this CVE

▣

Scoring & Timeline

8.1

HIGH · CVSS v3.1 · secalert@redhat.com

View on NVD

Attack Vector

Network Adjacent Local Physical

Attack Complexity

Low High

Privileges Required

None Low High

User Interaction

None Required

Scope

Unchanged Changed

Confidentiality

None Low High

Integrity

None Low High

Availability

None Low High

Published to NVD01 Jul 2024 · 01:15 PM

CVSS VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

SSVC triage · cisa-vulnrichment

Exploitation

poc

Automatable

no

Technical impact

total

SSVC asks the questions that actually drive patch urgency: is it being exploited, can attacks be automated, and how total is the impact.

⚑

Vendor Advisories

30

siemens-csafSSA-082556
suse-csafSUSE-SU-2025:20009-1
siemens-csafSSA-446545
msrcCVE-2024-6387Remote Code Execution
apple-security120911
Show all 30 vendor advisoriesapple-security120912
apple-security120910
rhsaRHSA-2024:4955Moderate
rhsaRHSA-2024:4960Moderate
rhsaRHSA-2024:4613Moderate
rhsaRHSA-2024:5444Moderate
rhsaRHSA-2024:4716Moderate
rhsaRHSA-2024:4910Moderate
rhsaRHSA-2024:4457Moderate
suse-csafSUSE-SU-2024:2275-1
suse-csafSUSE-SU-2024:2275-2
suse-csafopenSUSE-SU-2024:14088-1
cisco-csafcisco-sa-openssh-rce-2024
usnUSN-6859-1
rhsaRHSA-2024:4340Important
rhsaRHSA-2024:4484Important
rhsaRHSA-2024:4474Important
rhsaRHSA-2024:4479Important
rhsaRHSA-2024:4469Important
rhsaRHSA-2024:4312Important
rhsaRHSA-2024:4389Important
oracle-cpuoracle-cpu-Oracle-Communications-Session-Border-Controller-10750--CVE-2024-6387
cisa-csafcisa-csaf-csaf_files-OT-white-2024-icsa-24-256-15
cisa-csafcisa-csaf-csaf_files-OT-white-2025-icsa-25-100-09
cisa-csafcisa-csaf-csaf_files-OT-white-2025-icsa-25-162-05

🔗

References & Sources

67

Source URLs (vendor pages, mailing lists, write-ups). Exploit/PoC links are in their own section above to avoid duplication.

https://access.redhat.com/security/cve/CVE-2024-6387Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2294604Third Party Advisory

