Service Bulletins Detail


Statement About OpenSSH Remote Code Execution Vulnerability (CVE-2024-6387) On Products Of Wireless


Original Release Date: September 6, 2024 Vulnerability ID CVE ID: CVE-2024-6387 CVSS 3.1 Base Score 8.1 High（AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H） Description OpenSSH is a secure network utility based on the SSH protocol. It provides powerful encryption functions to ensure privacy and secure file transmission, and becomes a necessary tool for remote server management and secure data communication. This vulnerability is caused by the competition problem of the signal processor in the (sshd) of the OpenSSH server. An unauthenticated attacker can use this vulnerability to execute arbitrary code as the root. OpenSSH components within the scope of 8.5p1<= OpenSSH <9.8p1 are all affected. Affected Products and Fixes ZTE's DI products, base station controllers and network management products, digital microwave transmission system products, and core network products are all affected.Each product has provided the workaround to mitigate the impact of vulnerabilities. Official fixed versions will be released in Q3 2024.If you have any questions, please contact ZTE Global Customer Support Center for further support. Update Records September 6, 2024, initial. Version Update Method Please contact ZTE Global Customer Support Center to obtain the upgraded version. Global Customer Support Center http://support.zte.com.cn/support/web/Contact.aspx?_langType=en ZTE PSIRT https://www.zte.com.cn/global/cybersecurity/ztepsirt.html

Statement About OpenSSH Remote Code Execution Vulnerability (CVE-2024-6387) On Products Of Wireless

Original Release Date: September 6, 2024

Vulnerability ID

CVE ID: CVE-2024-6387

CVSS 3.1 Base Score

8.1 High（AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H）

Description

OpenSSH is a secure network utility based on the SSH protocol. It provides powerful encryption functions to ensure privacy and secure file transmission, and becomes a necessary tool for remote server management and secure data communication. This vulnerability is caused by the competition problem of the signal processor in the (sshd) of the OpenSSH server. An unauthenticated attacker can use this vulnerability to execute arbitrary code as the root. OpenSSH components within the scope of 8.5p1<= OpenSSH <9.8p1 are all affected.

Affected Products and Fixes

ZTE's DI products, base station controllers and network management products, digital microwave transmission system products, and core network products are all affected.Each product has provided the workaround to mitigate the impact of vulnerabilities. Official fixed versions will be released in Q3 2024.If you have any questions, please contact ZTE Global Customer Support Center for further support.

Update Records

September 6, 2024, initial.

Version Update Method

Please contact ZTE Global Customer Support Center to obtain the upgraded version.

Global Customer Support Center

http://support.zte.com.cn/support/web/Contact.aspx?_langType=en

ZTE PSIRT

https://www.zte.com.cn/global/cybersecurity/ztepsirt.html