CVE-2024-6409

HIGH

CVSS v3

7

HIGH

EPSS Score

76.7%

exploit probability

CISA KEV

No

known exploited

Exploitation

SSVC status

Description

A race condition vulnerability was discovered in how signals are handled by OpenSSH's server (sshd). If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). As a consequence of a successful attack, in the worst case scenario, an attacker may be able to perform a remote code execution (RCE) as an unprivileged user running the sshd server.

Technical Details

Published
7/8/2024

Frequently Asked Questions

What is CVE-2024-6409?

A race condition vulnerability was discovered in how signals are handled by OpenSSH's server (sshd). If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). As a consequence of a successful attack, in the worst case scenario, an attacker may be able to perform a remote code execution (RCE) as an unprivileged user running the sshd server.

Is CVE-2024-6409 actively exploited?

Active exploitation of CVE-2024-6409 has not been confirmed. The EPSS score is 76.7%, indicating the estimated probability of exploitation in the next 30 days.

What is the CVSS score for CVE-2024-6409?

CVE-2024-6409 has a CVSS v3 base score of 7 (HIGH severity).

Is CVE-2024-6409 affecting your environment?

Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.