https://www.openssh.com/txt/release-9.8Release NotesThird Party Advisory

http://seclists.org/fulldisclosure/2024/Jul/18Mailing List

http://seclists.org/fulldisclosure/2024/Jul/19Mailing List

http://seclists.org/fulldisclosure/2024/Jul/20Mailing List

Show all 67 references

http://www.openwall.com/lists/oss-security/2024/07/01/12Mailing List

http://www.openwall.com/lists/oss-security/2024/07/01/13Mailing List

http://www.openwall.com/lists/oss-security/2024/07/02/1Mailing List

http://www.openwall.com/lists/oss-security/2024/07/03/1Mailing List

http://www.openwall.com/lists/oss-security/2024/07/03/11ExploitMailing List

http://www.openwall.com/lists/oss-security/2024/07/03/2Mailing List

http://www.openwall.com/lists/oss-security/2024/07/03/3Mailing ListPatch

http://www.openwall.com/lists/oss-security/2024/07/03/4Mailing List

http://www.openwall.com/lists/oss-security/2024/07/03/5Mailing List

http://www.openwall.com/lists/oss-security/2024/07/04/1Mailing List

http://www.openwall.com/lists/oss-security/2024/07/04/2ExploitMailing List

http://www.openwall.com/lists/oss-security/2024/07/08/2ExploitMailing List

http://www.openwall.com/lists/oss-security/2024/07/08/3Mailing List

http://www.openwall.com/lists/oss-security/2024/07/09/2Mailing List

http://www.openwall.com/lists/oss-security/2024/07/09/5ExploitMailing List

http://www.openwall.com/lists/oss-security/2024/07/10/1ExploitMailing List

http://www.openwall.com/lists/oss-security/2024/07/10/2Mailing List

http://www.openwall.com/lists/oss-security/2024/07/10/3Mailing List

http://www.openwall.com/lists/oss-security/2024/07/10/4Mailing List

http://www.openwall.com/lists/oss-security/2024/07/10/6Mailing List

http://www.openwall.com/lists/oss-security/2024/07/11/1Mailing List

http://www.openwall.com/lists/oss-security/2024/07/11/3Mailing List

http://www.openwall.com/lists/oss-security/2024/07/23/4Mailing List

http://www.openwall.com/lists/oss-security/2024/07/23/6Mailing List

http://www.openwall.com/lists/oss-security/2024/07/28/2Mailing List

http://www.openwall.com/lists/oss-security/2024/07/28/3Mailing List

https://archlinux.org/news/the-sshd-service-needs-to-be-restarted-after-upgrading-to-openssh-98p1/Third Party Advisory

https://arstechnica.com/security/2024/07/regresshion-vulnerability-in-openssh-gives-attackers-root-on-linux/Press/Media CoverageThird Party Advisory

https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-serverPress/Media CoverageThird Party Advisory

https://explore.alas.aws.amazon.com/CVE-2024-6387.htmlThird Party Advisory

https://forum.vmssoftware.com/viewtopic.php?f=8&t=9132Issue Tracking

https://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2024-002.txt.ascRelease Notes

https://github.com/AlmaLinux/updates/issues/629Issue Tracking

https://github.com/Azure/AKS/issues/4379Issue Tracking

https://github.com/PowerShell/Win32-OpenSSH/discussions/2248Issue Tracking

https://github.com/PowerShell/Win32-OpenSSH/issues/2249Issue Tracking

https://github.com/microsoft/azurelinux/issues/9555Issue Tracking

https://github.com/openela-main/openssh/commit/e1f438970e5a337a17070a637c1b9e19697cad09Patch

https://github.com/oracle/oracle-linux/issues/149Issue Tracking

https://github.com/rapier1/hpn-ssh/issues/87Issue Tracking

https://github.com/zgzhang/cve-2024-6387-pocThird Party Advisory

https://lists.almalinux.org/archives/list/announce@lists.almalinux.org/thread/23BF5BMGFVEVUI2WNVAGMLKT557EU7VY/Third Party Advisory

https://lists.mindrot.org/pipermail/openssh-unix-announce/2024-July/000158.htmlMailing ListRelease Notes

https://lists.mindrot.org/pipermail/openssh-unix-dev/2024-July/041431.htmlMailing ListPatch

https://news.ycombinator.com/item?id=40843778Issue TrackingPatch

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0010Third Party Advisory

https://security-tracker.debian.org/tracker/CVE-2024-6387Third Party Advisory

https://security.netapp.com/advisory/ntap-20240701-0001/Third Party Advisory

https://sig-security.rocky.page/issues/CVE-2024-6387/Third Party Advisory

https://stackdiary.com/openssh-race-condition-in-sshd-allows-remote-code-execution/Press/Media CoverageThird Party Advisory

https://support.apple.com/kb/HT214118Third Party Advisory

https://support.apple.com/kb/HT214119Third Party Advisory

https://support.apple.com/kb/HT214120Third Party Advisory

https://ubuntu.com/security/CVE-2024-6387Third Party Advisory

https://www.akamai.com/blog/security-research/2024-openssh-vulnerability-regression-what-to-know-and-doThird Party Advisory

https://www.arista.com/en/support/advisories-notices/security-advisory/19904-security-advisory-0100Third Party Advisory

https://www.freebsd.org/security/advisories/FreeBSD-SA-24:04.openssh.ascThird Party Advisory

https://www.splunk.com/en_us/blog/security/cve-2024-6387-regresshion-vulnerability.htmlThird Party Advisory

https://www.suse.com/security/cve/CVE-2024-6387.htmlThird Party Advisory

https://www.theregister.com/2024/07/01/regresshion_openssh/Press/Media CoverageThird Party Advisory

https://cert-portal.siemens.com/productcert/html/ssa-082556.html

Intelligence Graph · click any node to traverse

CVETechnique ActorTool Family

drag to reposition · click any node to traverse · button top-right enlarges

External lookups - second-class, for what we don’t hold ourselves

NVD CVE.org CISA Vulners Exploit-DB GitHub PoC VulnCheck KEV GreyNoise

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin