What you need to know about CVE-2024-6387 and SFTP Gateway
In recent weeks, cybersecurity communities have been abuzz with discussions surrounding CVE-2024-6387, a critical vulnerability affecting OpenSSH. This vulnerability, which permits unauthenticated Remote Code Execution (RCE), has understandably sparked concerns among IT administrators and security professionals worldwide.
We’ve received several inquiries about whether CVE-2024-6387 affects SFTP Gateway. SFTP Gateway doesn’t use OpenSSH for public access to SFTP, and CVE-2024-6387 does not directly apply to SFTP Gateway.
However, down below, we’ll tell you how to make sure you have port 2222 locked down so that no one from the public can have access.
Understanding CVE-2024-6387 and Mitigating Risks
CVE-2024-6387 targets OpenSSH versions susceptible to a regression of a previously patched issue, potentially allowing malicious actors to exploit a signal handler race condition in the SSH server. This can lead to unauthorized remote code execution, posing significant risks to server integrity and data confidentiality.
The product architecture for SFTP Gateway ensures that public access to SFTP does not utilize OpenSSH. This deliberate design choice means that the CVE-2024-6387 vulnerability does not directly apply to our SFTP implementation. By using a distinct method for managing SFTP connections, we mitigate risks associated with vulnerabilities specific to OpenSSH.
Even though SFTP Gateway is not affected by CVE-2024-6387, there are still steps you can take to mitigate risk for your organization. OpenSSH is running on port 2222 for SFTP Gateway server maintenance.
Port 2222 should be locked down to only allow access by approved IP addresses for system admins. Make sure your security group rules are not granting public access to port 2222.
Check out this Knowledge Base article for more on what you can do to protect your servers from CVE-2024-6387.
About Thorn Technologies, SFTP Gateway and StorageLink
Thorn Technologies is disrupting the Managed File Transfer (MFT) industry by providing leaner, reliable, and cost-effective alternatives designed specifically for the cloud. Because Thorn Technologies’ products are deployed in a user’s private cloud environment, Thorn Technologies doesn’t touch customers’ data or their infrastructure.
Thorn Technologies offers two cloud file transfer products. SFTP Gateway lets you simply, securely, and affordably give SFTP users access to cloud storage locations like Amazon S3, Azure Blob, Google Cloud Storage, and Alibaba Object Storage Service (OSS). A second product from Thorn Technologies, StorageLink, allows users to access those same cloud storage locations using a drag-and-drop interface in a web browser.
