CVE-2024-6387 OpenSSH Vulnerability
Applies to
- Active IQ Unified Manager for VMware vSphere
- E-Series SANtricity OS Controller Software 11.x
- FAS/AFF Baseboard Management Controller (BMC) - 8300/8700/A400/C400
- FAS/AFF Baseboard Management Controller (BMC) - A250/500f/C250
- FAS/AFF Baseboard Management Controller (BMC) - A800/C800
- FAS/AFF Baseboard Management Controller (BMC) - A900/9500
- FAS/AFF Baseboard Management Controller (BMC) - C190/A150/A220/FAS2720/FAS2750
- FAS/AFF Baseboard Management Controller (BMC) - FAS2820
- ONTAP 9 (formerly Clustered Data ONTAP)
- ONTAP Select Deploy administration utility
- ONTAP tools for VMware vSphere 9
Issue
Multiple NetApp products incorporate OpenSSH. OpenSSH versions 8.5P1 prior to 9.8P1 are susceptible to a vulnerability referred to as regreSSHion which when successfully exploited could lead to disclosure of sensitive information, addition or modification of data, or Denial of Service (DoS).