Security Bulletin: regreSSHion OpenSSH Vulnerability (CVE-2024-6387)

Audience
Public
Product
FlashBlade
FlashArray
Content Type
Source Type
Common Vulnerabilities and Exposures (CVE)

Security Bulletin: regreSSHion OpenSSH Vulnerability (CVE-2024-6387)

Vulnerability Status: Final Source: Third Party / OSS Initial Publication Date: 2024-07-01 Last Updated: 2025-10-08 10:10:22

Summary:

A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.


CVE#: CVE-2024-6387

Vulnerability score (v3): 8.1

Vector (v3): 3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity (v3): 2 - High

Product(s): FlashArray, FlashBlade

Version First Fixed: Purity//FA 6.5.8, Purity//FA 6.6.10, Purity//FB 4.4.3


References:

https://nvd.nist.gov/vuln/detail/CVE-2024-6387