CVE-2023-48795 Report - Details, Severity, & Advisories
Twingate Team
•
Jan 11, 2024
CVE-2023-48795 is a medium-severity vulnerability affecting the SSH transport protocol with certain OpenSSH extensions and a wide range of systems and software. This vulnerability, also known as the Terrapin attack, allows remote attackers to bypass integrity checks and potentially downgrade or disable security features in a connection. It impacts widely adopted SSH implementations, including those using ChaCha20-Poly1305 and Encrypt-then-MAC algorithms.
How do I know if I'm affected?
If you're using software like OpenSSH, PuTTY, FileZilla, or Microsoft PowerShell, you might be affected by the vulnerability. This issue can potentially downgrade or disable security features in your connection. To know if you're affected, check if you're using vulnerable versions such as OpenSSH before 9.6, PuTTY before 0.80, FileZilla before 3.66.4, or Microsoft PowerShell up to 11.1.0. Keep in mind that many other software products may also be affected.
What should I do if I'm affected?
If you're affected by the vulnerability, take these steps: 1) Implement the "strict kex" mechanism in your SSH implementation, 2) Temporarily disable affected algorithms and use alternatives like AES-GCM, and 3) Stay updated with patches and fixes from SSH implementations. Make sure both the client and server support the countermeasure for it to be effective.
Is it in CISA’s Known Exploited Vulnerabilities Catalog?
The vulnerability, also known as the Terrapin attack, is not listed in CISA's Known Exploited Vulnerabilities Catalog. This issue affects the SSH transport protocol with certain OpenSSH extensions and can potentially downgrade or disable security features in a connection. To address this vulnerability, it's recommended to implement the "strict kex" mechanism in your SSH implementation and stay updated with patches and fixes from affected software.
Weakness enumeration
The weakness enumeration for this vulnerability is categorized as CWE-354, which affects SSH protocols, and allows attackers to bypass integrity checks.
For more details
CVE-2023-48795, a medium-severity vulnerability affecting SSH transport protocols, can potentially downgrade or disable security features in a connection. Implementing the "strict kex" countermeasure in various SSH implementations can help mitigate this issue. For a comprehensive understanding of the vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or the links below.
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
CVE-2023-48795 Report - Details, Severity, & Advisories
Twingate Team
•
Jan 11, 2024
CVE-2023-48795 is a medium-severity vulnerability affecting the SSH transport protocol with certain OpenSSH extensions and a wide range of systems and software. This vulnerability, also known as the Terrapin attack, allows remote attackers to bypass integrity checks and potentially downgrade or disable security features in a connection. It impacts widely adopted SSH implementations, including those using ChaCha20-Poly1305 and Encrypt-then-MAC algorithms.
How do I know if I'm affected?
If you're using software like OpenSSH, PuTTY, FileZilla, or Microsoft PowerShell, you might be affected by the vulnerability. This issue can potentially downgrade or disable security features in your connection. To know if you're affected, check if you're using vulnerable versions such as OpenSSH before 9.6, PuTTY before 0.80, FileZilla before 3.66.4, or Microsoft PowerShell up to 11.1.0. Keep in mind that many other software products may also be affected.
What should I do if I'm affected?
If you're affected by the vulnerability, take these steps: 1) Implement the "strict kex" mechanism in your SSH implementation, 2) Temporarily disable affected algorithms and use alternatives like AES-GCM, and 3) Stay updated with patches and fixes from SSH implementations. Make sure both the client and server support the countermeasure for it to be effective.
Is it in CISA’s Known Exploited Vulnerabilities Catalog?
The vulnerability, also known as the Terrapin attack, is not listed in CISA's Known Exploited Vulnerabilities Catalog. This issue affects the SSH transport protocol with certain OpenSSH extensions and can potentially downgrade or disable security features in a connection. To address this vulnerability, it's recommended to implement the "strict kex" mechanism in your SSH implementation and stay updated with patches and fixes from affected software.
Weakness enumeration
The weakness enumeration for this vulnerability is categorized as CWE-354, which affects SSH protocols, and allows attackers to bypass integrity checks.
For more details
CVE-2023-48795, a medium-severity vulnerability affecting SSH transport protocols, can potentially downgrade or disable security features in a connection. Implementing the "strict kex" countermeasure in various SSH implementations can help mitigate this issue. For a comprehensive understanding of the vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or the links below.
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
CVE-2023-48795 Report - Details, Severity, & Advisories
Twingate Team
•
Jan 11, 2024
CVE-2023-48795 is a medium-severity vulnerability affecting the SSH transport protocol with certain OpenSSH extensions and a wide range of systems and software. This vulnerability, also known as the Terrapin attack, allows remote attackers to bypass integrity checks and potentially downgrade or disable security features in a connection. It impacts widely adopted SSH implementations, including those using ChaCha20-Poly1305 and Encrypt-then-MAC algorithms.
How do I know if I'm affected?
If you're using software like OpenSSH, PuTTY, FileZilla, or Microsoft PowerShell, you might be affected by the vulnerability. This issue can potentially downgrade or disable security features in your connection. To know if you're affected, check if you're using vulnerable versions such as OpenSSH before 9.6, PuTTY before 0.80, FileZilla before 3.66.4, or Microsoft PowerShell up to 11.1.0. Keep in mind that many other software products may also be affected.
What should I do if I'm affected?
If you're affected by the vulnerability, take these steps: 1) Implement the "strict kex" mechanism in your SSH implementation, 2) Temporarily disable affected algorithms and use alternatives like AES-GCM, and 3) Stay updated with patches and fixes from SSH implementations. Make sure both the client and server support the countermeasure for it to be effective.
Is it in CISA’s Known Exploited Vulnerabilities Catalog?
The vulnerability, also known as the Terrapin attack, is not listed in CISA's Known Exploited Vulnerabilities Catalog. This issue affects the SSH transport protocol with certain OpenSSH extensions and can potentially downgrade or disable security features in a connection. To address this vulnerability, it's recommended to implement the "strict kex" mechanism in your SSH implementation and stay updated with patches and fixes from affected software.
Weakness enumeration
The weakness enumeration for this vulnerability is categorized as CWE-354, which affects SSH protocols, and allows attackers to bypass integrity checks.
For more details
CVE-2023-48795, a medium-severity vulnerability affecting SSH transport protocols, can potentially downgrade or disable security features in a connection. Implementing the "strict kex" countermeasure in various SSH implementations can help mitigate this issue. For a comprehensive understanding of the vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or the links below.