ГлавнаяУязвимости → CVE-2024-6387
8.1высокая

CVE-2024-6387

→ есть в БДУ: BDU:2024-06777 (на русском)
Описание (на английском; русское — в БДУ выше)

A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.

Затрагиваемое ПО
Sonicwall Sma 6200 firmwareSonicwall Sma 6200Sonicwall Sma 7200 firmwareSonicwall Sma 7200Arista EosCanonical Ubuntu linuxAlmalinux AlmalinuxSonicwall Sma 6210 firmwareSonicwall Sma 6210Sonicwall Sma 7210 firmwareSonicwall Sma 7210Sonicwall Sma 8200v firmwareSonicwall Sma 8200vSonicwall Sra ex 7000 firmwareSonicwall Sra ex 7000Netapp A1k firmwareNetapp A1kNetapp A70 firmwareNetapp A70Netapp A90 firmwareNetapp A90Netapp A700s firmwareNetapp A700sNetapp 8300 firmwareNetapp 8300
CVSS
Балл8.1 — высокая
ВекторCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://access.redhat.com/errata/RHSA-2024:4312https://access.redhat.com/errata/RHSA-2024:4340https://access.redhat.com/errata/RHSA-2024:4389https://access.redhat.com/errata/RHSA-2024:4469https://access.redhat.com/errata/RHSA-2024:4474https://access.redhat.com/errata/RHSA-2024:4479https://access.redhat.com/errata/RHSA-2024:4484https://access.redhat.com/security/cve/CVE-2024-6387