Is PowerChute Network Shutdown VM affected by CVE-2024-6387?
Issue:
PowerChute Network Shutdown version 5.1 VM is affected by CVE-2024-6387 if the SSH service has been enabled.
NOTE: By default, SSH is not enabled on the PowerChute AlmaLinux VM.
Products:
PowerChute Network Shutdown v5.1
Environment:
PowerChute Network Shutdown v5.1 AlmaLinux VM on VMware ESXi when SSH has been enabled.
Cause:
OpenSSH v 8.0p1-24.el8.x86_64
Solution:
Upgrade OpenSSH or disable the SSH service. Recommended to upgrade OpenSSH.
To upgrade OpenSSH, log into the PowerChute VM as root and run the command
dnf --refresh upgrade openssh
To verify OpenSSH has upgraded, run the command
rpm -q openssh
For more information on CVE-2024-6387 go to the link below.
https://almalinux.org/blog/2024-07-01-almalinux-9-cve-2024-6387/
PowerChute Network Shutdown version 5.1 VM is affected by CVE-2024-6387 if the SSH service has been enabled.
NOTE: By default, SSH is not enabled on the PowerChute AlmaLinux VM.
Products:
PowerChute Network Shutdown v5.1
Environment:
PowerChute Network Shutdown v5.1 AlmaLinux VM on VMware ESXi when SSH has been enabled.
Cause:
OpenSSH v 8.0p1-24.el8.x86_64
Solution:
Upgrade OpenSSH or disable the SSH service. Recommended to upgrade OpenSSH.
To upgrade OpenSSH, log into the PowerChute VM as root and run the command
dnf --refresh upgrade openssh
To verify OpenSSH has upgraded, run the command
rpm -q openssh
For more information on CVE-2024-6387 go to the link below.
https://almalinux.org/blog/2024-07-01-almalinux-9-cve-2024-6387/
Released for: Schneider Electric Canada
