Critical OpenSSH Flaw CVE-2024-6387 Impacts 40+ Cisco Products

Cisco Systems has disclosed that over 40 of its products are affected by the vulnerability “CVE-2024-6387” in the server component of OpenSSH. The number of affected products may increase.

CVE-2024-6387, also known as “regreSSHion” by Qualys, has re-emerged due to issues with addressing the previously reported and patched CVE-2006-5051.

“The vulnerability, which is a signal handler race condition in OpenSSH’s server (sshd), allows unauthenticated remote code execution (RCE) as root on glibc-based Linux systems; that presents a significant security risk. This race condition affects sshd in its default configuration,” wrote Bharat Jogi, Senior Director, Threat Research Unit, Qualys.

There is a risk of unauthenticated remote code execution with root privileges. Although the attack difficulty is high and the Common Vulnerability Scoring System (CVSSv3.1) base score is rated 8.1, entities like Red Hat have classified it as “High,” issuing strong warnings.

Cisco Systems has issued a security advisory revealing that over 40 products, including security solutions like Adaptive Security Appliance (ASA)” and Firepower Threat Defense (FTD), as well as routers, switches, wireless devices, network management products, and voice communication products, are affected.

Investigations are ongoing for the impact on certain products, including AnyConnect Secure Mobility Client, Cloud Services Platform 5000 Series, Secure Email and Web Manager, and more… Although customization is required, proof-of-concept (PoC) exploit code has been released, and the company has also published rules for the Snort intrusion detection system.