Skip to main content

CVE-2024-6387 - OpenSSH RegreSSHion RCE

Download With Dependencies

This pack handles CVE-2024-6387 - OpenSSH RegreSSHion RCE

RegreSSHion Vulnerability (CVE-2024-6387)

On July 1, 2024, a critical signal handler race condition vulnerability was disclosed in OpenSSH servers (sshd) on glibc-based Linux systems. This vulnerability, known as RegreSSHion and tracked as CVE-2024-6387, can result in unauthenticated remote code execution (RCE) with root privileges. This vulnerability has been rated High severity (CVSS 8.1).

Impacted Versions

The vulnerability impacts the following OpenSSH server versions:

  • OpenSSH versions between 8.5p1 and 9.8p1
  • OpenSSH versions earlier than 4.4p1, if they have not been backport-patched against CVE-2006-5051 or patched against CVE-2008-4109

Unaffected Versions

The SSH features in PAN-OS are not affected by CVE-2024-6387.

This pack will provide you with a first response kit which includes:

  • Collect, Extract and Enrich Indicators
  • Threat Hunting using Cortex XDR - XQL and Prisma Cloud
  • Mitigations


Threat Brief: CVE-2024-6387 OpenSSH RegreSSHion Vulnerability .



Cortex XSOAR


CertificationRead more
Supported ByCortex
CreatedJuly 3, 2024
Last ReleaseJuly 3, 2024

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.