paradessia/CVE-2024-6387-nmap

CVE-2024-6387-nmap

OpenSSH Vulnerability Checker Nmap Script

Description

The openssh-vuln-checker.nse script checks if a server is running a vulnerable version of OpenSSH(CVE-2024-6387). It connects to the SSH port, retrieves the SSH banner, and compares it against a list of known vulnerable versions.

Vulnerable Versions

The script checks for the following vulnerable versions of OpenSSH:

• SSH-2.0-OpenSSH_8.5p1
• SSH-2.0-OpenSSH_8.6p1
• SSH-2.0-OpenSSH_8.7p1
• SSH-2.0-OpenSSH_8.8p1
• SSH-2.0-OpenSSH_8.9p1
• SSH-2.0-OpenSSH_9.0p1
• SSH-2.0-OpenSSH_9.1p1
• SSH-2.0-OpenSSH_9.2p1
• SSH-2.0-OpenSSH_9.3p1
• SSH-2.0-OpenSSH_9.4p1
• SSH-2.0-OpenSSH_9.5p1
• SSH-2.0-OpenSSH_9.6p1
• SSH-2.0-OpenSSH_9.7p1

Reference

• https://ubuntu.com/security/CVE-2024-6387
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-6387

Usage

• nmap --script openssh-vuln-checker -p 22

Output

• PORT STATE SERVICE
• 22/tcp open ssh
• | openssh-vuln-checker:
• | Server at is running SSH-2.0-OpenSSH_ (vulnerable)
• |_ Server at is not vulnerable (running SSH-2.0-OpenSSH_)