Jul 8, 2024 2 min read

Mercans’ Response to an Emerging Threat: CVE-2024-6387

Recently, the disclosure of CVE-2024-6387 in OpenSSH highlighted a critical flaw enabling unauthenticated remote code execution with root privileges, posing severe risks to vulnerable systems. Despite these concerns, Mercans is pleased to confirm that our servers remain unaffected by this vulnerability.

Our vigilant security team promptly evaluated the situation, implementing proactive measures and continuous monitoring to maintain the robust security of our systems.

Understanding regreSSHion (CVE-2024-6387)

CVE-2024-6387, known as regreSSHion, is a critical vulnerability in OpenSSH allowing unauthenticated remote code execution (RCE) with root privileges on glibc-based Linux systems.

Discovered by Qualys Threat Research Unit (TRU), regreSSHion grants attackers full root access without user interaction, impacting default configurations of OpenSSH’s server (sshd).

This vulnerability represents the first major security issue in OpenSSH in nearly two decades, marking a regression of the previously patched CVE-2006-5051. This resurgence underscores the crucial necessity for thorough regression testing in software updates and highlights the persistent challenge of maintaining software security, initially appearing in OpenSSH 8.5p1 in October 2020.

Mercans’ Proactive Response & Commitment to Security

Our team of security experts, always on high alert, quickly assessed the situation. In response to CVE-2024-6387, our security team swiftly assessed and secured our systems – precautiously. Through proactive measures and continuous monitoring, we maintained robust protection against this threat.

We uphold stringent protocols and promptly address threats, fortifying our infrastructure against vulnerabilities. Our systems adhere to military-grade security standards and comply with GDPR, ISO 9001, SOC 1 & 2, and OWASP ASVS 3.0.

At Mercans, safeguarding our clients’ trust and data is paramount. We act swiftly and proactively, implementing security measures before potential threats emerge We extend our sincere thanks to our dedicated team for their steadfast commitment, enabling us to lead confidently in this critical arena.

For more details about this vulnerability, you can read the full report below:

Most viewed posts

View all posts

Avasant Selects Mercans as a Leader in Payroll Business Process Tra...

The meticulous research methodology employed by Avasant included analyzing publicly available information like SEC filings, annual reports, and executive interviews, along with engaging in discussions and market interactions.

Dec 22, 2023 4 min read

Global BPO Leader Infosys Selects Mercans’ Payroll Tech to Power i...

This partnership brings together Mercans' disruptive payroll tech and Infosys' consulting and BPO capabilities to create the most tech advanced and operationally resilient global payroll offering.

Sep 26, 2023 3 min read

Mercans: A Leader in Global Managed Payroll – ISG Provider Lens™ 2023

Payroll solutions and services study meticulously assessed 36 vendors across three distinct quadrants, and Mercans proudly emerged as a frontrunner.

Nov 9, 2023 2 min read