SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795) in cisco Catalyst 9300

Minato · ‎11-07-2024

SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795) in cisco Catalyst 9300

We have run vulnerability cisco Catalyst 9300 and we find the above vulnerability. All software is up to date.

#show ip ssh
SSH Enabled - version 2.0
Authentication methods:publickey,keyboard-interactive,password
Authentication Publickey Algorithms:ssh-rsa,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,x509v3-ecdsa-sha2-nistp256,x509v3-ecdsa-sha2-nistp384,x509v3-ecdsa-sha2-nistp521,rsa-sha2-256,rsa-sha2-512,x509v3-rsa2048-sha256
Hostkey Algorithms:rsa-sha2-512,rsa-sha2-256,ssh-rsa
Encryption Algorithms:chacha20-poly1305@openssh.com,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-gcm,aes256-gcm,aes128-ctr,aes192-ctr,aes256-ctr
MAC Algorithms:hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com
KEX Algorithms:curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512
Authentication timeout: 60 secs; Authentication retries: 2
Minimum expected Diffie Hellman key size : 2048 bits
IOS Keys in SECSH format(ssh-rsa, base64 encoded): TP-self-signed-1724981029
Modulus Size : 2048 bits
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC9AhvuJYMMw390tNL30RGLuDac6Sic5NgxwBbJYgUA
FXfh1P6UVSIpGD9QSgJolIDcyAXiB8k0YA6YkC/pyuaFE7Fi61o7xtpMmtRWa/WC4FwdX647GC23adLr
KL5NR38+GOKcNHPTDgsKmXyuTytfsGJ3a+15DF7fb2iF4L8neo3WzhQ/1yokkcNGolcFJwLsm4RLx1nY
yU/68VOSHsD2NEJjZMIlzSkkRYNjaz9RLNtzjDFpg5/DaqJ3X2rWoGskaQaszlaw+OrI3T5bbB+R2OuN
umK3Bc16KZd1/zSGg2SCzDGODp0oVP4JIYG+iOjZX0+BoGcqftbxKUQnh50t

Thanks in advances

marce1000 · ‎11-07-2024

- How do you define 'All software is up to date.' ; meaning what is the current software version installed on the 9300 ?

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Minato · ‎11-07-2024

Cisco IOS XE Software, Version 17.14.01

marce1000 · ‎11-07-2024

- This bug report https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwj31317 mentions 17.15.1 as a fixed release ,

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

venkatakrishnareddy-maram · ‎04-17-2025

We have recently upgraded our catalyst 93xx/94xx boxes to 17.12.04 but Qualys still detects that the vulnerability is ON. Wondering if this is fixed in 17.12.4 or skipped for future releases??

If it is fixed, is there anyway we can validate it on the box please?

marce1000 · ‎04-17-2025

- @venkatakrishnareddy-maram Contact Cisco TAC to get that sorted out (which versions are really fixed)
If you want to test for this vulnerability ; have a look at
https://github.com/RUB-NDS/Terrapin-Scanner

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

venkatakrishnareddy-maram · ‎04-22-2025

I have tested (upgraded to 17.12.04) locally and do see that we still have OpenSSH version as 7.4

Switch#guestshell run bash

[guestshell@guestshell ~]$ ssh -V

OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017

[guestshell@guestshell ~]$

and still seeing chacha20-poly1305 and our Qualys tracking it too with

Strict Key Exchange is not enabled.

Switch#sh ip ssh

SSH Enabled - version 2.0

Authentication methods:publickey,keyboard-interactive,password

Authentication Publickey Algorithms:ssh-rsa,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,x509v3-ecdsa-sha2-nistp256,x509v3-ecdsa-sha2-nistp384,x509v3-ecdsa-sha2-nistp521,rsa-sha2-256,rsa-sha2-512,x509v3-rsa2048-sha256

Hostkey Algorithms:rsa-sha2-512,rsa-sha2-256,ssh-rsa

Encryption Algorithms:chacha20-poly1305@openssh.com,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-gcm,aes256-gcm,aes128-ctr,aes192-ctr,aes256-ctr

MAC Algorithms:hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com

KEX Algorithms:curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512

Authentication timeout: 120 secs; Authentication retries: 3

Minimum expected Diffie Hellman key size : 2048 bits

IOS Keys in SECSH format(ssh-rsa, base64 encoded): Cap1-Key

Modulus Size : 2048 bits

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDFv/InVkrO/4Kv02hFcJQwFoUmyezP7y3CU/4vne5d

ieVK9t23zs2UlyCsyVa/J37u6QiUEqo1DbJ2mXW86JJd251HxYCQj89sbF4QzF5EmV1FZujVKAa8bh2X

QpPPW+55cREDhRG6DTxqPQq0BZNu7QFu0TvOvKJ/F5yhJ3VZY+kIDQEHbNxnpj0qfWAfEmEgBWrwQgTM

b6OgW4nLqT+aQe50rqWS7XtkVSs4rkTFBFzhDbgToDT/DgVsJHOnEPS57Ee7me3TI8Qgxc5TE6IBu7zc

vxVj2DOmd/3mp79mtCzcMqqyT22r9VrzFGsVJputC95cSml3vgpf3d+2JQzF

Qualys results:

RESULTS: SSH Prefix Truncation Vulnerability (Terrapin) detected on port: 22 ChaCha20-Poly1305 Algorithm Support: False CBC-EtM Algorithm Support: True Strict Key Exchange algorithm enabled: False

So, Upgraded to 17.12.05 and seeing the same OpenSSH version 7.4, and chacha20-poly1305 enabled as well.

Opened Cisco TAC case on side to see if TAC can give any other direction.