So I’d like to take a moment to discuss this regreSSHion bug that’s been making the rounds in the cybersecurity community. For those of you that aren’t aware, the assigned CVE is CVE-2024-6387.
In essence, this is a signal handler race condition in the OpenSSH server that potentially allows for unauthenticated remote code execution, which by nature poses a significant security risk assuming sshd is configured in its default state. With that said there’s great cause to be concerned.
It has been our observation up to this point that many of the blogs, video posts, etc. on this topic thus far have taken the position that the sky is falling and that you must disable SSH access to all impacted devices immediately until a patch is made available. Our position, however, is that context matters and let’s explore that further.
Indeed, the threat is real, and a potential bad actor can exploit any open SSH interfaces you may have exposed on your network. In a simple world this situation would pose a significant challenge. SSH is one of the most commonly used protocols to manage network infrastructure devices at the terminal level. By design, all console traffic is encrypted making it quite suitable for such purposes, but should we simply disable it until a patch is deployed?
The reality is that if you are employing a robust layered security strategy following all best practices with respect to your IT infrastructure, this may not be as big of a problem as some make it out to be. To simply suggest disabling it would likely cause more harm than good. Ideally, most of the devices are going to be infrastructure devices of one sort or another that regular users won’t be needing access to. With that theory in mind, a best practice would be to ensure these devices reside within an out of band network that only administrators are capable of accessing. Employing such a practiced by nature minimizes your attack surface greatly limiting the chances of an attempted exploit from happening to begin with.
With that said, it’s critical to apply patches to mitigate this vulnerability as soon as they become available highlighting the importance of patch management in your organization. If you’re managing your full risk profile however, you’ll have layers of protection which are capable of picking up the slack in the event of a one off situation such as regreSSHion.
Are you interested in learning more about cybersecurity threats that apply to your organization? Contact us now for your free, no obligation cybersecurity risk assessment.