VDB
CVE-2024-6387
CVE-2024-6387
PUBLISHED
CVSS 8.100000381469727 HIGH
The vulnerability is a signal handler race condition in OpenSSH’s server (sshd) on glibc-based Linux systems, allowing unauthenticated remote code execution (RCE) as root.
EPSS 63.84% · 98.4th percentile
Risk Scores
CVSS v3.1
8.100000381469727
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:W/RC:R
EPSS Score
63.84%
98.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| ABB | Arctic ARR600 with firmware version>=3.4.10 to <=3.4.13 | |
| ABB | Arctic ARG600 with firmware version>=3.4.10 to <=3.4.13 | |
| ABB | Arctic ARC600 with firmware version>=3.4.10 to <=3.4.13 | |
| ABB | Arctic ARP600 with firmware version>=3.4.10 to <=3.4.13 |
Timeline
- Jan 20, 1970 VulnCheck XDB Entry
- Jun 30, 2024 CVE Published
- Jul 1, 2024 PoC Published
- Jul 2, 2024 PoC Published
- Jul 2, 2024 EPSS Score
- Jul 3, 2024 PoC Published
- Jul 17, 2024 VulnCheck KEV Exploitation
- Jul 24, 2024 EPSS Score
- Oct 5, 2024 Coalition ESS Score
- Feb 16, 2025 Coalition ESS Score
- Mar 12, 2025 VulnCheck KEV Exploitation
- Mar 17, 2025 EPSS Score
References
- https://psirt.abb.com/csaf/2025/2nga002427.json advisory
- https://new.abb.com/service/electrification/life-cycle-management?pe_data=D42415F457244415145784545584371%7C29609824 advisory
- https://search.abb.com/library/Download.aspx?DocumentID=1MRS758860&LanguageCode=en&DocumentPartId=&Action=Launch advisory
- https://search.abb.com/library/Download.aspx?DocumentID=2NGA002427&LanguageCode=en&DocumentPartId=PDF&Action=Launch advisory
- https://nvd.nist.gov/vuln/detail/CVE-2024-6387 advisory
- Regresshion vulnerability: Recommended actions and steps we've taken third-party-analysis