On the impact of CVE-2024-6387, OpenSSH "regreSSHion" vulnerability (4376399)

Converse agora com nosso suporte

Voltar

Feedback enviado

Este artigo resolveu um problema para você?

Selecione a classificação

Título

On the impact of CVE-2024-6387, OpenSSH "regreSSHion" vulnerability
Descrição

Safeguard for Privileged Sessions versions, 7.4.0 and 7.5.0 are affected by the recent OpenSSH remote code execution (RCE) vulnerability, which is being tracked as CVE-2024-6387, also referred to as "regreSSHion".

Long Term Support (LTS) Safeguard for Privileged Sessions releases are not affected by this CVE.

More information about this vulnerability can be found at:
https://nvd.nist.gov/vuln/detail/CVE-2024-6387
Causa

This is an industry-wide vulnerability and is not specific to One Identity Safeguard for Privileged Sessions.
Resolução

Resolution
Mitigate the attack surface by disabling local SSH access on the Web UI at:
Basic Settings -> Local Settings -> SSH Server
Please uncheck the "Enable" checkbox and Commit the change.

The SSH Server feature is intended for maintenance and debugging purposes. Please validate the change before proceeding.

This vulnerability will be fixed in version 7.5.1 and 8.0.0.

Feedback enviado

Este artigo resolveu um problema para você?

Selecione a classificação

Conteúdo recomendado

Produto(s):: One Identity Safeguard for Privileged Sessions
7.5, 7.0.5 LTS, 7.0.4 LTS, 7.0.3.1 LTS, 7.0.3 LTS, 7.0.2.1 LTS, 7.0.2 LTS, 7.0.1.1 LTS, 7.0.1 LTS, 7.0 LTS, 6.14, 6.0.14 LTS, 6.0.13, 6.0.12, 6.0.11, 6.9.5, 6.9.4, 6.9.3, 6.9.2, 6.0.10, 6.0.9, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0 LTS

Título