Query Details

CVE 2024 6387 Regresshion Identify Affected Endpoints

Query

DeviceTvmSoftwareInventory
| where SoftwareName has "openssh"
| extend OpenSSHVersion = extract(@"(\d+\.\d+)(?:p\d+)?", 1, SoftwareVersion)
| extend OpenSSHVersion = toreal(OpenSSHVersion)
| where OpenSSHVersion between (8.5 .. 9.8) or OpenSSHVersion < 4.4
| distinct DeviceId, DeviceName, OpenSSHVersion

About this query

CVE-2024-6387 regreSSHion identify affected endpoints

Description

This query will help identify endpoints with OpenSSH of an affected version by the regreSSHion vulnerability.

References

Microsoft XDR & Microsoft Sentinel

MITRE ATT&CK Mapping

Source

Versioning

VersionDateComments
1.004/07/2024Initial publish

Explanation

This query helps find endpoints with a vulnerable version of OpenSSH due to the regreSSHion vulnerability. It looks for OpenSSH versions between 8.5 and 9.8, or versions below 4.4. The goal is to identify affected devices for further action.

Details

Michalis Michalos profile picture

Michalis Michalos

Released: July 4, 2024

Tables

DeviceTvmSoftwareInventory

Keywords

DeviceTvmSoftwareInventorySoftwareNameopensshSoftwareVersionOpenSSHVersionDeviceIdDeviceName

Operators

DeviceTvmSoftwareInventorywhereextendextracttorealbetweenordistinct

MITRE Techniques

Actions

GitHub