OpenSSH Vulnerability (CVE-2024-6387)
Canon Medical Systems Security Advisory
Overview:
It was announced that there is security vulnerability that affects OpenSSH provided by the OpenBSD Project. OpenSSH is software for using the SSH protocol and is used as a tool for secure remote connections. SSH is an abbreviation for Secure Shell, which is a protocol for communicating with remote computers. All communication over the network, including the authentication part, is encrypted. OpenSSH has a race condition vulnerability (CVE-2024-6387) that could allow an attacker to execute arbitrary code if exploited.
REF: https://nvd.nist.gov/vuln/detail/CVE-2024-6387
Vulnerability Overview:
CVSS score (v3.1) is 8.1 (HIGH).
Affected versions are
- OpenSSH versions earlier than 4.4p1 unless they are patched for CVE-2006-5051 and CVE-2008-4109
- OpenSSH versions from 8.5p1 up to 9.7p1
Possible Affected Canon Medical Systems Products:
Canon Medical Systems Corporation is currently investigating whether there is any impact. At this time, there is no known impact to Canon Medical Imaging Products which are using the library. This security advisory will be updated as the investigation continues.
Resolution:
None
Due to medical device regulatory reasons, not all products/service displayed on this Canon Medical Systems global webpage are available in all countries, regions or markets. Future availability of the products/service cannot also be guaranteed. Please contact your local Canon Medical Systems representative for further details.
