SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795

Hi,

while the attack potential is not good, you shouldn't have port 22 open to the internet.

Ian

you are right, i already disabled port 22 as well as 443 over internet.

but it doesnt means the problem is solved. because it is still exposed to all the system in network. 

While it is true, this is currently an open situation in SFOS, it is highly unlikely to be exploited in the network.

See: https://terrapin-attack.com/

See: https://nvd.nist.gov/vuln/detail/CVE-2023-48795

You would have a SSH connection open to the firewall and someone does a man in the middle in your network.

Unlikely in a open network and going from WAN, having such an attacker in the own network, doing man in the middle and then capturing your SSH session is unlikely. 

Hi Manoj,

This issue is being tracked via internal ticket number NC-132862, you may request prefix via sophos support - if needed. 

Hi Manoj Pathak ,

Thank you for reaching out to the community, additionally to what SPandya  informed NC-132862, it is planned to be fixed in v20.0.2 MR-2.

hope  v20.0.2 MR-2 will get release soon. also kindly inform to your developer team that atleast  v20.0.2 MR-2 will not create any issue to update firmware to firewall. as version SFOS 20.0.0 GA-Build222 cause issue for update due to DHCP and to get update this firmware we have to disable the DHCP in firewall.

if possible can you provide any approx. date for the release of  v20.0.2 MR-2 firmware.

Thank you for the feedback unfortunately, as of now we do not have any tentative date to provide...
The DHCP issue affected on SFOS 20.0.0 GA-Build222, is still under investigation -  NC-132875.