CVE-2024-6387

Published Jul 1, 2024

Last updated 5 months ago

CVSS high 8.1
regreSSHion

Overview

AI description

Automated description summarized from trusted sources.

CVE-2024-6387, also known as regreSSHion, is a vulnerability found in OpenSSH's server (sshd). It is caused by a signal handler race condition within the sshd process. This vulnerability can be triggered by a remote attacker failing to authenticate within a specific time frame. The vulnerability allows unauthenticated remote attackers to execute arbitrary code with root privileges on glibc-based Linux systems. It affects the default configuration of OpenSSH and does not require user interaction, making it a significant exploit risk. The vulnerability is a regression of a previously patched vulnerability, CVE-2006-5051.

Description
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
Source
secalert@redhat.com
NVD status
Modified
Products
openssh, openshift_container_platform, enterprise_linux, enterprise_linux_eus, enterprise_linux_for_arm_64, enterprise_linux_for_arm_64_eus, enterprise_linux_for_ibm_z_systems, enterprise_linux_for_ibm_z_systems_eus, enterprise_linux_for_power_little_endian, enterprise_linux_for_power_little_endian_eus, enterprise_linux_server_aus, linux_enterprise_micro, debian_linux, ubuntu_linux, linux_2023, e-series_santricity_os_controller, ontap_select_deploy_administration_utility, ontap_tools, freebsd, netbsd

Insights

Analysis from the Intruder Security Team
Published Oct 15, 2024

This vulnerability affects OpenSSH and could allow an attacker to execute commands on an affected device. The vulnerability is highly complex and has limitations which is likely to prevent widespread exploitation.

More information is available in our blog post here.

Risk scores

CVSS 3.1

Type
Primary
Base score
8.1
Impact score
5.9
Exploitability score
2.2
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

secalert@redhat.com
CWE-364
nvd@nist.gov
CWE-362

Social media

Hype score
Not currently trending

  1. RCE in OpenSSH's server, on glibc-based Linux systems (CVE-2024-6387) https://t.co/9zzcpscFSZ

    @locus_x64

    43 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    2 Replies

    0 Quotes

  2. nmapによるUbuntu SSH脆弱性の誤検知:CVE-2024-6387実例で学ぶ対処法 https://t.co/ZKjsbFXonl #Qiita via @kaminuma_dev

    @kk0128_

    15 Sept 2025

    34 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 記事を投稿しました! nmapによるUbuntu SSH脆弱性の誤検知:CVE-2024-6387実例で学ぶ対処法 on #Qiita https://t.co/ZT8KbKWLAQ

    @kaminuma_dev

    15 Sept 2025

    230 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    1 Quote

  4. PoC regreSSHion CVE-2024-6387 -> confirma si existe la vulnerabilidad #Hacking https://t.co/gKUmC97Ary

    @hack4lifemx

    8 Sept 2025

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. به تازگی ابزار Open Source ای با نام SSHamble منتشر شده است که به صورت خودکار ، انواع آسیب پذیری های این سرویس مانند : (CVE-2024-6387) و همچنین انواع Misconfiguration های مربوط به ا

    @AmirHossein_sec

    14 Aug 2025

    33 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  6. Big win at #DefCon33! #Qualys Threat Research Unit (TRU) takes home Epic Achievement + Best RCE at the #PwnieAwards for: - CVE-2024-6387 (regreSSHion) — 1st pre-auth RCE in OpenSSH in 20 yrs - CVE-2025-26465 — MITM attack on OpenSSH client #vulnerabilityresearch #TRU http

    @qualys

    9 Aug 2025

    699 Impressions

    1 Retweet

    3 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. 🔍 أثناء فحص غير تدخلي، لاحظت أن أحد السيرفرات يعمل بـ OpenSSH 8.9p1، وهي نسخة متأثرة بثغرة CVE-2024-6387 (regreSSHion) ثغرة قد تسمح بتنفيذ أوامر عن بُعد بدون مصادقة في ظروف

    @SGamil2050

    5 Aug 2025

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  8. OpenSSH RCE漏洞 CVE-2024-6387 POC,基于 glibc 的 Linux 系统上的OpenSSH 服务器 ( sshd )中披露了一个严重的信号处理程序条件竞争漏洞。此漏洞称为 RegreSSHion,编号为CVE-2024-6387,可远程代码执行 黑客木马程序操控 渗透店铺

