How to mitigate CVE-2024-6387 in Kaspersky Anti Targeted Attack Platform
Latest update: July 15, 2024
ID: 16089
Show applications and versions that this article concerns
- Kaspersky Anti Targeted Attack Platform 6.1
- Kaspersky Anti Targeted Attack Platform 6.0
Issue
When deploying Kaspersky Anti Targeted Attack Platform on the Ubuntu Server 22.04.2 or 22.04.4 operating system, there is a risk that attackers will exploit the CVE-2024-6387 vulnerability (OpenSSH Remote Unauthenticated Code Execution Vulnerability (regreSSHion)) and gain remote access to the Central Node server over SSH as the superuser (root).
Solution
To ensure security, restrict SSH access to the Central Node server from an external network.
Change the value of the LoginGraceTime parameter in the application configuration file:
- Sign in to the management console of the server whose settings you want to change via the SSH protocol or through the terminal.
- Enter the administrator username and the password you have specified during the installation of the application.
- Select Technical Support Mode and press Enter on the keyboard.
- Select Yes and press Enter again.
- Open the file /etc/ssh/sshd_config.
- Search this file for the line containing the LoginGraceTime parameter and change the parameter value to 0.
LoginGraceTime 0If the line is commented out, uncomment it. If the line is absent, add it.
- Save and close the file.
- Run the command:
systemctl restart sshd.service
Setting the LoginGraceTime parameter to 0 reduces the risk of remote code execution, but makes the SSH service more vulnerable to DDoS attacks.
