San Jose, California – Cisco recently issued a security advisory warning of a critical remote code execution vulnerability known as “regreSSHion” affecting multiple products. The vulnerability, identified as CVE-2024-6387, was disclosed by the Qualys Threat Research Unit in July 2024. It specifically targets the OpenSSH server in glibc-based Linux systems, potentially allowing unauthorized attackers to gain root access to affected systems.
The regreSSHion vulnerability is actually a resurgence of an older flaw (CVE-2006-5051) that resurfaced in OpenSSH version 8.5p1, released in October 2020. This flaw involves a race condition in the sshd’s SIGALRM handler, which can lead to unauthenticated privilege escalation on vulnerable systems.
Cisco has identified several of its products across different categories as being affected by this vulnerability. The company is actively investigating its product line to fully assess the scope of impacted devices and is working on releasing fixes to address the issue.
To mitigate the risk of exploitation, Cisco recommends taking several steps, including restricting SSH access to trusted hosts only, upgrading to the latest patched version of OpenSSH as it becomes available, and adjusting the LoginGraceTime parameter in the sshd configuration file.
The Cisco Product Security Incident Response Team (PSIRT) is aware of the availability of a proof-of-concept exploit code for this vulnerability. While there have been no reports of malicious exploitation yet, Cisco continues to monitor the situation closely and update its advisory as new information emerges.
The regreSSHion vulnerability poses a significant threat to a wide range of Cisco products. Customers are urged to follow Cisco’s recommendations and apply the necessary patches and mitigations to safeguard their systems from potential exploitation. Cisco emphasizes the importance of staying vigilant and proactive in addressing cybersecurity threats to ensure the protection of systems and data.