On July 1, 2024, the Qualys Threat Response Unit publicly disclosed a critical, unauthenticated remote code execution vulnerability affecting OpenSSH servers running on Linux systems utilizing the GNU C Library (glibc).
Visit our website to learn more.
As news of CVE-2024-6387 spreads, the cybersecurity landscape is abuzz with activity, prompting community safety groups to spring into action and fortify network defenses while application owners rush to deploy patches.
By leveraging Safe Workload’s capabilities, organisations can gain unparalleled insights into software workload visitor flows, effectively implementing microsegmentation strategies to drastically reduce attack surfaces and proactively mitigate the threat of ransomware by curtailing lateral movement.
Safe Workload can be utilized in various ways to provide visibility into impacted software workloads, enabling the implementation of effective segmentation strategies to minimize the risk of compromised workloads.
The vulnerability affects OpenSSH versions prior to 4.4p1, as well as those ranging from 8.5p1 up to and including 9.8p1, due to a regression of CVE-2006-5051 introduced in version 8.5p1.
By leveraging Safe Workload, users can effortlessly generate visitor flows based on any OpenSSH model, thereby enabling the rapid identification of impacted workloads and swift response. By applying these search attributes, we effortlessly identify relevant messages.
- Shopper SSH Model
- Supplier SSH Model
Navigate to Workloads > Brokers > Agent Listing and click on on the affected workloads. To locate the installed OpenSSH package, navigate to the Packages tab and apply a filter by searching for “openssh”. This will allow you to identify the currently installed OpenSSH bundle on your workload.
Immediately navigate to the Vulnerabilities tab, then swiftly conduct a search for the specific CVE ID 2024-6387 to identify any current vulnerabilities affecting the workload.
SKIP
When security threats emerge, three key strategies can be employed to contain the risk: microsegmentation of specific software workloads, organizational-wide auto-quarantine measures to proactively limit attack surfaces, and swift digital patching through Safe Firewall implementation.
- Microsegmentation insurance policies enable organizations to craft highly granular and customized allow-list security measures for specific software applications and workloads. Due to this requirement, only the necessary visitors will be granted access, thereby preventing any additional visitors that may arise from increased workload.
To ensure uninterrupted utility services during affected workload scenarios, organizations must implement robust insurance policies. These policies should include measures to detect potential threats, contain incidents, and swiftly restore service levels. This requires a multi-faceted approach that incorporates network segmentation, threat intelligence, and proactive incident response.
- To mitigate potential risks across the enterprise, consider implementing organization-wide security measures that proactively reduce exposure by isolating and containing workloads featuring outdated or vulnerable OpenSSH configurations, particularly those impacted by identified CVEs.
- If quarantining a workload poses significant disruptions to the group, particularly when dealing with business-critical or internet-exposed functions, a digital patch can be implemented with the support of Cisco’s Safe Firewall solution, allowing for secure protection of application workloads while maintaining connectivity and minimizing downtime.
Although internal pressures may impact operational efficiency, Safe Workload ensures continuous surveillance and irregularity identification, as substantiated by:
- Provides a comprehensive overview of the current runtime processes on the system’s workload. It additionally tracks and maps working processes to vulnerabilities, privilege escalation occasions, and forensic occasions which have built-in MITRE ATT&CK Strategies, Techniques, and Procedures.
- Safe Workload comes with 39 out-of-the-box MITRE ATT&CK guidelines to search for methods, ways, and procedures leveraged by adversaries. Customized forensic guidelines can be created to track specific course of actions, such as privilege escalation performed by processes. The system generates alerts that are shipped to the Safe Workload User Interface (UI) and Security Information and Event Management (SIEM) methods.
Share:
