OpenSSH Terrapin Attack

Advisory ID	CVE Number	Date discovered	Severity	Advisory revision
STORM-2024-001	CVE-2023-48795	12/21/2023	medium	v1

Vulnerability details

The Terrapin attack is a vulnerability in the SSH protocol itself. It results in the compromised client mistakenly perceiving that the server does not support recent signature algorithms used in user authentication. This vulnerability can be exploited through a man-in-the-middle (MitM) attack.

Impacted products

Products	Severity	Detail
Stormshield Management Center	medium	SMC is impacted

Revisions

Version	Date	Description
v1		Initial release

Stormshield Management Center

CVSS v3.1 Overall Score: 6.5

Analysis

Impacted version

The vulnerability impacts all SSH connections and is specifically focused on the OpenSSH implementation. The vulnerable OpenSSH configurations are:

chacha20-poly1305@openssh.com
Any AES(128|192|256)-cbc ciphers
Any MACs that use Encrypt-then-MAC (EtM), such as hmac-(sha2-512|sha2-256|sha1|sha1-96|md5-96|md5)-etm@openssh.com and umac-(128|64)-etm@openssh.com

SMC < 3.6.0

Workaround solution	Solution
There is no workaround solution.	The 3.6.0 update will fix this vulnerability.

Attack Vector	Attack Complexity	Privileges Required	User Interaction	Scope	Confidentiality Impact	Integrity Impact	Availability impact
Adjacent Network	High	None	None	Unchanged	High	High	None

CVSS Base score: 6.8	CVSS Vector: (AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)

Exploit Code Maturity	Remediation Level	Report Confidence
Proof of concept code	Official fix	Reasonable

CVSS Temporal score: 5.9	CVSS Vector: (AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:R)

Confidentiality Requirement	Integrity Requirement	Availability Requirement
Medium	High	High

CVSS Environmental score: 6.5	CVSS Vector: (AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:R/CR:M/IR:H/AR:H/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X)