WID-SEC-W-2024-1486
Vulnerability from csaf_certbund
Published
2024-06-30 22:00
Modified
2024-07-24 22:00
Summary
OpenSSH: Schwachstelle ermöglicht Codeausführung

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
OpenSSH ist eine Open Source Implementierung des Secure Shell Protokolls.
Angriff
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in OpenSSH ausnutzen, um beliebigen Programmcode mit root Rechten auszuführen.
Betroffene Betriebssysteme
- Appliance - CISCO Appliance - Hardware Appliance - Linux - Sonstiges - UNIX



{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "OpenSSH ist eine Open Source Implementierung des Secure Shell Protokolls.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in OpenSSH ausnutzen, um beliebigen Programmcode mit root Rechten auszuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Appliance\n- CISCO Appliance\n- Hardware Appliance\n- Linux\n- Sonstiges\n- UNIX",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-1486 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1486.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-1486 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1486"
      },
      {
        "category": "external",
        "summary": "Qualys Blog vom 2024-06-30",
        "url": "https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server"
      },
      {
        "category": "external",
        "summary": "FreeBSD Security Advisory FREEBSD-SA-24:04.OPENSSH vom 2024-07-01",
        "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-24:04.openssh.asc"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-5724 vom 2024-07-01",
        "url": "https://lists.debian.org/debian-security-announce/2024/msg00135.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-12468 vom 2024-07-01",
        "url": "https://linux.oracle.com/errata/ELSA-2024-12468.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS-2024-649 vom 2024-07-02",
        "url": "https://alas.aws.amazon.com/AL2023/ALAS-2024-649.html"
      },
      {
        "category": "external",
        "summary": "WatchGuard Security Advisory WGSA-2024-00012 vom 2024-07-01",
        "url": "https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00012"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2024-213F33544E vom 2024-07-02",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-213f33544e"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2024-DC89A2E1BF vom 2024-07-02",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-dc89a2e1bf"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2275-1 vom 2024-07-02",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018851.html"
      },
      {
        "category": "external",
        "summary": "QNAP Security Advisory QSA-24-31 vom 2024-07-02",
        "url": "https://www.qnap.com/de-de/security-advisory/QSA-24-31"
      },
      {
        "category": "external",
        "summary": "NetBSD Security Advisory NETBSD-SA2024-002 vom 2024-07-02",
        "url": "https://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2024-002.txt.asc"
      },
      {
        "category": "external",
        "summary": "IGEL Product Security Information vom 2024-07-03",
        "url": "https://kb.igel.com/securitysafety/en/isn-2024-17-openssh-vulnerability-131268877.html"
      },
      {
        "category": "external",
        "summary": "Veriti Blog vom 2024-07-03",
        "url": "https://veriti.ai/blog/regresshion-cve-2024-6387-a-targeted-exploit-in-the-wild/"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:4312 vom 2024-07-03",
        "url": "https://access.redhat.com/errata/RHSA-2024:4312"
      },
      {
        "category": "external",
        "summary": "Securepoint UTM Changelog vom 2024-07-03",
        "url": "https://wiki.securepoint.de/UTM/Changelog"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2275-2 vom 2024-07-04",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018867.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-4312 vom 2024-07-04",
        "url": "https://linux.oracle.com/errata/ELSA-2024-4312.html"
      },
      {
        "category": "external",
        "summary": "Cisco Security Advisory CISCO-SA-OPENSSH-RCE-2024 vom 2024-07-05",
        "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssh-rce-2024"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:4340 vom 2024-07-05",
        "url": "https://access.redhat.com/errata/RHSA-2024:4340"
      },
      {
        "category": "external",
        "summary": "Arista Security Advisory vom 2024-07-08",
        "url": "https://www.arista.com/en/support/advisories-notices/security-advisory/19904-security-advisory-0100"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:4389 vom 2024-07-08",
        "url": "https://access.redhat.com/errata/RHSA-2024:4389"
      },
      {
        "category": "external",
        "summary": "HAProxy Security Update",
        "url": "https://www.haproxy.com/blog/cve-2024-6387"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7159920 vom 2024-07-10",
        "url": "https://www.ibm.com/support/pages/node/7159920"
      },
      {
        "category": "external",
        "summary": "OTRS Security Advisory OSA-2024-08 vom 2024-07-15",
        "url": "https://otrs.com/release-notes/otrs-security-advisory-2024-08/"
      },
      {
        "category": "external",
        "summary": "HPE Security Bulletin hpesbnw04669 vom 2024-07-10",
        "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04669en_us\u0026docLocale=en_US"
      },
      {
        "category": "external",
        "summary": "ALE Security Advisory",
        "url": "https://www.al-enterprise.com/-/media/assets/internet/documents/n-to-s/sa-a0010-ed02.pdf"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:4479 vom 2024-07-17",
        "url": "https://access.redhat.com/errata/RHSA-2024:4479"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:4469 vom 2024-07-17",
        "url": "https://access.redhat.com/errata/RHSA-2024:4469"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:4484 vom 2024-07-17",
