CVE-2024-6387: Critical OpenSSH Flaw Exposes Millions of Linux Systems to RCE

Jul 1, 2024, 12:27 PM

A critical vulnerability identified as CVE-2024-6387 has been discovered in OpenSSH, affecting glibc-based Linux systems. Dubbed 'regreSSHion', this flaw allows unauthenticated remote code execution (RCE) with root privileges. The vulnerability is present in Portable OpenSSH versions from 8.5p1 to 9.7p1. It is estimated that approximately 14 million servers and around 700K Linux boxes are at risk. Security experts urge administrators to apply the latest patches immediately to mitigate the risk. This is the first major OpenSSH vulnerability discovered in nearly 20 years, and it was reintroduced almost four years ago. Exploiting the flaw can take between 6-8 hours in lab conditions.