Ctrl + K
/ news / CVE
CVEPublished 2024-07-01Modified 2026-05-121 article on news7 live referencesNVD data

CVE-2024-6387Sonicwall · Sma_6200_firmware

Vulnerability data via NVD (ingested)

CVSS v3.1
8.1
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS percentile
98
Exploit Prediction Scoring System · top 2% of all CVEs
Weaknesses (CWE)
CWE-364Signal Handler Race ConditionCWE-362Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Description

A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.

Timeline
Published 2024-07-01
Modified 2026-05-12

External references

NVDMITREExploit-DBGitHub PoCSploitustrickest/cveVulnCheck

Search for exposed instances

Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).

Shodan · vuln tag696,309 hosts
vuln:CVE-2024-6387
Hosts Shodan has explicitly fingerprinted as vulnerable.
Shodan · OS
os:"Sma 6200 Firmware"
Hosts Shodan identified as running Sma 6200 Firmware.
More intel sources (5)
Shodan report
vuln:CVE-2024-6387
Country / ASN / product breakdown for the vuln query.
Censys
vulnerabilities.cve_id: CVE-2024-6387
Censys host search filtered to this CVE id.
grep.app
CVE-2024-6387
Public source-code mentions — fast PoC discovery.
GitHub code
CVE-2024-6387
GitHub code search for direct mentions.
Google dork
"CVE-2024-6387" exploit -site:nvd.nist.gov
Write-ups and news, NVD excluded.

Known PoCs on GitHub (8)

CVE-2024-63878 repos
imthenachoman/How-To-Secure-A-Linux-Serverunknown
An evolving how-to guide for securing a Linux server.
★ 27,999·updated 3mo ago
0xor0ne/awesome-listunknown
Cybersecurity oriented awesome list
★ 3,808·updated 2d ago
0xMarcio/cvePython
Latest CVEs with their Proof of Concept exploits.
★ 1,319·updated today
GhostTroops/TOPShell
TOP All bugbounty pentesting CVE-2023- POC Exp RCE example payload Things
★ 732·updated today
Ostorlab/KEVunknown
Ostorlab KEV: One-command to detect most remotely known exploitable vulnerabilities. Sourced from CISA KEV, Google's Tsunami, Ostorlab's Asteroid and Bug Bounty programs.
★ 612·updated 3mo ago
beac0n/rurocoRust
Ruroco is a tool that lets you execute commands on a server by sending UDP packets. The commands are configured on the server side, so the client does not define what is going to b…
★ 555·updated 1d ago
xaitax/CVE-2024-6387_CheckPython
CVE-2024-6387_Check is a lightweight, efficient tool designed to identify servers running vulnerable versions of OpenSSH
★ 523·updated 3w ago
Karmakstylez/CVE-2024-6387Python
Remote Unauthenticated Code Execution Vulnerability in OpenSSH server (CVE-2024-6387)
★ 181·updated 1y ago
Articles on news mentioning CVE-2024-6387