OpenSSH RCE Vunerability: "regreSSHion"
Priority: ● High
Status: In Progress- Undergoing Analysis
First Published: 10 July 2024
Advisory Version: 2.0
References: CVE-2024-6387
Summary
A vulnerability was recently discovered in OpenSSH versions 8.5p1 to 9.8p1 that could allow an attacker to remotely execute code. This vulnerability does not affect OpenSSH versions prior to 8.5p1, and has since been patched in OpenSSH versions 9.8p1 and later.
The vulnerability stems from "sshd", the daemon program for OpenSSH, handling some signals in a way that could cause a race condition. An attacker could potentially trigger this condition, ultimately leaving the target system in an inconsistent state and vulnerable to remote, arbitrary code execution.
Additional information about this vulnerability can be found at these sources:
Affected Products
Vulnerable Products
Hitachi Vantara is currently investigating its product lines to determine if any are affected by this vulnerability. If any are found to be impacted, they will be indicated in this section or in subsequent updates to this advisory, along with information regarding fixed release versions (if such information is available at the time).
NOTE: Any cited product documentation, including product-specific Alerts and Technical Bulletins, are available to Hitachi Vantara customers logged into Support Connect.
| Product | Notes |
| Storage Products |
| Hitachi Virtual Storage Platform VSP E990, VSP E790, VSP E590 | CVE-2024-6387 - Microcode releases from February 2024 onward contain an affected version of OpenSSH. Release of a fixed version is being scheduled. Pending this release, exposure can be mitigated by controlling access to the GUM management port from accessible hosts. |
| Hitachi Virtual Storage Platform VSP G130, F/G350, VSP F/G370, VSP F/G700, VSP F/G900 | CVE-2024-6387 - Microcode releases from February 2024 onward contain an affected version of OpenSSH. Release of a fixed version is being scheduled. Pending this release, exposure can be mitigated by controlling access to the GUM management port from accessible hosts. |
| Hitachi Virtual Storage Platform VSP G200, VSP F/G/N400, VSP F/G/N600, VSP F/G/N800 | CVE-2024-6387 - Microcode releases from February 2024 onward contain an affected version of OpenSSH. Release of a fixed version is being scheduled. Pending this release, exposure can be mitigated by controlling access to the GUM management port from accessible hosts. |
Products Confirmed Not Vulnerable
At the time of this advisory's publication, only products listed in the Vulnerable Products section above are confirmed to be affected by this vulnerability.
* As this is an ongoing investigation across all Hitachi Vantara product lines, please note that products may be reclassified as vulnerable as they continue to be evaluated for risk as additional information pertaining to CVE-2023-48795 is released.
| Product | Notes |
| Storage Products |
| Hitachi Virtual Storage Platform VSP 5100, VSP 5100H, VSP 5500, VSP 5500H (VSP 5x00) RAID 900 |
CVE-2024-6387: Not vulnerable - Affected components not used in current microcode. |
| Hitachi Virtual Storage Platform VSP 5200, VSP 5200H, VSP 5600, VSP 5600H (VSP 5x00) RAID 900 |
CVE-2024-6387: Not vulnerable - Affected components not used in current microcode. |
| Content Products |
| Hitachi Data Ingestor (HDI/HFSM) | CVE-2024-6387: Not vulnerable - Affected components not used. |
| Content Platform S Series | CVE-2024-6387: Not vulnerable - Affected components not used. |
| Content Software for File (HCSF) | CVE-2024-6387: Not vulnerable - Affected components not used. |
| Content Intelligence (HCI/HCM) | CVE-2024-6387: Not vulnerable - Affected components not used. |
| Content Platform Anywhere | CVE-2024-6387: Not vulnerable - Affected components not used. |
| Content Platform Anywhere Enterprise | CVE-2024-6387: Not vulnerable - Affected components not used. |
| HCP for Cloud Scale | CVE-2024-6387: Not vulnerable - Affected components not used. |
| Content Platform Gateway | CVE-2024-6387: Not vulnerable - Affected components not used. |
| Ops Center Protector (HDID) | CVE-2024-6387: Not vulnerable - Affected components not used. |
| Network Attached Storage |
| Network Attached Storage (HNAS) Products All |
CVE-2024-6387: Not vulnerable - Affected components not used. |
| Software Products |
| Hitachi Remote Ops (HRO) | CVE-2024-6387: Not vulnerable - OpenSSH is not used. |
| Hitachi Ops Center Analyzer Detailview | CVE-2024-6387: Not vulnerable - Affected components not used. |
| Hitachi Ops Center Protector | CVE-2024-6387: Not vulnerable - Affected components not used. |
| Hitachi Virtual Storage System Block (VSSB) | CVE-2024-6387: Not vulnerable - Affected components not used. |
Recommended Actions
Please continue to check this Security Advisory as new information will be added to it as it becomes available.
If any of the information presented above remains unclear, please contact the Hitachi Vantara Global Support Center, or your Vantara-authorized service and support provider.
The information contained herein is for informational purposes only. It is not intended as a guaranty or warranty about Hitachi Vantara’s products, including any guaranty or warranty that any product cannot be exploited by third parties. All product warranties and obligations to a customer must be specified in a mutually acceptable and executed contract between the parties.