OpenSSH vulnerability allows remote attackers to bypass integrity checks and downgrade security features
CVE-2023-48795

5.9MEDIUM

Key Information:

Vendor
OpenBSD
Status
Openssh
Vendor
CVE Published:
18 December 2023

Badges

πŸ“ˆ Trended🟣 EPSS 95%πŸ“° News Worthy

What is CVE-2023-48795?

CVE-2023-48795 is a notable vulnerability within the OpenSSH software suite, which is used for secure remote access to systems via the SSH protocol. This vulnerability allows remote attackers to bypass essential integrity checks, which may result in the downgrading or disabling of important security features during the connection handshake process. If exploited, this can severely compromise the confidentiality and integrity of data transmitted over SSH connections, exposing organizations to the risk of unauthorized access and data breaches.

Technical Details

The vulnerability arises from how certain OpenSSH extensions handle the handshake phase of the SSH Binary Packet Protocol (BPP) and manipulate sequence numbers. In particular, this flaw enables attackers to perform a Terrapin attack, which involves omitting specific packets in the extension negotiation message. As a result, both the client and server may establish a connection that inadvertently lacks some of the security guarantees they would typically expect, including vulnerabilities against the ChaCha20-Poly1305 and CBC with Encrypt-then-MAC MAC algorithms. This mismanagement poses significant risks to the security of SSH connections.

Potential Impact of CVE-2023-48795

  1. Data Compromise: Exploitation of this vulnerability can lead to unauthorized access to sensitive data being transmitted over SSH channels, increasing the risk of data breaches and loss of confidentiality.

  2. Downgraded Security Features: The ability to bypass integrity checks means that the security features of the SSH protocol can be weakened, rendering systems more vulnerable to other attacks and exploitation techniques.

  3. Increased Attack Surface for Threat Actors: By allowing modifications to security protocols, this vulnerability presents an opportunity for attackers to execute more sophisticated attacks, thereby potentially facilitating further penetration into affected networks.

News Articles

Dark Reading

10 Steps to Root Out the Terrapin Vulnerability

You don't have to stop using SSH keys to stay safe. This Tech Tip explains how to protect your system against CVE-2023-48795.

10 months ago

favicon imagePenetration Testing

CVE-2023-4969 Archives

VulnerabilityJanuary 16, 2024LeftoverLocals – CVE-2023-4969: The Hidden Threat in Your GPUIn the fast-paced world of high-performance computing and artificial intelligence, GPUs have emerged as indispensable...

1 year ago

favicon imageSpiceworks

SSH Vulnerable to Terrapin Attack - Spiceworks

Security researchers have discovered a new vulnerability in the Secure Shell (SSH) network protocol. Find out more.

1 year ago

References

https://www.chiark.greenend.org.uk/~sgtatham/putty/change...
https://matt.ucc.asn.au/dropbear/CHANGES
https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES

EPSS Score

95% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • πŸ“ˆ

    Vulnerability started trending

  • πŸ“°

    First article discovered by Bleeping Computer

  • Vulnerability published

  • Vulnerability Reserved

.