We’d like to notify you of the vulnerability CVE-2024-6387/regreSSHion that can lead to full system compromise if left unpatched. If you’re using OpenSSH in your environment this vulnerability can allow threat actors to gain root access with no user interaction.


Any OpenSSH version earlier than 4.4p1 is affected (unless they are patched for CVE-2006-5051 and CVE-2008-4109) as well as 8.5p1 up to, but not including, 9.8p1.


We recommend patching as soon as possible. If you are unable to patch immediately, please limit SSH until you are able to do so.


You can find more information from Qualys HERE.