        "url": "https://access.redhat.com/errata/RHSA-2024:4484"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:4631 vom 2024-07-18",
        "url": "https://access.redhat.com/errata/RHSA-2024:4631"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:4474 vom 2024-07-19",
        "url": "https://access.redhat.com/errata/RHSA-2024:4474"
      },
      {
        "category": "external",
        "summary": "Meinberg Security Advisory vom 2024-07-22",
        "url": "https://www.meinberg.de/german/news/meinberg-security-advisory-mbgsa-2024-04-lantime-firmware-v7-08-014.htm"
      },
      {
        "category": "external",
        "summary": "Huawei Security Advisory HWPSIRT-2024-56267 huawei-sa-ORCEViSHP-90459233 vom 2024-07-22 vom 2024-07-24",
        "url": "https://securitybulletin.huawei.com/enterprise/en/security-advisory"
      }
    ],
    "source_lang": "en-US",
    "title": "OpenSSH: Schwachstelle erm\u00f6glicht Codeausf\u00fchrung",
    "tracking": {
      "current_release_date": "2024-07-24T22:00:00.000+00:00",
      "generator": {
        "date": "2024-07-25T08:32:53.642+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.0"
        }
      },
      "id": "WID-SEC-W-2024-1486",
      "initial_release_date": "2024-06-30T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-06-30T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2024-07-01T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Oracle Linux, Amazon, WatchGuard und Fedora aufgenommen"
        },
        {
          "date": "2024-07-02T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von SUSE, QNAP und NetBSD aufgenommen"
        },
        {
          "date": "2024-07-03T22:00:00.000+00:00",
          "number": "4",
          "summary": "Schwachstelle wird in gezielten Angriffen ausgenutzt"
        },
        {
          "date": "2024-07-04T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2024-07-07T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von Cisco und Red Hat aufgenommen"
        },
        {
          "date": "2024-07-08T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Cisco Produkte aufgenommen"
        },
        {
          "date": "2024-07-09T22:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2024-07-10T22:00:00.000+00:00",
          "number": "9",
          "summary": "Weitere Produkte von Cisco aufgenommen"
        },
        {
          "date": "2024-07-11T22:00:00.000+00:00",
          "number": "10",
          "summary": "Weitere Produkte von Cisco aufgenommen"
        },
        {
          "date": "2024-07-14T22:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von OTRS aufgenommen"
        },
        {
          "date": "2024-07-15T22:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates aufgenommen"
        },
        {
          "date": "2024-07-16T22:00:00.000+00:00",
          "number": "13",
          "summary": "Weitere Produkte von Cisco aufgenommen"
        },
        {
          "date": "2024-07-18T22:00:00.000+00:00",
          "number": "14",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-07-21T22:00:00.000+00:00",
          "number": "15",
          "summary": "Neue Updates von Cisco"
        },
        {
          "date": "2024-07-23T22:00:00.000+00:00",
          "number": "16",
          "summary": "Neue Updates von Meinberg aufgenommen"
        },
        {
          "date": "2024-07-24T22:00:00.000+00:00",
          "number": "17",
          "summary": "Neue Updates von Huawei aufgenommen"
        }
      ],
      "status": "final",
      "version": "17"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Alcatel Lucent Enterprise AOS",
            "product": {
              "name": "Alcatel Lucent Enterprise AOS",
              "product_id": "422",
              "product_identification_helper": {
                "cpe": "cpe:/o:alcatel:aos:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Alcatel Lucent Enterprise Desk Phone",
            "product": {
              "name": "Alcatel Lucent Enterprise Desk Phone",
              "product_id": "T036148",
              "product_identification_helper": {
                "cpe": "cpe:/h:alcatel-lucent:deskphone:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Alcatel Lucent Enterprise OmniSwitch",
            "product": {
              "name": "Alcatel Lucent Enterprise OmniSwitch",
              "product_id": "T017286",
              "product_identification_helper": {
                "cpe": "cpe:/h:alcatel-lucent:omniswitch:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Alcatel Lucent Enterprise"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Amazon Linux 2",
            "product": {
              "name": "Amazon Linux 2",
              "product_id": "398363",
              "product_identification_helper": {
                "cpe": "cpe:/o:amazon:linux_2:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Amazon"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Arista EOS",
            "product": {
              "name": "Arista EOS",
              "product_id": "T007958",
              "product_identification_helper": {
                "cpe": "cpe:/o:arista:arista_eos:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Arista"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "CX Switches",
                "product": {
                  "name": "Aruba ArubaOS CX Switches",
                  "product_id": "T036139",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:arubanetworks:arubaos:cx_switches"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "ArubaOS"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "SD-WAN Orchestrator",
                "product": {
                  "name": "Aruba EdgeConnect SD-WAN Orchestrator",
                  "product_id": "T036138",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:aruba:edgeconnect:sd-wan_orchestrator"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "EdgeConnect"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "CX",
                "product": {
                  "name": "Aruba Switch CX",
                  "product_id": "T024430",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:arubanetworks:switch:aos-cx"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Switch"
          }
        ],
        "category": "vendor",
        "name": "Aruba"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Cisco ASA (Adaptive Security Appliance)",
            "product": {
              "name": "Cisco ASA (Adaptive Security Appliance)",
              "product_id": "T035033",
              "product_identification_helper": {
                "cpe": "cpe:/h:cisco:adaptive_security_appliance:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "1540",
                "product": {
                  "name": "Cisco Aironet Access Point 1540",
                  "product_id": "T016298",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:cisco:aironet_access_point_software:1540_series"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "1560",
                "product": {
                  "name": "Cisco Aironet Access Point 1560",
                  "product_id": "T020457",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:cisco:aironet_access_point_software:1560_series"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "802.11ac Wave2",
                "product": {
                  "name": "Cisco Aironet Access Point 802.11ac Wave2",
                  "product_id": "T035856",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:cisco:aironet_access_point_software:802.11ac_wave2"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Aironet Access Point"
          },
          {
            "category": "product_name",
            "name": "Cisco Application Policy Infrastructure Controller",
            "product": {
              "name": "Cisco Application Policy Infrastructure Controller",
              "product_id": "778219",
              "product_identification_helper": {
                "cpe": "cpe:/a:cisco:application_policy_infrastructure_controller:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "9800 Series Wireless Controllers",
                "product": {
                  "name": "Cisco Catalyst 9800 Series Wireless Controllers",
                  "product_id": "T017342",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:cisco:catalyst:9800_series_wireless_controllers"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "9100 Series Access Points",
                "product": {
                  "name": "Cisco Catalyst 9100 Series Access Points",
                  "product_id": "T024739",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:cisco:catalyst:9100_series_access_points"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "IW6300 Heavy Duty Series Access Points",
                "product": {
                  "name": "Cisco Catalyst IW6300 Heavy Duty Series Access Points",
                  "product_id": "T035857",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:cisco:catalyst:iw6300_heavy_duty_series_access_points"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "IW9165 Heavy Duty Series",
                "product": {
                  "name": "Cisco Catalyst IW9165 Heavy Duty Series",
                  "product_id": "T035858",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:cisco:catalyst:iw9165_heavy_duty_series"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "IW9165 Rugged Series",
                "product": {
                  "name": "Cisco Catalyst IW9165 Rugged Series",
                  "product_id": "T035859",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:cisco:catalyst:iw9165_rugged_series"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "IW9167 Heavy Duty Series",
                "product": {
                  "name": "Cisco Catalyst IW9167 Heavy Duty Series",
                  "product_id": "T035860",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:cisco:catalyst:iw9167_heavy_duty_series"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Catalyst"
          },
          {
            "category": "product_name",
            "name": "Cisco Emergency Responder",
            "product": {
              "name": "Cisco Emergency Responder",
              "product_id": "T030244",
              "product_identification_helper": {
                "cpe": "cpe:/a:cisco:emergency_responder:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Cisco Evolved Programmable Network Manager",
            "product": {
              "name": "Cisco Evolved Programmable Network Manager",
              "product_id": "T035899",
              "product_identification_helper": {
                "cpe": "cpe:/a:cisco:evolved_programmable_network_manager:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Cisco Expressway",
            "product": {
              "name": "Cisco Expressway",
              "product_id": "T014329",
              "product_identification_helper": {
                "cpe": "cpe:/a:cisco:expressway_software:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "Firepower Chassis Manager",
                "product": {
                  "name": "Cisco FXOS Firepower Chassis Manager",
                  "product_id": "T035853",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:cisco:fxos:firepower_chassis_manager"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "FXOS"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "Management Center",
                "product": {
                  "name": "Cisco Firepower Management Center",
                  "product_id": "T016458",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:cisco:firepower:management_center"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Threat Defense",
                "product": {
                  "name": "Cisco Firepower Threat Defense",
