Cyber Resilience

CVE-2024-6387

HighPublic PoC

Published: 01 July 2024

Published
01 July 2024
Modified
12 May 2026
KEV Added
Patch
03 July 2024
CVSS Score v3.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.9951 99.9th percentile
Risk Priority 80 floored blend · peak EPSS

Summary

CVE-2024-6387 is a high-severity Signal Handler Race Condition (CWE-364) vulnerability in Freebsd Freebsd. Its CVSS base score is 8.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked in the top 0.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

CVE-2024-6387 is a security regression of the earlier CVE-2006-5051 flaw in OpenSSH's sshd server component. It stems from a race condition that allows sshd to handle certain signals unsafely during authentication, specifically when a client fails to complete authentication within a defined time window.

An unauthenticated remote attacker can trigger the race condition over the network without any credentials or user interaction. Successful exploitation can lead to arbitrary code execution with root privileges on the affected server, as reflected in the CVSS 8.1 score covering high impact to confidentiality, integrity, and availability.

Red Hat has published multiple errata (RHSA-2024:4312, RHSA-2024:4340, RHSA-2024:4389, RHSA-2024:4469, and RHSA-2024:4474) that address the issue through updated OpenSSH packages; organizations should apply these patches promptly to eliminate the regression. The EPSS score has reached 0.6579 without evidence of a material rise from a low baseline.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to…

more

authenticate within a set time period.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
Why these techniques?

CVE-2024-6387 enables unauthenticated remote code execution in OpenSSH sshd via a signal handling race condition exploitable by remote attackers, mapping to T1210: Exploitation of Remote Services.

CVEs Like This One

CVE-2023-4911Same product: Canonical Ubuntu Linux
CVE-2025-26465Same product: Debian Debian Linux
CVE-2025-44014Same product class: NAS / storage appliance
CVE-2022-0847Same product: Redhat Enterprise Linux
CVE-2025-48725Same product class: NAS / storage appliance
CVE-2025-52864Same product class: NAS / storage appliance
CVE-2025-52863Same product class: NAS / storage appliance
CVE-2025-52872Same product class: NAS / storage appliance
CVE-2021-44228Same product: Debian Debian Linux
CVE-2025-24813Same product: Debian Debian Linux

Affected Assets

sonicwall
sma 6200 firmware
all versions
sonicwall
sma 7200 firmware
all versions
arista
eos
4.32.0 — 4.32.1f
canonical
ubuntu linux
22.04, 22.10, 23.04, 23.10, 24.04
almalinux
almalinux
9.0
sonicwall
sma 6210 firmware
all versions
sonicwall
sma 7210 firmware
all versions
sonicwall
sma 8200v firmware
all versions
sonicwall
sra ex 7000 firmware
all versions
netapp
a1k firmware
all versions
+43 more product configuration(s) — see NVD for full list

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-362

Accurate timestamps from internal clocks enable detection of race conditions by providing reliable event ordering in audit logs.

addresses: CWE-362

Coordination of concurrent security activities reduces the probability that shared resources will be accessed simultaneously without proper synchronization.

References