Versions (3)
Version DetailsCurrent
Rev: 2 • Jul 1, 2024, 12:00 PMET INFO Server Responded with Vulnerable OpenSSH Version (CVE-2024-6387)
alert ssh any any -> [$HOME_NET,$HTTP_SERVERS] any (msg:"ET INFO Server Responded with Vulnerable OpenSSH Version (CVE-2024-6387)"; flow:established,to_client; content:"SSH-"; startswith; content:"-OpenSSH_"; fast_pattern; pcre:"/^(?:[123]|4\.(?:[0123](?:p\d)?|4[^p])|8\.(?:[6789](?:p\d)?|5(?:p[^1])?)|9\.(?:[01234567](?:p\d)?|8[^p]))(?:\.\d)*(?:\d|p\d)*/R"; reference:cve,2024-6387; reference:url,blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server; classtype:successful-recon-largescale; sid:2054218; rev:2; metadata:attack_target Client_and_Server, created_at 2024_07_01, cve CVE_2024_6387, deployment Perimeter, deployment Internal, former_category EXPLOIT, performance_impact Significant, confidence High, signature_severity Informational, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_07_02, former_sid 2857461, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application; target:dest_ip;)
Jul 1, 2024, 12:00 PM
Jul 2, 2024, 12:00 PM
Sep 21, 2024, 3:00 AM
Aug 11, 2025, 10:35 PM
rules/emerging-info.rules