                  "product_id": "T029736",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:cisco:firepower:threat_defense"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Firepower"
          },
          {
            "category": "product_name",
            "name": "Cisco IOS XE",
            "product": {
              "name": "Cisco IOS XE",
              "product_id": "203396",
              "product_identification_helper": {
                "cpe": "cpe:/o:cisco:ios_xe:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "9841",
                "product": {
                  "name": "Cisco IP Phone 9841",
                  "product_id": "T035900",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:cisco:ip_phone:9841"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "9851",
                "product": {
                  "name": "Cisco IP Phone 9851",
                  "product_id": "T035901",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:cisco:ip_phone:9851"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "IP Phone"
          },
          {
            "category": "product_name",
            "name": "Cisco Identity Services Engine (ISE)",
            "product": {
              "name": "Cisco Identity Services Engine (ISE)",
              "product_id": "T000612",
              "product_identification_helper": {
                "cpe": "cpe:/a:cisco:identity_services_engine_software:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Cisco Meeting Server",
            "product": {
              "name": "Cisco Meeting Server",
              "product_id": "T018748",
              "product_identification_helper": {
                "cpe": "cpe:/a:cisco:meeting_server:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "3000",
                "product": {
                  "name": "Cisco Nexus 3000",
                  "product_id": "T003851",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:cisco:nexus:3000"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "9000",
                "product": {
                  "name": "Cisco Nexus 9000",
                  "product_id": "T003853",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:cisco:nexus:9000"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Nexus"
          },
          {
            "category": "product_name",
            "name": "Cisco Nexus Dashboard",
            "product": {
              "name": "Cisco Nexus Dashboard",
              "product_id": "1202977",
              "product_identification_helper": {
                "cpe": "cpe:/a:cisco:nexus_dashboard:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Cisco Prime Infrastructure",
            "product": {
              "name": "Cisco Prime Infrastructure",
              "product_id": "T000756",
              "product_identification_helper": {
                "cpe": "cpe:/a:cisco:prime_infrastructure:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ASR 5000",
                "product": {
                  "name": "Cisco Router ASR 5000",
                  "product_id": "T004611",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:cisco:router:asr_5000"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Router"
          },
          {
            "category": "product_name",
            "name": "Cisco Secure Email Gateway",
            "product": {
              "name": "Cisco Secure Email Gateway",
              "product_id": "1269011",
              "product_identification_helper": {
                "cpe": "cpe:/h:cisco:secure_email_gateway:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Cisco Secure Web Appliance",
            "product": {
              "name": "Cisco Secure Web Appliance",
              "product_id": "T034850",
              "product_identification_helper": {
                "cpe": "cpe:/h:cisco:secure_web_appliance:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Cisco Smart Software Manager On-Prem",
            "product": {
              "name": "Cisco Smart Software Manager On-Prem",
              "product_id": "T035854",
              "product_identification_helper": {
                "cpe": "cpe:/a:cisco:smart_software_manager:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "Video Communication Server",
                "product": {
                  "name": "Cisco TelePresence Video Communication Server",
                  "product_id": "T018121",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:cisco:telepresence:video_communication_server"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "TelePresence"
          },
          {
            "category": "product_name",
            "name": "Cisco Unified Communications Manager (CUCM)",
            "product": {
              "name": "Cisco Unified Communications Manager (CUCM)",
              "product_id": "T030240",
              "product_identification_helper": {
                "cpe": "cpe:/a:cisco:unified_communications_manager:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Cisco Unified Contact Center Express (UCCX)",
            "product": {
              "name": "Cisco Unified Contact Center Express (UCCX)",
              "product_id": "915286",
              "product_identification_helper": {
                "cpe": "cpe:/a:cisco:unified_contact_center_express:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Cisco Unity Connection",
            "product": {
              "name": "Cisco Unity Connection",
              "product_id": "T030242",
              "product_identification_helper": {
                "cpe": "cpe:/a:cisco:unity_connection:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "6300 Series Embedded",
                "product": {
                  "name": "Cisco Wireless Access Point 6300 Series Embedded",
                  "product_id": "T035855",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:cisco:wap:6300_series_embedded"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Wireless Access Point"
          }
        ],
        "category": "vendor",
        "name": "Cisco"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Fedora Linux",
            "product": {
              "name": "Fedora Linux",
              "product_id": "74185",
              "product_identification_helper": {
                "cpe": "cpe:/o:fedoraproject:fedora:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Fedora"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "FreeBSD Project FreeBSD OS",
            "product": {
              "name": "FreeBSD Project FreeBSD OS",
              "product_id": "4035",
              "product_identification_helper": {
                "cpe": "cpe:/o:freebsd:freebsd:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "FreeBSD Project"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c16.0.2",
                "product": {
                  "name": "HAProxy ALOHA \u003c16.0.2",
                  "product_id": "T035886",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:haproxy:aloha:16.0.2"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c15.5.12",
                "product": {
                  "name": "HAProxy ALOHA \u003c15.5.12",
                  "product_id": "T035887",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:haproxy:aloha:15.5.12"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c14.5.23",
                "product": {
                  "name": "HAProxy ALOHA \u003c14.5.23",
                  "product_id": "T035888",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:haproxy:aloha:14.5.23"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "ALOHA"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c2024-07-04",
                "product": {
                  "name": "HAProxy Enterprise \u003c2024-07-04",
                  "product_id": "T035889",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:haproxy:haproxy:2024-07-04"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Enterprise"
          }
        ],
        "category": "vendor",
        "name": "HAProxy"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Huawei AC6805",
            "product": {
              "name": "Huawei AC6805",
              "product_id": "T036448",
              "product_identification_helper": {
                "cpe": "cpe:/h:huawei:ac6805_firmware:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Huawei AirEngine",
            "product": {
              "name": "Huawei AirEngine",
              "product_id": "T036449",
              "product_identification_helper": {
                "cpe": "cpe:/h:huawei:airengine:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Huawei CloudEngine",
            "product": {
              "name": "Huawei CloudEngine",
              "product_id": "T036450",
              "product_identification_helper": {
                "cpe": "cpe:/h:huawei:cloudengine:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Huawei FusionServer Pro",
            "product": {
              "name": "Huawei FusionServer Pro",
              "product_id": "T036451",
              "product_identification_helper": {
                "cpe": "cpe:/h:huawei:fusionserver_pro:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Huawei NetEngine",
            "product": {
              "name": "Huawei NetEngine",
              "product_id": "T036455",
              "product_identification_helper": {
                "cpe": "cpe:/h:huawei:netengine:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Huawei OceanStor",
            "product": {
              "name": "Huawei OceanStor",
              "product_id": "516536",
              "product_identification_helper": {
                "cpe": "cpe:/h:huawei:oceanstor_uds:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Huawei Router",
            "product": {
              "name": "Huawei Router",
              "product_id": "T034372",
              "product_identification_helper": {
                "cpe": "cpe:/h:huawei:router:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Huawei iMaster NCE Fabric",
            "product": {
              "name": "Huawei iMaster NCE Fabric",
              "product_id": "T036454",
              "product_identification_helper": {
                "cpe": "cpe:/a:huawei:imaster_nce-fabric:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Huawei iMaster NCE FabricInsight",
            "product": {
              "name": "Huawei iMaster NCE FabricInsight",
              "product_id": "T031541",
              "product_identification_helper": {
                "cpe": "cpe:/a:huawei:imaster_nce_fabricinsight:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Huawei iMaster NCE-Campus",
            "product": {
              "name": "Huawei iMaster NCE-Campus",
              "product_id": "T036452",
              "product_identification_helper": {
                "cpe": "cpe:/a:huawei:imaster_nce-campus:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Huawei iMaster NCE-CampusInsight",
            "product": {
              "name": "Huawei iMaster NCE-CampusInsight",
              "product_id": "T036453",
              "product_identification_helper": {
                "cpe": "cpe:/a:huawei:imaster_nce-campusinsight:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Huawei"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "7.3",
                "product": {
                  "name": "IBM AIX 7.3",
                  "product_id": "1139691",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:ibm:aix:7.3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "3.1",
                "product": {
                  "name": "IBM AIX 3.1",
                  "product_id": "30380",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:ibm:aix:3.1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "4.1",
                "product": {
                  "name": "IBM AIX 4.1",
                  "product_id": "30388",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:ibm:aix:4.1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "7.2",
