Broadcom Software Defined Edge Division response to CVE-2024-6387 - OpenSSH signal handler race condition vulnerability
search cancel

Broadcom Software Defined Edge Division response to CVE-2024-6387 - OpenSSH signal handler race condition vulnerability

book

Article ID: 372570

calendar_today

Updated On:

Products

VMware VeloCloud SD-WAN Edge Appliance VMware VeloCloud SD-WAN VMware SD-WAN by VeloCloud VMWare SD-WAN

Issue/Introduction

On Monday July 1st, 2024 details were published on CVE-2024-6387 - a signal handler race condition vulnerability in OpenSSH. The Broadcom Product Security and Incident Response Team (PSIRT) - Software Defined Edge Division (SDE) has evaluated this vulnerability and its impact on SDE products.

Environment

Broadcom PSIRT - VCFD has evaluated the vulnerability to be in the Important/High severity range with a CVSSv3.1 base score of 8.1 (Common Vulnerability Scoring System Version 3.1 Calculator).

  • The vulnerability has only been demonstrated to be exploitable on some 32-bit Linux operating systems in a controlled environment.

  • The vulnerability has not been demonstrated on any 64-bit operating system at the time of this publication.

  • Currently supported VMware Cloud Foundation product releases are 64-bit.

  • OpenSSH versions starting with 8.5p1 are impacted by this vulnerability.

 

Not Impacted (does not ship with vulnerable versions of OpenSSH):

  • Velocloud Orchestrator 5.0.x, 5.1.x, 5.2.x, 5.4.x

  • Velocloud Gateway 5.0.x, 5.1.x, 5.2.x, 5.4.x

  • TCA 3.1.1 / TCP 4.0.1

  • TCA 2.3 / TCP 3.0

Potentially Impacted (ships with vulnerable versions of OpenSSH, but are 64-bit):

  • Velocloud Orchestrator 6.0.X

  • Velocloud Gateway 6.0.x

  • Velocloud Edge 4.5.x, 5.0.x, 5.1.x, 5.2.x, 5.4.x, 6.0.x

  • TCS 3.2

 

Impacted (ships with vulnerable versions of OpenSSH and are 32-bit)

  • None

Resolution

Workaround / Resolution

The SDE Division continues to recommend that SSH should be secured by only allowing trusted source IPs in the Support Access section of the Edge firewall configuration tab. Please see product-specific documentation for more details.  Alternative workarounds are not recommended and may have functional impacts on a product if implemented without published instructions. If additional workarounds are tested and approved they will be mentioned in the 'Product Impact' section above.

Instances of Velocloud Orchestrator and Velocloud Gateway that are hosted by Broadcom have SSH ports restricted to a select set of systems and are not open to all.

 

Regardless of the exploitability of CVE-2024-6387; SDE products will consume versions of OpenSSH that are not potentially vulnerable to CVE-2024-6387 in previously scheduled future releases.

This is an ongoing event, please subscribe to receive updates when this article is updated.

Powered by Wolken Software