Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
90
Views
0
Helpful
1
Replies

SSH Prefix Truncation Vulnerability (Terrapin)

rahulnaik
Level 1
Level 1

‎07-14-2025 11:34 PM

Hi Community,

During a recent VAPT assessment, the SSH Prefix Truncation Vulnerability (Terrapin) — CVE-2023-48795 — was flagged on our Cisco ISE deployment (version 3.3 Patch 4).

I have checked Cisco’s official vulnerability repository, and the status for this CVE currently shows as "Under Investigation":
Cisco Security Advisory for CVE-2023-48795

rahulnaik_0-1752561119129.png

As this is a compliance priority, I’m looking for any recommended workaround or guidance to remediate or mitigate this vulnerability until an official fix is released. I’ve gone through the admin guides and release notes, but couldn't find any specific instructions related to disabling vulnerable SSH algorithms or hardening SSH configs on ISE.

Has anyone successfully addressed or suppressed this VAPT finding for Cisco ISE? Any help, workaround, or clarification from Cisco TAC or the community would be highly appreciated.

Thanks in advance.

0 Helpful
1 Reply 1

marce1000
Hall of Fame
Hall of Fame

‎07-15-2025 01:53 AM

 

  - @rahulnaik                   Ref :  https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwm87186
                              The bug report has a Fixed status but no Known Fixed Releases are provided ,  that means that developers have fixed the issue but it is not yet incorporated in a production release.  Contact TAC and ask for an ETA.

  M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful
Customers Also Viewed These Support Documents