Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.
Sign In Create an Account Dell Financial Services Premier Sign In Partner Program Sign In
Contact Us

Your Dell.com Carts

Article Number: 000226836

NetWorker: vProxy/NVE detected CVE-2024-6387 Vulnerability

Summary: A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead to sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period. ...

Article Content

Security Article Type

Security KB

CVE Identifier

CVE-2024-6387 This hyperlink is taking you to a website outside of Dell Technologies.

Issue Summary

Security Vulnerability Scanner detects the following vulnerabilities with vProxy/NVE (NetWorker Virtual Edition): CVE-2024-6387
There is a high-risk Remote Code Execution (RCE) vulnerability (CVE-2024-6387) in OpenSSH. 

Recommendations

The NVE and vProxies prior to 19.11 are deployed on SUSE 12 SP5 and are not affected by CVE-2024-6387.
The NetWorker 19.11 vProxy release is deployed on SUSE 15 SP4 and is not affected by CVE-2024-6387.

Environment test result does not have affected OpenSSH version:
SUSE official documentation: https://www.suse.com/security/cve/CVE-2024-6387.html This hyperlink is taking you to a website outside of Dell Technologies.
This issue affects openssh up to 4.4 and starting with 8.5 up to 9.7. Versions between 4.5 and 8.4 are not affected. This means SUSE Linux Enterprise 11 up to 15 SP5 are not affected.
 

Additional Information

More information can be found here:
NVD - CVE-2024-6387 (nist.gov)
CVE-2024-6387 Common Vulnerabilities and Exposures | SUSE

Any security updates or mitigations are communicated at https://www.dell.com/support/security when they become available.

Legal Information

Article Properties

Affected Product

NetWorker

Last Published Date

26 Jul 2024

Version

1

Article Type

Security KB

Back to Top