Thursday, March 28, 2024

CVE-2023-48795 Impact of Terrapin SSH Attack

CVE-2023-48795 describes a vulnerability in OpenSSH v9.5 and earlier. This vulnerability, also known as the "Terrapin attack", could allow an attacker to downgrade the security of an SSH connection by manipulating information transferred during the the connection's initial handshake/negotiation sequence. The attacker must have already gained access to the local network, and must be able to both intercept communications and assume the identity of both the recipient and the sender. The CVSS 3.x rating of "Medium" reflects the difficulty in successfully exploiting this vulnerability.

CVE-2023-48795 has since been resolved in OpenSSH v9.6. It's mitigation requires both client and server implementations to be upgraded to this fixed or later version. Additionally, this vulnerability can also be addressed by disabling use of the "ChaCha20-Poly1305" cipher in affected OpenSSH implementations. 

This vulnerbility affects all systems having the openssh installed "Linux and Windows".

For VMware products like NSX Managers, Edge Nodes running on Linux kernel(same as Linux) are also affected by this vulnerbility.

Workaround to fix this on NSX Appliances is remove the affected ciphers from SSH and SSHD config files.

Login to NSX appliances(Managers & Edge nodes) via putty and switch to "root" account.

root@nsxmgr001:~# vi /etc/ssh/ssh_config 

root@nsxmgr001:~# vi /etc/ssh/sshd_config 

and remove the below ciphers from both of these files and save & exit.

# Cipher and MAC algorithms

chacha20-poly1305@openssh.com

hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com

Restart the ssh service then--

root@nsxmgr001:~# /etc/init.d/ssh restart

After removing the vulnerable ciphers & MAC Algorithms, both config files will looks like below:



Plz Note: There is no offically update on this vulnerability from VMware side as of now, so do it own risk.


Refer below documentation for more info.

https://learn.microsoft.com/en-us/answers/questions/1525235/need-solution-to-terrapin-vulnerability-cve-2023-4

https://nvd.nist.gov/vuln/detail/CVE-2023-48795

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795

-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Edge node vmid not found on NSX manager

  Hello There, Recently , we faced an issue in our NSX-T envrironment running with 3.2.x version. We saw below error message while running t...