Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM5BDCA82FE4A7210E9496A2B287BF72277E2915FA4740F31B3D8349EE3D8F6AC0
HistoryMay 14, 2024 - 3:04 p.m.

Security Bulletin: IBM DataPower Gateway vulnerable to "Terrapin" attack in OpenSSH (CVE-2023-48795)

2024-05-1415:04:31
www.ibm.com
13
mitm attack
openssh vulnerability
ibm datapower gateway
chacha20-poly1305
etm hmac
cve-2023-48795
firmware versions

6.9 Medium

AI Score

Confidence

High

0.962 High

EPSS

Percentile

99.5%

JSON

Summary

By manipulating sequence numbers during SSH connection setup, a MITM attacker can delete negotiation messages without causing a MAC failure. To mitigate this vulnerability, IBM has removed the chacha20-poly1305 cipher and all etm HMACs from the default set of algorithms offered,

Vulnerability Details

CVEID:CVE-2023-48795
**DESCRIPTION:**OpenSSH is vulnerable to a machine-in-the-middle attack, caused by a flaw in the extension negotiation process in the SSH transport protocol when used with certain OpenSSH extensions. A remote attacker could exploit this vulnerability to launch a machine-in-the-middle attack and strip an arbitrary number of messages after the initial key exchange, breaking SSH extension negotiation and downgrading the client connection security.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/275282 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM DataPower Gateway 10.5 CD 10.5.1-10.5.3
IBM DataPower Gateway 10.0.1 10.0.1.0-10.0.1.18
IBM DataPower Gateway 10.5.0 10.5.0.0-10.5.0.10

Remediation/Fixes

Affected Product Fixed in Version APAR
IBM DataPower Gateway 10.5CD 10.5.4 IT45668
IBM DataPower Gateway 10.5.0 10.5.0.11 IT45668
IBM DataPower Gateway 10.0.1 10.0.1.19 IT45668

Workarounds and Mitigations

The fix removes the Chacha20-poly1305 cipher and the etm HMAC algorithms from the default set, which avoids the vulnerability. Customers may perform this same mitigation on earlier firmware versions, and should also remove these algorithms from any SSH configuration already deployed.

If the affected cipher and or HMACs are required for interoperability, they can be listed at the end of the cipher and MAC lists, so that they will only be used if no stronger algorithms are supported by client and server.

