Cisco Unified Computing System Remote Code Execution Vulnerability (regreSSHion) (cisco cisco-sa-openssh-rce-2024)

🗓️ 05 May 2026 00:00:00Reported by TenableType

Code execution in Cisco Unified Computing System via sshd race enables unauthenticated root access.

Reporter	Title	Published	Views	Family All 378
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data v4.8.5 is affected by a arbitrary code execution in OpenSSH server [CVE-2024-6387]	23 Jul 202421:10	–	ibm
IBM Security Bulletins	Security Bulletin: OpenSSH for IBM i is vulnerable to an attacker executing arbitrary code due to a signal handler race condition. [CVE-2024-6387]	28 Aug 202422:02	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Data Virtualization on Cloud Pak for Data is vulnerable to OpenSSH vulnerability CVE-2024-6387	10 Aug 202403:11	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in OpenSSH	5 Sep 202421:46	–	ibm
IBM Security Bulletins	Security Bulletin: IBM watsonx Orchestrate for IBM Cloud Pak for Data affected by vulnerability in OpenSSH CVE-2024-6387	6 Aug 202419:15	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to OpenSSH arbitrary code execution vulnerability [CVE-2024-6387]	21 Aug 202414:47	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in OpenSSH and OpenSSL affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products	15 Apr 202503:54	–	ibm
IBM Security Bulletins	Security Bulletin: AIX is vulnerable to arbitrary code execution (CVE-2024-6387) due to OpenSSH	9 Jul 202422:03	–	ibm
IBM Security Bulletins	Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities	4 Feb 202518:06	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to OpenSSH arbitrary code execution vulnerability (CVE-2024-6387)	28 Jan 202522:08	–	ibm

Source	Link
nessus	www.nessus.org/u
bst	www.bst.cloudapps.cisco.com/bugsearch/bug/CSCwk78644
bst	www.bst.cloudapps.cisco.com/bugsearch/bug/CSCwk62723
bst	www.bst.cloudapps.cisco.com/bugsearch/bug/CSCwk62266
bst	www.bst.cloudapps.cisco.com/bugsearch/bug/CSCwk79616
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#TRUSTED 5e6d84b5c1d6404cce005cef8a0620962090eca0f83b623ea97a1ce01c32ce7bc2589415e57cf17fa8578defb637fc5f8c1504c481d4062ca7cfac472ae4cc3ac960302ae64ecc587bfef6b959974ab0030fdca721b026cd567dc0c38d272372340ae7993d9944199b7155ed83035c264462da03b477a0f8cd9319801776adff25fc0438c8a86dc8ffc0773a4a5f7428ad44e681c3d05d27e546af25bcd8962218b0d422405bb8da74c9b4aba77535f26843a2a5e1517e21b8d051a7ee70723c8d1d4feb589217db360f51d1627e676e1f260e620ad246d7db358e329d62a1147d25c0c9379b8468dd1b497a3164f1d2b6b4c2cad05a18e274383c05661e6bf7ce948909bf2a2ee575e8a430350f0e4d5a47cabdd09bd9199b61c68f1f1ec07a3c9e9dd8ff919f5e597dd41fd970311188504dd3ecb4597ee05bae2ea44012aa5e68f90ee100ceb499865296f0c944e814c936838e3bbe0389275d8d152db949e04f1fe8b290d48a8a098ff7316dcbb8c97b6f48fde2e7a7c4d06821a754fbb257c707c97ee15d7752be3f50bf59f420011a92417669f53453e60671bf5cd441b58945dfaeae6ff3948e1d0658ffeee203a7679875be94e1104cd19fb28ac7b760149b60807d5cb53358b638b4292451ad127635825eede4e5b33a86a0f1322ddc63dfc02bba65eba7cc19c935703bb3d9c797f4c08c9d62048e48f376f73ce1
#TRUST-RSA-SHA256 1096e14b8bf810abddb2e0de45e27e0d2b5aca4921ce3fdbc1b4197de5cca3e40bde4ae0b88ab5af20ba5c34f2b61fcc668e19f698b5d7e93e0063502727058b3b6c059b4dfdbad3f41fd301745a59fea7569cb9d6c351edd4b7727c90f8a3cdb9a0387c6c6f56bfbdb9ecad54e398127b3e8099c554fab918440ddbe05d9e6531b11ede3c9d144c398a5cd263c61ae50e6a741ddd92afa578dea3cebf05c513b3f88ab1103562b81683be028823dd3abf0125c143921f963f1400fac072b5b5a21c04d210cd4f61f6b5f5880f832a20adfd3befd6315d32908e181b73106fc25268a443e0059559420bd0e2fff8d7f7870648e0b979f4cc983eb47fc2a144fd4a9851443a614d0d6b843ee3136c723001dbda1c465fbf1b61ffa4281e81dd9164805ed66f68ecea8dfa21dee9f758f9156167d0e9b7a962b6ee7e922afe1ae06f872a9c5924454cb23272065223c69e44057f15029e0c4491c3bff3e774db7073c6dfd7c2f37969c9fabe58cc7613716a25396e1834525bf071f6979016c7eb0784386f45f99dfb09b17a406f03af2b21c850e29d204ca915a5e46f4cdf04a7d6f00e5acbac0e7d1205e6ff001e5c7159ba80b4bf4eaff65505742f5a78ee0ff1b6a3562dacfcb93251ae3026346945d9470c18be8a113ef73b6be31201235c9ded2e5f54b88ae9d1efd6ce893a7cf2df67ffd1de56599fcad714028aee7145
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(312163);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/05/06");

