Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795

in recent scanning, we received "SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795)" vulnerability on port 22.

just use this command in nmap "nmap -sV -p 22 --script ssh2-enum-algos 192.168.xxx.xxx"

if it shows "chacha20-poly1305@openssh.com" or any this with "-etm" then it will enables the Terrapin Attack.

i had latest firmware version SFOS 20.0.0 GA-Build222.

will it get patch or need to do anything manually.

.



This thread was automatically locked due to age.
Parents
  • While it is true, this is currently an open situation in SFOS, it is highly unlikely to be exploited in the network.

    See: https://terrapin-attack.com/

    See: https://nvd.nist.gov/vuln/detail/CVE-2023-48795

    You would have a SSH connection open to the firewall and someone does a man in the middle in your network.

    Unlikely in a open network and going from WAN, having such an attacker in the own network, doing man in the middle and then capturing your SSH session is unlikely. 

    __________________________________________________________________________________________________________________

Reply
  • While it is true, this is currently an open situation in SFOS, it is highly unlikely to be exploited in the network.

    See: https://terrapin-attack.com/

    See: https://nvd.nist.gov/vuln/detail/CVE-2023-48795

    You would have a SSH connection open to the firewall and someone does a man in the middle in your network.

    Unlikely in a open network and going from WAN, having such an attacker in the own network, doing man in the middle and then capturing your SSH session is unlikely. 

    __________________________________________________________________________________________________________________

Children
No Data