Security Article Type
Security KB
CVE Identifier
CVE-2024-6387
![This hyperlink is taking you to a website outside of Dell Technologies. This hyperlink is taking you to a website outside of Dell Technologies.](https://i.dell.com/is/image/DellContent/pop-up-arrow-corner-carbon-64px-1)
Issue Summary
Security Vulnerability Scanner detects the following vulnerabilities with vProxy/NVE (NetWorker Virtual Edition): CVE-2024-6387
There is a high-risk Remote Code Execution (RCE) vulnerability (CVE-2024-6387) in OpenSSH.
Recommendations
The NVE and vProxies prior to 19.11 are deployed on SUSE 12 SP5 and are not affected by CVE-2024-6387.
The NetWorker 19.11 vProxy release is deployed on SUSE 15 SP4 and is not affected by
CVE-2024-6387.
Environment test result does not have affected OpenSSH version:
SUSE official documentation: https://www.suse.com/security/cve/CVE-2024-6387.html
This issue affects openssh up to 4.4 and starting with 8.5 up to 9.7.
Versions between 4.5 and 8.4 are not affected. This means SUSE Linux Enterprise 11 up to 15 SP5 are not affected.
Additional Information