CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
73.8%
High
Canonical Ubuntu
It was discovered that OpenSSH incorrectly handled signal management. A remote attacker could use this issue to bypass authentication and remotely access systems without proper credentials. Update Instructions: Run sudo pro fix USN-6859-1
to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openssh-client – 1:8.9p1-3ubuntu0.10 openssh-server – 1:8.9p1-3ubuntu0.10 openssh-sftp-server – 1:8.9p1-3ubuntu0.10 openssh-tests – 1:8.9p1-3ubuntu0.10 ssh – 1:8.9p1-3ubuntu0.10 ssh-askpass-gnome – 1:8.9p1-3ubuntu0.10 No subscription required
CVEs contained in this USN include: CVE-2024-6387.
Severity is high unless otherwise noted.
Users of affected products are strongly encouraged to follow the mitigations below.
The Cloud Foundry project recommends upgrading the following releases:
2024-07-25: Initial vulnerability report published.
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
73.8%