From 3cda62a31f9c2bf59a90fac617a9afe48d49799e Mon Sep 17 00:00:00 2001
From: Sumanth Vankineni <sumanth.vankineni@gmail.com>
Date: Wed, 10 Jul 2024 02:36:19 -0700
Subject: [PATCH] Fixed issues for CVE-2023-33246

---
 network/cves/2024/CVE-2024-6387.yaml | 38 ++++++++++++++++++++++++++++
 1 file changed, 38 insertions(+)
 create mode 100644 network/cves/2024/CVE-2024-6387.yaml

diff --git a/network/cves/2024/CVE-2024-6387.yaml b/network/cves/2024/CVE-2024-6387.yaml
new file mode 100644
index 0000000000..0cbf0d8738
--- /dev/null
+++ b/network/cves/2024/CVE-2024-6387.yaml
@@ -0,0 +1,38 @@
+id: CVE-2024-6387
+
+info:
+  name: regreSSHion - Vulnerable SSH Authentication
+  author: Sumanth Vankineni
+  severity: high
+  description: |
+    The CVE-2024-6387 describes a vulnerability in the SSH service where malformed authentication requests can lead to unauthorized access.
+  remediation: Update to the latest version of SSH to mitigate this vulnerability.
+  reference:
+    - https://example.com/cve-2024-6387
+    - https://nvd.nist.gov/vuln/detail/CVE-2024-6387
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 9.8
+    cve-id: CVE-2024-6387
+    cwe-id: CWE-287
+    epss-score: 0.05
+    epss-percentile: 0.95
+    cpe: cpe:2.3:a:ssh:ssh:8.5:*:*:*:*:*:*:*
+  metadata:
+    max-request: 1
+    vendor: ssh
+    product: ssh
+  tags: network,cve2024,cve,ssh,openssh,tcp
+
+tcp:
+  - host:
+      - "{{Hostname}}"
+    port: 22
+    inputs:
+      - data: "SSH-2.0-ExampleClientStaticTest"
+    matchers:
+      - type: regex
+        regex:
+          - "SSH-2\\.0-OpenSSH_8\\.[5-9]"
+          - "SSH-2\\.0-OpenSSH_9\\.[0-7]"
+        part: data