  script_cve_id("CVE-2024-6387");
  script_xref(name:"CISCO-BUG-ID", value:"CSCwk79616");
  script_xref(name:"CISCO-BUG-ID", value:"CSCwk78644");
  script_xref(name:"CISCO-BUG-ID", value:"CSCwk62266");
  script_xref(name:"CISCO-BUG-ID", value:"CSCwk62723");
  script_xref(name:"CISCO-SA", value:"cisco-sa-openssh-rce-2024");
  script_xref(name:"IAVA", value:"2024-A-0375-S");

  script_name(english:"Cisco Unified Computing System Remote Code Execution Vulnerability (regreSSHion) (cisco cisco-sa-openssh-rce-2024)");

  script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch.");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version, Cisco Unified Computing System is affected by a vulnerability.

  - A remote code execution vulnerability exists in Cisco Unified Computing System due to a signal handler race condition 
    found in sshd, where a client does not authenticate within LoginGraceTime seconds, after which the sshd SIGALRM handler
    is called asynchronously. An unauthenticated, remote attacker can exploit this to call various functions that are not
    async-signal-safe with root privileges. (CVE-2024-6387)

Please see the included Cisco BIDs and Cisco Security Advisory for more information.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.");
  # https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssh-rce-2024
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?1ac35fe1");
  script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk78644");
  script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk62723");
  script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk62266");
  script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk79616");
  script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug IDs CSCwk79616, CSCwk78644, CSCwk62266, CSCwk62723.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-6387");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/07/01");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/07/01");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/05/05");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:unified_computing_system_central");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CISCO");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("cisco_ucs_central_webui_detect.nbin");
  script_require_keys("installed_sw/Cisco UCS Central WebUI", "Settings/ParanoidReport");
  script_require_ports("Services/www", 80, 443);

  exit(0);
}

include('ccf.inc');
include('http.inc');

# Workarounds are available, but we cannot check for them.
if (report_paranoia < 2)
  audit(AUDIT_PARANOID);

var app_name = 'Cisco UCS Central WebUI';
var port = get_http_port(default:443);

var product_info = cisco::get_product_info(name:app_name, port:port);

var vuln_ranges = [
  {min_ver: '4.2(3b)', fix_ver: '4.2(3l)'},
  {min_ver: '4.3(4a)', fix_ver: '4.3(4c)'}
];

var reporting = {
  'port'          : product_info['port'],
  'severity'      : SECURITY_HOLE,
  'version'       : product_info['version'],
  'bug_id'        : 'CSCwk79616, CSCwk78644, CSCwk62266, CSCwk62723',
  'disable_caveat': TRUE
};

cisco::check_and_report(
  product_info:product_info,
  reporting:reporting,
  vuln_ranges:vuln_ranges
);

06 May 2026 00:00Current

7.6High risk

Vulners AI Score7.6

CVSS 3.18.1

EPSS0.63835

SSVC