                "product": {
                  "name": "IBM AIX 7.2",
                  "product_id": "434967",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:ibm:aix:7.2"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "AIX"
          }
        ],
        "category": "vendor",
        "name": "IBM"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c12.4.2",
                "product": {
                  "name": "IGEL OS \u003c12.4.2",
                  "product_id": "T035571",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:igel:os:12.4.2"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c11.10.150",
                "product": {
                  "name": "IGEL OS \u003c11.10.150",
                  "product_id": "T035572",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:igel:os:11.10.150"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "OS"
          }
        ],
        "category": "vendor",
        "name": "IGEL"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cV7.08.014",
                "product": {
                  "name": "Meinberg LANTIME \u003cV7.08.014",
                  "product_id": "T036396",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:meinberg:lantime:v7.08.014"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "LANTIME"
          }
        ],
        "category": "vendor",
        "name": "Meinberg"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "NetBSD Foundation NetBSD OS",
            "product": {
              "name": "NetBSD Foundation NetBSD OS",
              "product_id": "7660",
              "product_identification_helper": {
                "cpe": "cpe:/o:netbsd:netbsd:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "NetBSD Foundation"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "SaaS platform \u003c2024-07",
                "product": {
                  "name": "OTRS OTRS SaaS platform \u003c2024-07",
                  "product_id": "T036136",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:otrs:otrs:2024-07::saas_platform"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "OTRS"
          }
        ],
        "category": "vendor",
        "name": "OTRS"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c9.8p1",
                "product": {
                  "name": "Open Source OpenSSH \u003c9.8p1",
                  "product_id": "T035701",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:openbsd:openssh:9.8p1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003e=8.5p1",
                "product": {
                  "name": "Open Source OpenSSH \u003e=8.5p1",
                  "product_id": "T035702",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:openbsd:openssh:8.5p1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "OpenSSH"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "QNAP NAS",
            "product": {
              "name": "QNAP NAS",
              "product_id": "T017100",
              "product_identification_helper": {
                "cpe": "cpe:/h:qnap:nas:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "QNAP"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c12.6.5.1",
                "product": {
                  "name": "Securepoint UTM \u003c12.6.5.1",
                  "product_id": "T035805",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:securepoint:unified_threat_management:12.6.5.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "UTM"
          }
        ],
        "category": "vendor",
        "name": "Securepoint"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "WatchGuard Firebox",
            "product": {
              "name": "WatchGuard Firebox",
              "product_id": "T030882",
              "product_identification_helper": {
                "cpe": "cpe:/a:watchguard:firebox:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "WatchGuard"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-6387",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in OpenSSH. In glibc-basierten Systemen kommt es im sshd unter bestimmten Umst\u00e4nden zu einer Signalhandler-Race-Condition. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Code mit root Rechten zur Ausf\u00fchrung zu bringen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T030244",
          "T030882",
          "T035856",
          "T035855",
          "T035899",
          "T035854",
          "T035853",
          "T035859",
          "T035858",
          "T035857",
          "T016458",
          "1202977",
          "T035572",
          "T035571",
          "T036148",
          "30380",
          "T004914",
          "T030240",
          "T018121",
          "T030242",
          "T016298",
          "1139691",
          "30388",
          "T000756",
          "T029736",
          "398363",
          "T035900",
          "T031541",
          "T003851",
          "434967",
          "T003853",
          "T035901",
          "T034372",
          "T034850",
          "T036396",
          "T017286",
          "T035860",
          "T024739",
          "2951",
          "T002207",
          "203396",
          "T020457",
          "7660",
          "516536",
          "67646",
          "T036448",
          "4035",
          "T004611",
          "T036449",
          "T035033",
          "T000612",
          "T018748",
          "1269011",
          "T035889",
          "T035888",
          "T035887",
          "T035886",
          "T035805",
          "T036139",
          "T014329",
          "T036454",
          "T036136",
          "T036455",
          "T007958",
          "T036138",
          "T036450",
          "T036451",
          "74185",
          "T036452",
          "T017100",
          "T017342",
          "T036453",
          "422",
          "778219",
          "915286",
          "T024430"
        ]
      },
      "release_date": "2024-06-30T22:00:00Z",
      "title": "CVE-2024-6387"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.