CVE-2024-6387 Informational Bulletin: Impact of OpenSSH regreSSHion Vulnerability
Informational
Description
The Palo Alto Networks Product Security Assurance team has evaluated CVE-2024-6387, known as "regreSSHion", as it relates to our products.
The SSH features in PAN-OS are not affected by CVE-2024-6387.
At present, no other Palo Alto Networks products are known to contain the vulnerable software packages and be impacted by these issues.
Protecting our customers is our highest priority. Palo Alto Networks and its Unit 42 threat research team are closely monitoring all developments. More information can be found in the Unit 42 threat brief: https://unit42.paloaltonetworks.com/threat-brief-cve-2024-6387-openssh/
| CVE | Summary |
|---|---|
| CVE-2024-6387 | A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). |
Product Status
| Versions | Affected | Unaffected |
|---|---|---|
| Cloud NGFW | None | All |
| PAN-OS | None | All |
| Prisma Access | None | All |
Exploitation Status
Palo Alto Networks is not aware of any malicious exploitation of these issues in any of our products.
Weakness Type
CWE-364 Signal Handler Race Condition
Solution
No software updates are required at this time.