Infoblox NIOS Terrapin Attack (000009589)

🗓️ 19 May 2025 00:00:00Reported by TenableType

Infoblox NIOS is vulnerable to Terrapin attack due to OpenSSH issues allowing connection downgrades.

Reporter	Title	Published	Views	Family All 1447
IBM Security Bulletins	Security Bulletin: IBM Tivoli Netcool Impact is vulnerable to a machine-in-the-middle attack due to Apache MINA SSHD (CVE-2023-48795)	4 Apr 202417:46	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to a machine-in-the-middle attack CVE-2023-48795	11 Mar 202414:52	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a machine-in-the-middle attack in OpenSSH [CVE-2023-48795]	29 Feb 202420:37	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Sterling B2B Integrator is affected by security vulnerability in OpenSSH	6 Feb 202520:51	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities affect IBM Data Virtualization on Cloud Pak for Data (March 2025)	27 Mar 202516:18	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities exists in IBM Netezza Analytics - NPS Product	15 Jul 202515:44	–	ibm
IBM Security Bulletins	Security Bulletin: z/Transaction Processing Facility is affected by a vulnerability in the Apache Mina SSHD package (CVE-2023-48795)	19 Feb 202516:00	–	ibm
IBM Security Bulletins	Security Bulletin: IBM i Access Client Solutions is vulnerable to a remote attacker bypassing integrity checks in Apache Mina SSHD Common (CVE-2023-48795)	19 Apr 202416:34	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Planning Analytics	11 Feb 202620:17	–	ibm
IBM Security Bulletins	Security Bulletin: This Power System update is being released to address CVE-2023-48795	25 Jun 202417:31	–	ibm

Source	Link
support	www.support.infoblox.com/s/article/000009589
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(236942);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/05/27");

  script_cve_id("CVE-2023-48795");

  script_name(english:"Infoblox NIOS Terrapin Attack (000009589)");

  script_set_attribute(attribute:"synopsis", value:
"An application installed on the remote host is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"The version of Infoblox NIOS installed on the remote host is affected by a vulnerability in OpenSSH. The SSH transport 
protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to 
bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and 
server may consequently end up with a connection for which some security features have been downgraded or disabled, aka 
a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, 
mishandles the handshake phase and mishandles use of sequence numbers. 

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://support.infoblox.com/s/article/000009589");
  script_set_attribute(attribute:"solution", value:
"See vendor advisory");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:N/I:C/A:N");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-48795");

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/09/20");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/09/20");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/05/19");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:infoblox:nios");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("infoblox_nios_web_interface_detect.nbin", "infoblox_nios_detect.nbin");
  script_require_keys("Host/Infoblox/NIOS");

  exit(0);
}

include('vcf_extras_infoblox.inc');
include('vcf.inc');

var app_info = vcf::infoblox::get_app_info();

# Vuln fixed in 9.0.3.3 CHF (i.e. 9.0.3 CHF-3)
if (app_info['version'] == '9.0.3.3') audit(AUDIT_INST_VER_NOT_VULN, 'Infoblox NIOS');

var hotfixes = {
  '8.6.3' : 'Hotfix-Hotfix-NIOS_8.6.3-51135-1241097029df_NIOS_8.6.4-51177-72c485de7d02-J98461-APPLY-bfae98bad9d22adf4e7390d49f47e11e',
  '8.6.4' : 'Hotfix-Hotfix-NIOS_8.6.3-51135-1241097029df_NIOS_8.6.4-51177-72c485de7d02-J98461-APPLY-bfae98bad9d22adf4e7390d49f47e11e'
};

if (!app_info.extra_no_report.hotfixes_checked_successfully && report_paranoia < 2)
{
  audit(AUDIT_POTENTIAL_VULN, 'Infoblox', app_info.version);
}

var constraints = [
    {'min_version' : '8.6', 'fixed_version' : '8.7', 'fixed_display' : 'See vendor advisory' },
    {'min_version' : '9.0.1', 'fixed_version' : '9.0.4', 'fixed_display' : 'See vendor advisory' }
  ];

vcf::infoblox::check_version_and_report(
    app_info:app_info,
    constraints:constraints,
    severity:SECURITY_WARNING,
    hotfixes:hotfixes
);

27 May 2025 00:00Current

7High risk

Vulners AI Score7

CVSS 3.15.9

EPSS0.54214

SSVC