On Monday, July 1, 2024. The Qualys Threat Research Unit published a security advisory detailing a re-introduction of a previously patched unauthenticated Remote Code Execution (RCE) vulnerability in OpenSSH’s server (sshd) on glibc-based Linux systems, assigned to CVE-2024-6387, dubbed regreSSHion.
Qualys reports that the following versions of OpenSSH are vulnerable to CVE-2024-6387:
| Version | Vulnerable |
|---|---|
| OpenSSH < 4.4p1 | Yes (unless patches have been backported against (CVE-2006-5051 and CVE-2008-4109) |
| 4.4p1 <= OpenSSH < 8.5p1 | No |
| 8.5p1 <= OpenSSH < 9.8p1 | Yes |
The device model MHD-8100 4G Rev.1.1 is affected by the vulnerability.
Update your OS packages using a console command:
get-apt-updates
SMSEagle continuously monitors and reports cybersecurity threats, enabling our customers to proactively take necessary mitigation steps to maintain the security of their devices. To assist you in managing and mitigating security risks SMSEagle offers product advisories.
