CVE-2023-48795: n/a in n/a
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.
AI Analysis
Technical Summary
CVE-2023-48795 is a vulnerability affecting the SSH transport protocol implementations that support certain OpenSSH extensions, notably those using the SSH Binary Packet Protocol (BPP). The flaw arises from improper handling of the handshake phase and sequence numbers during the negotiation of extensions, which allows remote attackers to bypass integrity checks. Specifically, some packets—particularly those involved in extension negotiation—can be omitted without detection. This omission can lead to a downgrade or disabling of security features within the SSH connection. The vulnerability impacts multiple cryptographic algorithms, including ChaCha20-Poly1305 (chacha20-poly1305@openssh.com) and CBC mode with Encrypt-then-MAC (etm@openssh.com), which are commonly used for confidentiality and integrity in SSH sessions. The issue is widespread, affecting numerous SSH client and server implementations and libraries such as OpenSSH versions prior to 9.6, PuTTY before 0.80, Dropbear through 2022.83, libssh before 0.10.6, Paramiko before 3.4.0, WinSCP before 6.2.2, and many others across diverse platforms and programming languages. The vulnerability, dubbed the "Terrapin attack," allows an attacker to manipulate the SSH handshake to create a connection where security features are weakened or disabled, potentially exposing the session to interception or tampering. Although no known exploits are reported in the wild yet, the broad impact and fundamental nature of the protocol flaw make this a significant security concern for any organization relying on SSH for secure communications and remote access.
Potential Impact
For European organizations, the impact of CVE-2023-48795 can be substantial. SSH is a foundational protocol used extensively for secure remote administration, file transfers, and tunneling across enterprise networks. A successful exploitation could allow attackers to downgrade or disable cryptographic protections, leading to potential interception of sensitive data, unauthorized command execution, or session hijacking. This undermines confidentiality and integrity of communications, which is critical for sectors such as finance, healthcare, government, and critical infrastructure prevalent across Europe. The vulnerability's presence in widely used SSH clients and servers means that both internal and external access points could be compromised. Given the reliance on SSH for managing cloud infrastructure, network devices, and servers, exploitation could facilitate lateral movement within networks or persistent access by threat actors. The lack of authentication or user interaction requirements for exploitation increases the risk profile. Although no active exploits are known, the vulnerability's complexity and broad reach necessitate urgent attention to prevent potential future attacks that could disrupt operations, leak sensitive information, or cause regulatory compliance issues under GDPR and other European data protection laws.
Mitigation Recommendations
European organizations should prioritize the following specific mitigation steps: 1) Inventory all SSH clients, servers, and libraries in use across the environment, including embedded systems and network appliances, to identify affected versions. 2) Apply vendor patches or upgrade to fixed versions immediately once available, especially OpenSSH 9.6 or later and corresponding updates for other affected products. 3) Where patches are not yet available, consider disabling vulnerable OpenSSH extensions or algorithms (e.g., chacha20-poly1305@openssh.com and CBC with Encrypt-then-MAC) temporarily, if feasible, to reduce exposure. 4) Implement strict network segmentation and access controls to limit SSH access to trusted hosts and users only, reducing the attack surface. 5) Monitor SSH session logs and network traffic for anomalies that could indicate tampering or downgrade attempts, using advanced intrusion detection systems capable of protocol-level analysis. 6) Educate system administrators and security teams about the vulnerability and signs of exploitation. 7) Review and enforce SSH configuration best practices, including use of strong cryptographic algorithms and disabling legacy or weak ciphers. 8) Employ multi-factor authentication for SSH access to mitigate risks from compromised sessions. 9) Engage with vendors and security communities for timely updates and threat intelligence related to this vulnerability.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Sweden, Poland, Belgium, Switzerland
CVE-2023-48795: n/a in n/a
Description
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.
AI-Powered Analysis
Technical Analysis
CVE-2023-48795 is a vulnerability affecting the SSH transport protocol implementations that support certain OpenSSH extensions, notably those using the SSH Binary Packet Protocol (BPP). The flaw arises from improper handling of the handshake phase and sequence numbers during the negotiation of extensions, which allows remote attackers to bypass integrity checks. Specifically, some packets—particularly those involved in extension negotiation—can be omitted without detection. This omission can lead to a downgrade or disabling of security features within the SSH connection. The vulnerability impacts multiple cryptographic algorithms, including ChaCha20-Poly1305 (chacha20-poly1305@openssh.com) and CBC mode with Encrypt-then-MAC (etm@openssh.com), which are commonly used for confidentiality and integrity in SSH sessions. The issue is widespread, affecting numerous SSH client and server implementations and libraries such as OpenSSH versions prior to 9.6, PuTTY before 0.80, Dropbear through 2022.83, libssh before 0.10.6, Paramiko before 3.4.0, WinSCP before 6.2.2, and many others across diverse platforms and programming languages. The vulnerability, dubbed the "Terrapin attack," allows an attacker to manipulate the SSH handshake to create a connection where security features are weakened or disabled, potentially exposing the session to interception or tampering. Although no known exploits are reported in the wild yet, the broad impact and fundamental nature of the protocol flaw make this a significant security concern for any organization relying on SSH for secure communications and remote access.
Potential Impact
For European organizations, the impact of CVE-2023-48795 can be substantial. SSH is a foundational protocol used extensively for secure remote administration, file transfers, and tunneling across enterprise networks. A successful exploitation could allow attackers to downgrade or disable cryptographic protections, leading to potential interception of sensitive data, unauthorized command execution, or session hijacking. This undermines confidentiality and integrity of communications, which is critical for sectors such as finance, healthcare, government, and critical infrastructure prevalent across Europe. The vulnerability's presence in widely used SSH clients and servers means that both internal and external access points could be compromised. Given the reliance on SSH for managing cloud infrastructure, network devices, and servers, exploitation could facilitate lateral movement within networks or persistent access by threat actors. The lack of authentication or user interaction requirements for exploitation increases the risk profile. Although no active exploits are known, the vulnerability's complexity and broad reach necessitate urgent attention to prevent potential future attacks that could disrupt operations, leak sensitive information, or cause regulatory compliance issues under GDPR and other European data protection laws.
Mitigation Recommendations
European organizations should prioritize the following specific mitigation steps: 1) Inventory all SSH clients, servers, and libraries in use across the environment, including embedded systems and network appliances, to identify affected versions. 2) Apply vendor patches or upgrade to fixed versions immediately once available, especially OpenSSH 9.6 or later and corresponding updates for other affected products. 3) Where patches are not yet available, consider disabling vulnerable OpenSSH extensions or algorithms (e.g., chacha20-poly1305@openssh.com and CBC with Encrypt-then-MAC) temporarily, if feasible, to reduce exposure. 4) Implement strict network segmentation and access controls to limit SSH access to trusted hosts and users only, reducing the attack surface. 5) Monitor SSH session logs and network traffic for anomalies that could indicate tampering or downgrade attempts, using advanced intrusion detection systems capable of protocol-level analysis. 6) Educate system administrators and security teams about the vulnerability and signs of exploitation. 7) Review and enforce SSH configuration best practices, including use of strong cryptographic algorithms and disabling legacy or weak ciphers. 8) Employ multi-factor authentication for SSH access to mitigate risks from compromised sessions. 9) Engage with vendors and security communities for timely updates and threat intelligence related to this vulnerability.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- mitre
- Date Reserved
- 2023-11-20T00:00:00.000Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682cd0fb1484d88663aec88c
Added to database: 5/20/2025, 6:59:07 PM
Last enriched: 7/6/2025, 1:40:45 PM
Last updated: 8/15/2025, 2:54:35 PM
Views: 23
Related Threats
CVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumCVE-2025-54759: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.