cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
681
Views
0
Helpful
3
Replies

SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795)

Minato
Level 1
Level 1

SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795) in cisco Catalyst 9300 

We have run vulnerability cisco Catalyst 9300  and we find the above  vulnerability. All software is up to date.

#show ip ssh
SSH Enabled - version 2.0
Authentication methods:publickey,keyboard-interactive,password
Authentication Publickey Algorithms:ssh-rsa,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,x509v3-ecdsa-sha2-nistp256,x509v3-ecdsa-sha2-nistp384,x509v3-ecdsa-sha2-nistp521,rsa-sha2-256,rsa-sha2-512,x509v3-rsa2048-sha256
Hostkey Algorithms:rsa-sha2-512,rsa-sha2-256,ssh-rsa
Encryption Algorithms:chacha20-poly1305@openssh.com,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-gcm,aes256-gcm,aes128-ctr,aes192-ctr,aes256-ctr
MAC Algorithms:hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com
KEX Algorithms:curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512
Authentication timeout: 60 secs; Authentication retries: 2
Minimum expected Diffie Hellman key size : 2048 bits
IOS Keys in SECSH format(ssh-rsa, base64 encoded): TP-self-signed-1724981029
Modulus Size : 2048 bits
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC9AhvuJYMMw390tNL30RGLuDac6Sic5NgxwBbJYgUA
FXfh1P6UVSIpGD9QSgJolIDcyAXiB8k0YA6YkC/pyuaFE7Fi61o7xtpMmtRWa/WC4FwdX647GC23adLr
KL5NR38+GOKcNHPTDgsKmXyuTytfsGJ3a+15DF7fb2iF4L8neo3WzhQ/1yokkcNGolcFJwLsm4RLx1nY
yU/68VOSHsD2NEJjZMIlzSkkRYNjaz9RLNtzjDFpg5/DaqJ3X2rWoGskaQaszlaw+OrI3T5bbB+R2OuN
umK3Bc16KZd1/zSGg2SCzDGODp0oVP4JIYG+iOjZX0+BoGcqftbxKUQnh50t

 

Thanks in advances

 

3 Replies 3

marce1000
VIP
VIP

 

 - How do you define 'All software is up to date.' ; meaning what is the current software version installed on the 9300 ?

  M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Cisco IOS XE Software, Version 17.14.01

 

  - This bug report https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwj31317 mentions 17.15.1 as a fixed release ,

  M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
Review Cisco Networking for a $25 gift card