Stay organized with collections
Save and categorize content based on your preferences.
The following describes all security bulletins related to
Google Distributed Cloud connected.
GCP-2024-040
Published: 2024-07-03
Description
Severity
Notes
Google Distributed Cloud connected ships with a version of OpenSSH
vulnerable to the RegreSSHion attack. However, Distributed Cloud connected
firewall configurations prevent external attacks against Distributed Cloud
connected deployments. SSH ports are only accessible from within Google networks and the
Distributed Cloud connected virtual networks. They are not accessible from
external local networks or the internet.
Google is working on an update to the OpenSSH server configuration that mitigates
this attack. This update will be deployed to every Distributed Cloud
connected installation as soon as Google successfully validates it. This update
will ignore all maintenance windows and maintenance exclusion windows. Your workloads
will not be disrupted by this update.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-07-11 UTC."],[[["A security bulletin, GCP-2024-040, was published on 2024-07-03 regarding Google Distributed Cloud connected."],["Google Distributed Cloud connected includes an OpenSSH version vulnerable to the RegreSSHion attack, identified as CVE-2024-6387."],["Firewall configurations prevent external attacks against Google Distributed Cloud connected deployments, as SSH ports are only accessible from within Google networks and the Distributed Cloud connected virtual networks."],["The vulnerability affects Distributed Cloud connected compute nodes (Dell servers), but not the ToR switches (Cisco)."],["Google is developing an update to the OpenSSH server configuration to address this issue, which will be deployed to all Distributed Cloud connected installations outside of any existing maintenance schedules."]]],[]]