SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795

Question

in recent scanning, we received "SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795)" vulnerability on port 22. 
 
 just use this command in nmap "nmap -sV -p 22 --script ssh2-enum-algos 192.168.xxx.xxx" 
 if it shows "chacha20-poly1305@openssh.com" or any this with "-etm" then it will enables the Terrapin Attack. 
 i had latest firmware version SFOS 20.0.0 GA-Build222. 
 will it get patch or need to do anything manually. 
 
 .

SPandya · Accepted Answer

Hi Manoj, 
 This issue is being tracked via internal ticket number NC-132862, you may request prefix via sophos support - if needed.

LuCar Toni · Answer

While it is true, this is currently an open situation in SFOS, it is highly unlikely to be exploited in the network. 
 See: https://terrapin-attack.com/ 
 See: https://nvd.nist.gov/vuln/detail/CVE-2023-48795 
 You would have a SSH connection open to the firewall and someone does a man in the middle in your network. 
 Unlikely in a open network and going from WAN, having such an attacker in the own network, doing man in the middle and then capturing your SSH session is unlikely.

Vivek Jagad · Answer

Hi Manoj Pathak , Thank you for reaching out to the community, additionally to what SPandya informed NC-132862 , it is planned to be fixed in v20.0.2 MR-2 .

SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795

Top Replies