8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
6.7 Medium
AI Score
Confidence
Low
0.0005 Low
EPSS
Percentile
17.3%
Security Advisory Description
A signal handler race condition was found in OpenSSH’s server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd’s SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). (CVE-2024-6387)
Impact
For products with Nonein the Versions known to be vulnerable column, there is no impact.
For products with ****** in the various columns, F5 is still researching the issue and will update this article after confirming the required information. F5 Support has no additional information about this issue.
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
6.7 Medium
AI Score
Confidence
Low
0.0005 Low
EPSS
Percentile
17.3%