← Back to Security Advisories Overview
Informational
CVE(s)
CVE-2024-6387
Updated:
Product(s)
Cloud Optix
Intercept X Endpoint
Sophos Central
Sophos Email
Sophos Firewall
Sophos Home
Sophos Mobile
Sophos Mobile EAS Proxy
Sophos RED
Sophos Secure Workspace (Android)
Sophos Switch
Sophos UTM
Sophos Wireless
SophosLabs Intelix
Publication ID:
sophos-sa-20240704-regresshion
Article Version:
3
First Published:
Workaround:
No
Overview
On Monday, July 1, 2024, the Qualys Threat Research Unit published a security advisory detailing a re-introduction of a previously patched unauthenticated Remote Code Execution (RCE) vulnerability in OpenSSH’s server (sshd) on glibc-based Linux systems, assigned to CVE-2024-6387, dubbed regreSSHion.
Since the initial announcement, other security researchers have released examples of potential PoCs detailing methods to exploit this vulnerability.
Vulnerable OpenSSH Versions
Qualys reports that the following versions of OpenSSH are vulnerable to CVE-2024-6387:
| Version | Vulnerable |
|---|---|
| OpenSSH < 4.4p1 | Yes (unless patches have been backported against (CVE-2006-5051 and CVE-2008-4109) |
| 4.4p1 <= OpenSSH < 8.5p1 | No |
| 8.5p1 <= OpenSSH < 9.8p1 | Yes |
Are Sophos products are affected?
The following products have been reviewed against the regreSSHion vulnerability:
| Product or Service | Status | Description |
|---|---|---|
| Cloud Optix | Not affected | Component not present |
| SG UTM (all versions) | Not affected | Vulnerable code not present |
| Sophos Central | Not affected | Vulnerable code not present |
| Sophos Endpoint Protection (Windows) | Not affected | Component not present |
| Sophos Endpoint Protection (macOS) | Not affected | Component not present |
| Sophos Endpoint Protection (Linux) | Not affected | Component not present |
| Sophos Email | Not affected | Vulnerable code not present |
| Sophos Firewall (all versions) | Not affected | Vulnerable code not present |
| SophosConnect Client | Not affected | Component not present |
| Sophos Home (Windows) | Not affected | Component not present |
| Sophos Home (MacOS) | Not affected | Component not present |
| SophosLabs Intelix | Not affected | Component not present |
| Sophos Mobile | Not affected | Component not present |
| Sophos Mobile EAS Proxy | Not affected | Component not present |
| Sophos Mobile Control app (iOS + Android) | Not affected | Component not present |
| Sophos Intercept X for Mobile app (iOS + Android) | Not affected | Component not present |
| Sophos Secure Email app (iOS + Android) | Not affected | Component not present |
| Sophos Secure Workspace app (iOS + Android) | Not affected | Component not present |
| Sophos Chrome Security | Not affected | Component not present |
| Sophos PhishThreat | Not affected | Vulnerable code not present |
| Sophos RED | Not affected | Vulnerable code not present |
| Sophos AP/APX (SFOS Managed) | Not affected | Vulnerable code not present |
| Sophos AP/APX (Central Managed) | Not affected | Vulnerable code not present |
| Sophos Wireless | Not affected | Vulnerable code not present |
| Sophos DNS Protection | Not affected | Vulnerable code not present |
| SUSI | Not affected | Component not present |
| AV Engine (all platforms) | Not affected | Component not present |