Related

cbl_mariner 9
nessus 71
redhat 6
oraclelinux 5
debian 4
ubuntu 4
fedora 11
osv 14
mageia 5
openvas 46
alpinelinux 1
redos 2
freebsd 2
cloudfoundry 1
atlassian 1
ibm 4
almalinux 1
amazon 2
ubuntucve 1
github 1
veracode 2
cvelist 1
rosalinux 1
paloalto 1
prion 1
freebsd_advisory 1
f5 1
cbl_mariner
cbl_mariner
CVE-2023-48795 affecting package kubevirt for versions less than null
2024-01-10 08:19:37
CVE-2023-48795 affecting package libssh for versions less than 0.10.6-1
2024-01-14 22:46:30
CVE-2023-48795 affecting package moby-cli for versions less than 20.10.27-2
2024-01-19 03:54:24
nessus
nessus
Debian dla-3730 : python-asyncssh-doc - security update
2024-02-01 00:00:00
EulerOS 2.0 SP10 : libssh2 (EulerOS-SA-2024-1317)
2024-03-12 00:00:00
AlmaLinux 8 : libssh (ALSA-2024:0628)
2024-02-01 00:00:00
redhat
redhat
(RHSA-2024:1196) Moderate: Red Hat JBoss Enterprise Application Platform 7.4 security update
2024-03-06 17:50:02
(RHSA-2024:0499) Moderate: libssh security update
2024-01-25 15:19:29
(RHSA-2024:0625) Moderate: libssh security update
2024-01-31 08:08:23
oraclelinux
oraclelinux
openssh security update
2024-03-18 00:00:00
buildah security update
2024-03-07 00:00:00
openssh security update
2024-03-19 00:00:00
debian
debian
[SECURITY] [DSA 5600-1] php-phpseclib security update
2024-01-12 07:13:37
[SECURITY] [DLA 3718-1] php-phpseclib security update
2024-01-25 02:26:31
[SECURITY] [DSA 5599-1] phpseclib security update
2024-01-12 07:13:27
ubuntu
ubuntu
libssh2 vulnerability
2024-01-15 00:00:00
FileZilla vulnerability
2024-01-18 00:00:00
LXD vulnerability
2024-04-22 00:00:00
fedora
fedora
[SECURITY] Fedora 39 Update: putty-0.80-1.fc39
2024-01-11 01:17:14
[SECURITY] Fedora 38 Update: putty-0.80-1.fc38
2024-01-11 02:17:03
[SECURITY] Fedora 38 Update: podman-tui-0.15.0-1.fc38
2023-12-29 01:05:34
osv
osv
Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka Terrapin
2023-12-18 19:22:09
phpseclib - security update
2024-01-12 00:00:00
Man-in-the-middle attacker can compromise integrity of secure channel in golang.org/x/crypto
2023-12-18 21:18:26
mageia
mageia
Updated erlang packages fix a security vulnerability (Terrapin Attack)
2024-01-20 01:43:32
Updated putty package fixes a security vulnerability (Terrapin attack)
2024-01-08 13:12:44
Updated dropbear package fixes a security vulnerability
2024-01-08 22:01:05
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2024:0558-1)
2024-02-21 00:00:00
Fedora: Security Advisory for golang-x-crypto (FEDORA-2024-7b08207cdb)
2024-01-18 00:00:00
Dropbear Prefix Truncation Attacks in SSH Specification (Terrapin Attack)
2024-02-16 00:00:00
alpinelinux
alpinelinux
CVE-2023-48795
2023-12-18 16:15:10
redos
redos
ROS-20240408-15
2024-04-08 00:00:00
ROS-20240422-04
2024-04-22 00:00:00
freebsd
freebsd
jenkins -- Terrapin SSH vulnerability in Jenkins CLI client
2024-04-17 00:00:00
putty -- add protocol extension against 'Terrapin attack'
2023-10-16 00:00:00
cloudfoundry
cloudfoundry
USN-6561-1: libssh vulnerability | Cloud Foundry
2024-04-04 00:00:00
atlassian
atlassian
CVE-2023-48795 vulnerability on SSH
2024-01-04 17:19:13
ibm
ibm
Security Bulletin: OpenSSH vulnerability affects IBM WebSphere Adapter for FTP shipped with IBM Business Automation Workflow - CVE-2023-48795
2024-03-22 16:29:44
Security Bulletin: IBM Tivoli Netcool Impact is vulnerable to a machine-in-the-middle attack due to Apache MINA SSHD (CVE-2023-48795)
2024-04-04 17:46:46
Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to a machine-in-the-middle attack CVE-2023-48795
2024-03-11 14:52:33
almalinux
almalinux
Moderate: libssh security update
2024-01-31 00:00:00
amazon
amazon
Medium: openssh
2023-12-18 09:20:00
Medium: openssh
2023-12-18 09:20:00
ubuntucve
ubuntucve
CVE-2023-48795
2023-12-18 00:00:00
github
github
Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka Terrapin
2023-12-18 19:22:09
veracode
veracode
Rogue Session Attack (Terrapin)
2023-12-19 06:46:15
Prefix Truncation Attack (Terrapin Attack)
2023-12-19 09:12:16
cvelist
cvelist
CVE-2023-48795
2023-12-18 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2024-2382
2024-03-26 11:47:18
paloalto
paloalto
Impact of Terrapin SSH Attack
2024-01-09 01:30:00
prion
prion
Design/Logic Flaw
2023-12-18 16:15:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-23:19.openssh
2023-12-19 00:00:00
f5
f5
K000138264 : SSH vulnerability CVE-2023-48795
2024-01-17 00:00:00

6.9 Medium

AI Score

Confidence

High

0.962 High

EPSS

Percentile

99.5%

JSON
Related for 5BDCA82FE4A7210E9496A2B287BF72277E2915FA4740F31B3D8349EE3D8F6AC0
cbl_mariner9nessus71redhat6oraclelinux5debian4ubuntu4fedora11osv14mageia5openvas46alpinelinux1redos2freebsd2cloudfoundry1atlassian1ibm4almalinux1amazon2ubuntucve1github1veracode2cvelist1rosalinux1paloalto1prion1freebsd_advisory1f51