BugZero | Hewlett Packard Enterprise BugID a00147388en_us - HP-UX SecureShell A.09.03.007

BugZero | Hewlett Packard Enterprise BugID a00147388en_us - HP-UX SecureShell A.09.03.007 - RegreSSHion/CVE-20...

Hewlett Packard Enterprise - Defect ID: a00147388en_us

HP-UX SecureShell A.09.03.007 - RegreSSHion/CVE-2024-6387 Fix Is Included but Is Not Reflected by the sshd Banner on an HPE Integrity Server

Hewlett Packard Enterprise - Defect ID: a00147388en_us

HP-UX SecureShell A.09.03.007 - RegreSSHion/CVE-2024-6387 Fix Is Included but Is Not Reflected by the sshd Banner on an HPE Integrity Server

Last updated on April 7th, 2025

BugZero Risk Score
5.9 Medium

Overall: 5.9

Severity: 6.4

Community: 5.5

What is the BugZero Risk Score?

Hewlett Packard Enterprise Integration

Learn more about where this data comes from

Hewlett Packard Enterprise Integration

Learn more

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

Learn more

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise

Learn more

Bug Details

Priority: Medium
Views: 1

Description

Summary

HPUX Secure Shell A.09.03.007 is based on portable openssh 9.3p2, which delivers the fix for CVE-2024-6387 as indicated in Security BulletinHPESBUX04725 rev.1 - Unauthenticated Remote Code Execution vulnerability in HP-UX Secure Shell (RegreSSHion). The banner, however, indicates 9.3p1 (rather than 9.3p2) as shown below, causing remote vulnerability scanners to identify it as vulnerable.# swlist SecureShell...# SecureShell A.09.30.007 HP-UX Secure Shell SecureShell.Secure_Shell A.09.30.007 HP-UX Secure Shell# telnet localhost 22Trying...Connected to 127.0.0.1.Escape character is '^]'.SSH-2.0-OpenSSH_9.3p1+sftpfilecontrol-v1.3-hpn14v20

Scope

Any HPE Integrity server with SecureShell A.09.30.00[3-7] HP-UX Secure Shell.

Resolution

An unofficial fix is available as HP_UX_11i_v3_SecureShell_A.09.30.009_UNOF.depot and is targeted to be included in the next SecureShell release. Contact HPE customer support and refer to a00147241.Contact your localcountry HPE Customer Supportor log a case via theHPE Support Center

Affected OS

Operating Systems Affected:Not Applicable

Change history

2025-04-07 Added: HP-UX 11i Secure Shell Software

Top Hewlett Packard Enterprise Defects

8.0Defect ID: a00154389en_us
HPE Alletra Storage MP B10000 - Active Peer Persistence RemoteCopy Configuration May Incur a Service Disruption When Removing the Last Host from a Hostset
8.0Defect ID: a00155705en_us
HPE B-Series Fibre Channel Switches - A Physical Link Issue From Faulty Infrastructure Affects SN6600B, SN6650B, SN8600B, and SN8700B Switches, Causing An Unrecoverable Switch Failure With FOS 9.2.x, 9.2.1x, 9.2.2x, or 10.0.0x
7.5Defect ID: cr00000135en_us
ADVISORY- Fabric agent does not correctly handle new PCP to traffic class mappings causing PTL and buffer overflows
7.5Defect ID: a00156013en_us
HPE OneView for Synergy - Upgrades to HPE OneView Version 11.0 May Succeed but Leave OneView Inaccessible for Some Synergy Cluster Environments
7.5Defect ID: a00045812en_us
HPE Synergy - Synergy 480 Gen10 and Synergy 660 Gen10 Compute Modules in an HPE Synergy Frame 12000 With Certain Configurations Will Unexpectedly Power Down

Ready to prevent the next vendor outage?

Get a demo

Hewlett Packard Enterprise - Defect ID: a00147388en_us

HP-UX SecureShell A.09.03.007 - RegreSSHion/CVE-2024-6387 Fix Is Included but Is Not Reflected by the sshd Banner on an HPE Integrity Server

Hewlett Packard Enterprise - Defect ID: a00147388en_us

HP-UX SecureShell A.09.03.007 - RegreSSHion/CVE-2024-6387 Fix Is Included but Is Not Reflected by the sshd Banner on an HPE Integrity Server

Last updated on April 7th, 2025

BugZero Risk Score5.9 Medium

Bug Details

Summary

Scope

Resolution

Affected OS

Links

Top Hewlett Packard Enterprise Defects

Ready to prevent the next vendor outage?

BugZero Risk Score
5.9 Medium