    @Hacker_Bear888

    4 Aug 2025

    1202 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. Daily reminder that cve-2024-6387 is impractical and dumb

    @CyberMoozy

    19 Jul 2025

    53 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. RegreSSHion The Qualys Threat Research Unit has discovered a Remote Unauthenticated Code Execution vulnerability in OpenSSH’s server (sshd) in glibc-based Linux systems. #CVE assigned to this vulnerability is CVE-2024-6387. https://t.co/TtB52uUudN… #cybersecurity #infosec

    @patrik_hack1

    18 Jul 2025

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. "OpenSSH RCE Vulnerability (CVE-2024-6387): What You Need to Know" by Sharon #DEVCommunity #RCE #vulnerability #cybersecurity https://t.co/0c121SpSmN

    @Sharon18866

    11 Jul 2025

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. OpenSSHに重大な脅威となる脆弱性「regreSSHion」(CVE-2024-6387)が発覚、ほぼすべてのLinuxシステムに影響(2024) https://t.co/IoGRTfr6ic

    @gigazine

    2 Jul 2025

    10993 Impressions

    0 Retweets

    8 Likes

    3 Bookmarks

    3 Replies

    0 Quotes

  13. CVE-2024-6387

    @IbraheemA50

    19 Jun 2025

    42 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. 🚨 NEW VULNERABILITY ALERT – CVE-2024-6387 (RegreSSHion) 🚨 A critical flaw in OpenSSH server (sshd) could allow unauthenticated remote code execution — YES, it's that bad. Severity: 8.1/10 (High) Impacts: Linux systems running OpenSSH <9.8 https://t.co/IQwUptgbqn

    @Tilerisofficial

    18 Jun 2025

    40 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    2 Replies

    0 Quotes

  15. Top 5 Trending CVEs: 1 - CVE-2024-24919 2 - CVE-2025-32756 3 - CVE-2024-6387 4 - CVE-2025-30397 5 - CVE-2025-49113 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    8 Jun 2025

    110 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. Really nice tutorial on the RegreSSHion exploit, CVE-2024-6387 PoC I wrote last year by Offensive Security. Worth reading link in comments.👇 https://t.co/RIEhviT3VH

    @7etsuo

    8 Jun 2025

    2970 Impressions

    6 Retweets

    33 Likes

    13 Bookmarks

    5 Replies

    0 Quotes

  17. Análisis del script de explotación de CVE-2024-6387 https://t.co/0N63JaZVLD #Informatica #SeguridadInformatica

    @f3nixh4ck

    11 May 2025

    32 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. CVE-2024-6387 Checker https://t.co/S3vIRBWQ3r #Informatica #SeguridadInformatica

    @f3nixh4ck

    26 Apr 2025

    27 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. Actively exploited CVE : CVE-2024-6387

    @transilienceai

    23 Mar 2025

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  20. Actively exploited CVE : CVE-2024-6387

    @transilienceai

    22 Mar 2025

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  21. Citrix Secure Access Client for Mac Security Bulletin for CVE-2025-1222 and CVE-2025-1223, CVE-2024-12284 & CVE-2024-6387. https://t.co/qHdW3Qew0a

    @NetScalerTimes

    18 Feb 2025

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  22. 🔒 Stay Ahead in Cybersecurity This week’s highlights: • OpenSSH CVE-2024-6387: Remote code execution risks • Teams exploited by Russian hackers • CISA leadership insights from Jen Easterly 📧 Don’t miss future updates. Sign up now: https://t.co/qlqrAce2V1

    @dradisfw

    1 Feb 2025

    99 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  23. A 6-month-old #OpenSSH vulnerability, CVE-2024-6387, is back in the spotlight thanks to a public PoC. Organizations should act quickly by upgrading OpenSSH, hardening configurations, and monitoring logs. 👇 Learn more: https://t.co/FXfxVwECGw https://t.co/63LokNzYdN

    @TuxCare_

    21 Jan 2025

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  24. به تازگی برای سرویس openssh آسیب پذیری با کد شناسایی CVE-2024-6387 منتشر شده است. این آسیب پذیری بر روی سیستم عامل های لینوکس دارای GNU C Library یا همان (glibc) اکسپلویت شده و بر روی FreeBSD تاثیر گذار نمی باشد. POC این آسیب پذیری منتشر شده است. https://t.co/Poz3aKY03t https://t

    @AmirHossein_sec

    12 Jan 2025

    80 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  25. I'm so excited to finally open source this! Shout out to CVE-2024-6387 for the inspiration! I present to you.... golash: a golang interpreter script https://t.co/wS4vjgrq5L I use it at work. It's a huge productivity booster 😃!

