BugZero | Hewlett Packard Enterprise BugID a00147388en_us - HP-UX SecureShell A.09.03.007

BugZero | Hewlett Packard Enterprise BugID a00147388en_us - HP-UX SecureShell A.09.03.007 - RegreSSHion/CVE-20...

Hewlett Packard Enterprise - Defect ID: a00147388en_us

HP-UX SecureShell A.09.03.007 - RegreSSHion/CVE-2024-6387 Fix Is Included but Is Not Reflected by the sshd Banner on an HPE Integrity Server

Hewlett Packard Enterprise - Defect ID: a00147388en_us

HP-UX SecureShell A.09.03.007 - RegreSSHion/CVE-2024-6387 Fix Is Included but Is Not Reflected by the sshd Banner on an HPE Integrity Server

Last updated on April 7th, 2025

BugZero Risk Score
5.9 Medium

Overall: 5.9

Severity: 6.4

Community: 5.5

What is the BugZero Risk Score?

Hewlett Packard Enterprise Integration

Learn more about where this data comes from

Hewlett Packard Enterprise Integration

Learn more

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

Learn more

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise

Learn more

Bug Details

Priority: Medium
Views: 1

Description

Summary

HPUX Secure Shell A.09.03.007 is based on portable openssh 9.3p2, which delivers the fix for CVE-2024-6387 as indicated in Security BulletinHPESBUX04725 rev.1 - Unauthenticated Remote Code Execution vulnerability in HP-UX Secure Shell (RegreSSHion). The banner, however, indicates 9.3p1 (rather than 9.3p2) as shown below, causing remote vulnerability scanners to identify it as vulnerable.# swlist SecureShell...# SecureShell A.09.30.007 HP-UX Secure Shell SecureShell.Secure_Shell A.09.30.007 HP-UX Secure Shell# telnet localhost 22Trying...Connected to 127.0.0.1.Escape character is '^]'.SSH-2.0-OpenSSH_9.3p1+sftpfilecontrol-v1.3-hpn14v20

Scope

Any HPE Integrity server with SecureShell A.09.30.00[3-7] HP-UX Secure Shell.

Resolution

An unofficial fix is available as HP_UX_11i_v3_SecureShell_A.09.30.009_UNOF.depot and is targeted to be included in the next SecureShell release. Contact HPE customer support and refer to a00147241.Contact your localcountry HPE Customer Supportor log a case via theHPE Support Center

Affected OS

Operating Systems Affected:Not Applicable

Change history

2025-04-07 Added: HP-UX 11i Secure Shell Software

Top Hewlett Packard Enterprise Defects

8.3Defect ID: a00156336en_us
HPE NVMe E3.S SSDs - Certain SSDs From Certain Option Kits May Fail After Being Updated to Drive Firmware Version HPK3
8.0Defect ID: a00156823en_us
HPE NVMe E3.S SSDs - HPE Synergy Service Pack (SSP) 2025.10.01 and SSP 2026.01.01 Releases May Cause SSDs Issues and Will be Re-Released
8.0Defect ID: a00144835en_us
HPE Multiple Platform Servers - Detecting Uncorrectable Memory Errors with 4th Gen and 5th Gen Intel Processors When Using Single And Multi-Ranked DIMMs and With Package C6 Enabled
8.0Defect ID: a00156058en_us
HPE NVMe SSDs - Direct-Attached NVMe Drives Using a UBM6 Backplane May Randomly Disappear as "Removed" and Reappear as "Inserted" in the HPE Integrated Management Log
7.7Defect ID: a00157221en_us
HPE M-Series Switches with NVIDIA Cumulus Linux - When One Switch in a Multi-Chassis Link Aggregation Group (MLAG) is Rebooted, Interfaces (Not Members) of the MLAG Temporarily Drop Traffic

Ready to prevent the next vendor outage?

Get a demo

Hewlett Packard Enterprise - Defect ID: a00147388en_us

HP-UX SecureShell A.09.03.007 - RegreSSHion/CVE-2024-6387 Fix Is Included but Is Not Reflected by the sshd Banner on an HPE Integrity Server

Hewlett Packard Enterprise - Defect ID: a00147388en_us

HP-UX SecureShell A.09.03.007 - RegreSSHion/CVE-2024-6387 Fix Is Included but Is Not Reflected by the sshd Banner on an HPE Integrity Server

Last updated on April 7th, 2025

BugZero Risk Score5.9 Medium

Bug Details

Summary

Scope

Resolution

Affected OS

Links

Top Hewlett Packard Enterprise Defects

Ready to prevent the next vendor outage?

BugZero Risk Score
5.9 Medium