topic Re: SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795) in Network Security

SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795)

Minato — Thu, 07 Nov 2024 09:37:01 GMT

SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795) in cisco Catalyst 9300

We have run vulnerability cisco Catalyst 9300 and we find the above vulnerability. All software is up to date.

#show ip ssh
SSH Enabled - version 2.0
Authentication methods:publickey,keyboard-interactive,password
Authentication Publickey Algorithms:ssh-rsa,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,x509v3-ecdsa-sha2-nistp256,x509v3-ecdsa-sha2-nistp384,x509v3-ecdsa-sha2-nistp521,rsa-sha2-256,rsa-sha2-512,x509v3-rsa2048-sha256
Hostkey Algorithms:rsa-sha2-512,rsa-sha2-256,ssh-rsa
Encryption Algorithms:chacha20-poly1305@openssh.com,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-gcm,aes256-gcm,aes128-ctr,aes192-ctr,aes256-ctr
MAC Algorithms:hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com
KEX Algorithms:curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512
Authentication timeout: 60 secs; Authentication retries: 2
Minimum expected Diffie Hellman key size : 2048 bits
IOS Keys in SECSH format(ssh-rsa, base64 encoded): TP-self-signed-1724981029
Modulus Size : 2048 bits
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC9AhvuJYMMw390tNL30RGLuDac6Sic5NgxwBbJYgUA
FXfh1P6UVSIpGD9QSgJolIDcyAXiB8k0YA6YkC/pyuaFE7Fi61o7xtpMmtRWa/WC4FwdX647GC23adLr
KL5NR38+GOKcNHPTDgsKmXyuTytfsGJ3a+15DF7fb2iF4L8neo3WzhQ/1yokkcNGolcFJwLsm4RLx1nY
yU/68VOSHsD2NEJjZMIlzSkkRYNjaz9RLNtzjDFpg5/DaqJ3X2rWoGskaQaszlaw+OrI3T5bbB+R2OuN
umK3Bc16KZd1/zSGg2SCzDGODp0oVP4JIYG+iOjZX0+BoGcqftbxKUQnh50t

Thanks in advances

Re: SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795)

Mark Elsen — Thu, 07 Nov 2024 12:50:35 GMT

- How do you define 'All software is up to date.' ; meaning what is the current software version installed on the 9300 ?

Re: SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795)

Minato — Thu, 07 Nov 2024 12:55:20 GMT

Cisco IOS XE Software, Version 17.14.01

Re: SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795)

Mark Elsen — Thu, 07 Nov 2024 12:57:51 GMT

- This bug report https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwj31317 mentions 17.15.1 as a fixed release ,

Re: SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795)

venkatakrishnareddy-maram — Thu, 17 Apr 2025 15:53:35 GMT

We have recently upgraded our catalyst 93xx/94xx boxes to 17.12.04 but Qualys still detects that the vulnerability is ON. Wondering if this is fixed in 17.12.4 or skipped for future releases??

If it is fixed, is there anyway we can validate it on the box please?

Re: SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795)

Mark Elsen — Fri, 18 Apr 2025 06:16:23 GMT

- @venkatakrishnareddy-maram Contact Cisco TAC to get that sorted out (which versions are really fixed)
If you want to test for this vulnerability ; have a look at
https://github.com/RUB-NDS/Terrapin-Scanner

Re: SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795)

venkatakrishnareddy-maram — Tue, 22 Apr 2025 17:27:43 GMT

I have tested (upgraded to 17.12.04) locally and do see that we still have OpenSSH version as 7.4

Switch#guestshell run bash

[guestshell@guestshell ~]$ ssh -V

OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017

[guestshell@guestshell ~]$

and still seeing chacha20-poly1305 and our Qualys tracking it too with

Strict Key Exchange is not enabled.

Switch#sh ip ssh

SSH Enabled - version 2.0

Authentication methods:publickey,keyboard-interactive,password

Authentication Publickey Algorithms:ssh-rsa,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,x509v3-ecdsa-sha2-nistp256,x509v3-ecdsa-sha2-nistp384,x509v3-ecdsa-sha2-nistp521,rsa-sha2-256,rsa-sha2-512,x509v3-rsa2048-sha256

Hostkey Algorithms:rsa-sha2-512,rsa-sha2-256,ssh-rsa

Encryption Algorithms:chacha20-poly1305@openssh.com,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-gcm,aes256-gcm,aes128-ctr,aes192-ctr,aes256-ctr

MAC Algorithms:hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com

KEX Algorithms:curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512

Authentication timeout: 120 secs; Authentication retries: 3

Minimum expected Diffie Hellman key size : 2048 bits

IOS Keys in SECSH format(ssh-rsa, base64 encoded): Cap1-Key

Modulus Size : 2048 bits

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDFv/InVkrO/4Kv02hFcJQwFoUmyezP7y3CU/4vne5d

ieVK9t23zs2UlyCsyVa/J37u6QiUEqo1DbJ2mXW86JJd251HxYCQj89sbF4QzF5EmV1FZujVKAa8bh2X

QpPPW+55cREDhRG6DTxqPQq0BZNu7QFu0TvOvKJ/F5yhJ3VZY+kIDQEHbNxnpj0qfWAfEmEgBWrwQgTM

b6OgW4nLqT+aQe50rqWS7XtkVSs4rkTFBFzhDbgToDT/DgVsJHOnEPS57Ee7me3TI8Qgxc5TE6IBu7zc

vxVj2DOmd/3mp79mtCzcMqqyT22r9VrzFGsVJputC95cSml3vgpf3d+2JQzF

Qualys results:

RESULTS: SSH Prefix Truncation Vulnerability (Terrapin) detected on port: 22 ChaCha20-Poly1305 Algorithm Support: False CBC-EtM Algorithm Support: True Strict Key Exchange algorithm enabled: False

So, Upgraded to 17.12.05 and seeing the same OpenSSH version 7.4, and chacha20-poly1305 enabled as well.

Opened Cisco TAC case on side to see if TAC can give any other direction.

Re: SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795)

venkatakrishnareddy-maram — Tue, 29 Apr 2025 14:41:42 GMT

Tested even with 17.15.03 (latest released on 03/18/2025) and see the same OpenSSH version as 7.4. As per the OpenSSH security page (https://www.openssh.com/security.html), It is fixed only in 9.6 or later versions.
Opened a TAC case and they are able to re-pro this in Cisco labs. Waiting for BU resolution for now.

Re: SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795)

Ibrahim Shaik — Fri, 25 Jul 2025 00:07:37 GMT

Have you received any response from TAC on the OpenSSH vulnerability and which version has the fixed to Encryption Algorithms:chacha20-poly1305@openssh.com.

Re: SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795)

HMEL_Infotech1 — Tue, 05 Aug 2025 07:42:57 GMT

Is there any solution has been received.

Re: SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795)

jimtuttle — Wed, 13 Aug 2025 18:30:28 GMT

here is a work around i have used on 9300/9500 switches to fix this vulnerability

To remove the chacha20-poly1305 encryption algorithm use these commands.

no ip ssh server algorithm encryption chacha20-poly1305@openssh.com

no ip ssh client algorithm encryption chacha20-poly1305@openssh.com

next we have to update the mac algorithms in use. We can’t just delete the current ones, so use these 2 commands to update them.

ip ssh server algorithm mac hmac-sha2-256 hmac-sha2-512

ip ssh client algorithm mac hmac-sha2-256 hmac-sha2-512

do show ip ssh again to verify the updates and then save config.