    @BugSquasherTay

    8 Jan 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  26. Se publica un exploit PoC para la vulnerabilidad de ejecución de código arbitrario en OpenSSH CVE-2024-6387, “regreSSHion” https://t.co/GBMevVk9Ap https://t.co/vczQslRULf

    @elhackernet

    7 Jan 2025

    5556 Impressions

    37 Retweets

    105 Likes

    39 Bookmarks

    0 Replies

    1 Quote

  27. Critical OpenSSH Vulnerability (CVE-2024-6387) Exploit Released - First Hackers News https://t.co/OwyQDv22r6 https://t.co/cjNPB7tB7x

    @Info_FHNews

    7 Jan 2025

    49 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  28. PoC Exploit Released for Critical OpenSSH Vulnerability (CVE-2024-6387) #JustUnsecure #AFrihackbox https://t.co/vER81aCNXd

    @afrihackbox

    7 Jan 2025

    60 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  29. #PoC #Exploit Released for Critical #OpenSSH Vulnerability (CVE-2024-6387) https://t.co/UyUBB2hYjU

    @CyberAndyDE

    6 Jan 2025

    59 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  30. CVE-2024-6387: A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition .. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period. https://t.co/ipv0jUGFNR https://t.co/WM

    @cyber_advising

    4 Jan 2025

    872 Impressions

    3 Retweets

    11 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

  31. This Python script checks for the CVE-2024-6387 vulnerability in OpenSSH servers. It supports multiple IP addresses, URLs, CIDR ranges, and ports. For more: https://t.co/7hLqA3dpXd…… #Hacking #infosec #cybersecurity #infosecurity #redteam #Pentesting #cybersecuritytips https://

    @N3tWork99__

    23 Dec 2024

    38 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  32. ⚫️CVE-2024-6387 : OpenSSH 'user authenticatio' 8.5p1 – 9.7p1 -Input validation 2 Remote Code Execution (regreSSHion) POC : https://t.co/72BHyG0iqJ ⚫️CVE-2024-45519 : Zimbra Collaboration Suite 'postjournal' $versions - Remote Code Execution POC : https://t.co/Wb18o30BII

    @HackingTeam777

    21 Dec 2024

    737 Impressions

    2 Retweets

    23 Likes

    7 Bookmarks

    1 Reply

    0 Quotes

  33. Top 5 Trending CVEs: 1 - CVE-2024-38144 2 - CVE-2024-6387 3 - CVE-2020-14938 4 - CVE-2024-7970 5 - CVE-2024-3400 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    8 Dec 2024

    109 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  34. GitHub - asterictnl-lvdw/CVE-2024-6387: Remote Unauthenticated Code Execution Vulnerability in OpenSSH server (CVE-2024-6387) https://t.co/J0akwo4LV5

    @akaclandestine

    6 Dec 2024

    1149 Impressions

    6 Retweets

    19 Likes

    8 Bookmarks

    0 Replies

    0 Quotes

  35. RegreSSHion The Qualys Threat Research Unit has discovered a Remote Unauthenticated Code Execution vulnerability in OpenSSH’s server (sshd) in glibc-based Linux systems. #CVE assigned to this vulnerability is CVE-2024-6387. https://t.co/qOgFNZUpUw… #cybersecurity #infosec https

    @Rhae981380

    27 Oct 2024

    78 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  36. A newly discovered security vulnerability, dubbed "regreSSHion" (CVE-2024-6387), puts millions of OpenSSH server instances at: https://t.co/IwXq0FbPtI

    @linux_ly

    26 Oct 2024

    69 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

References

Sources include official advisories and independent security research.