.svg?width=185&quality=80&auto=webp&format=auto&cache=true&immutable=true&cache-control=max-age%3D31536000 "Home"){kind=logo}
.svg?width=13&quality=80&auto=webp&format=auto&cache=true&immutable=true&cache-control=max-age%3D31536000 "Top Navigation - Sign in - Icon")
Informational
Advisory: Unauthenticated Remote Code Execution Vulnerability in OpenSSH (CVE-2024-6387)
CVE(N)
CVE-2024-6387
PRODUKT(E)
Cloud Optix
Sophos Endpoint
Sophos Central
Sophos Email
Sophos Firewall
Sophos Home
Sophos Mobile
Sophos Mobile EAS Proxy
Sophos RED
Sophos Secure Workspace (Android)
Sophos Switch
Sophos UTM
Sophos Wireless
SophosLabs Intelix
Aktualisiert
2024 Jul 4
Artikelversion
3
Erstellt
2024 Jul 4
Veröffentlichungs-ID
sophos-sa-20240704-regresshion
Workaround
No
Overview
On Monday, July 1, 2024, the Qualys Threat Research Unit published a security advisory detailing a re-introduction of a previously patched unauthenticated Remote Code Execution (RCE) vulnerability in OpenSSH’s server (sshd) on glibc-based Linux systems, assigned to CVE-2024-6387, dubbed regreSSHion.
Since the initial announcement, other security researchers have released examples of potential PoCs detailing methods to exploit this vulnerability.
Vulnerable OpenSSH Versions
Qualys reports that the following versions of OpenSSH are vulnerable to CVE-2024-6387:
| Version | Vulnerable |
|---|---|
| OpenSSH < 4.4p1 | Yes (unless patches have been backported against (CVE-2006-5051 and CVE-2008-4109) |
| 4.4p1 <= OpenSSH < 8.5p1 | No |
| 8.5p1 <= OpenSSH < 9.8p1 | Yes |
Are Sophos products are affected?
The following products have been reviewed against the regreSSHion vulnerability:
| Product or Service | Status | Description |
|---|---|---|
| Cloud Optix | Not affected | Component not present |
| SG UTM (all versions) | Not affected | Vulnerable code not present |
| Sophos Central | Not affected | Vulnerable code not present |
| Sophos Endpoint Protection (Windows) | Not affected | Component not present |
| Sophos Endpoint Protection (macOS) | Not affected | Component not present |
| Sophos Endpoint Protection (Linux) | Not affected | Component not present |
| Sophos Email | Not affected | Vulnerable code not present |
| Sophos Firewall (all versions) | Not affected | Vulnerable code not present |
| SophosConnect Client | Not affected | Component not present |
| Sophos Home (Windows) | Not affected | Component not present |
| Sophos Home (MacOS) | Not affected | Component not present |
| SophosLabs Intelix | Not affected | Component not present |
| Sophos Mobile | Not affected | Component not present |
| Sophos Mobile EAS Proxy | Not affected | Component not present |
| Sophos Mobile Control app (iOS + Android) | Not affected | Component not present |
| Sophos Intercept X for Mobile app (iOS + Android) | Not affected | Component not present |
| Sophos Secure Email app (iOS + Android) | Not affected | Component not present |
| Sophos Secure Workspace app (iOS + Android) | Not affected | Component not present |
| Sophos Chrome Security | Not affected | Component not present |
| Sophos PhishThreat | Not affected | Vulnerable code not present |
| Sophos RED | Not affected | Vulnerable code not present |
| Sophos AP/APX (SFOS Managed) | Not affected | Vulnerable code not present |
| Sophos AP/APX (Central Managed) | Not affected | Vulnerable code not present |
| Sophos Wireless | Not affected | Vulnerable code not present |
| Sophos DNS Protection | Not affected | Vulnerable code not present |
| SUSI | Not affected | Component not present |
| AV Engine (all platforms) | Not affected | Component not present |
Sophos Responsible Disclosure Policy
To learn about Sophos security vulnerability disclosure policies and publications, see the Responsible Disclosure Policy.