RHEL 8 - RCE (CVE-2024-6387)
2757Exploiting IPs reported
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
CrowdSec analysis
CVE-2024-6387 is a vulnerability in OpenSSH’s server (sshd) stemming from a security regression that introduces a race condition, allowing certain signals to be handled unsafely. This flaw enables unauthenticated remote attackers to potentially disrupt the service or execute arbitrary actions by exploiting authentication timing behaviors.
CrowdSec has been tracking this vulnerability and its exploits since 1st of July 2024.
CrowdSec network data shows that most actors exploiting CVE-2024-6387 rely on broad, untargeted scans with minimal filtering. The activity is largely automated and opportunistic in nature. CrowdSec data also reveals a clear uptick in attacks involving CVE-2024-6387 over the past week. Activity is above the usual baseline, suggesting growing attention from attackers. This may reflect rising awareness, recent exploit releases, or expanded targeting efforts.
Attackers usually try to trigger the race condition by repeadedly spamming connection attempts.
Exploitation
Get real-time information about exploitation attempts and actors involved.
Common Weakness Enumeration (CWE)
Protection
Find out relevant information to protect your stack against this CVE.
Blocklist
With our advanced worldwide network detection, CrowdSec can provide a list of IPs known for exploiting the vulnerability.
To increase your protection against this CVE, block exploitation attempts with this list of identified actors.