On July 01, 2024, OpenSSH disclosed a vulnerability in Portable OpenSSH versions between 8.5 and 9.7 that may allow arbitrary code execution with root privileges in default configurations. The vulnerability is named regreSSHion.
The CVE ID CVE-2024-6387 is assigned to this vulnerability and classified as Critical severity with a CVSS score of 8.1. For more information about the technical details of the vulnerability, refer to the official advisory.
| Product Ranges | Product | Impacted | Mitigated | Patch Status |
|---|---|---|---|---|
We do not see any sign of active exploitation of this vulnerability in our infrastructure or user environment. Cloud-provided compute engines already use the patched version of OpenSSH, so there is no risk to the cloud user environment.
IONOS Cloud has already started the patching process for the affected products and services. The patching status is complete for Compute Engine, is ongoing for Managed Kubernetes, and will be updated once completed.
Users using compute engines with affected distribution should patch as per the vendor security guidelines. No action is required from the users using the Managed Kubernetes environment.
If you have further questions or concerns about this vulnerability, contact IONOS Cloud Support.
Compute Services
Yes
Yes
Done
Containers
Yes
No
In Progress