Return of the RCE: Addressing the regreSSHion Vulnerability – CVE-2024-6378

Originally published by Pentera. A Regrettable Resurgence On July 1, 2024, the Qualys Threat Research Unit (TRU) published their discovery of an unauthenticated remote code execution (RCE) vulnerability in OpenSSH, a tool for secure remote connectivity using the Secure Shell (SSH) protocol. The bug, assigned CVE-2024-6387, is a regression of a previously patched vulnerability, impacting OpenSSH version 8.5p1 up to (but not including) 9.8p1, as well as unpatched versions older than 4.4p1.The s…