Vulnerability found: SSH Prefix Truncation Vulnerability (Terrapin)
search cancel

Vulnerability found: SSH Prefix Truncation Vulnerability (Terrapin)


Article ID: 277997


Updated On:


Security Analytics


Some releases and configurations of ssh are vulnerable to cve-2023-48795. Security Analytics 8.2.7 and later are not.
See SSH Prefix Truncation Vulnerability Used in Terrapin Attacks (CVE-2023-48795)

The iDRAC for the Dell r640xl and the ME4 storage arrays attached are vulnerable.


Security Analytics 8.2.7


Security Analytics is not vulnerable, but the iDRAC and ME4 Web UI are.  We recommend disabling ssh in these interfaces. ssh is not used by the application or for support.
To disable ssh in the iDRAC, login to the iDRAC

For the iDRAC, login to the idrac and searched for the keyword ssh in the top right corner. This navigates directly to the Services -> SSH menu to Enable or Disable ssh.

For the ME4 storage login and select Home -> Action -> System Settings -> Services and deselect SSH.


These are the results from the Terrapin vulnerability scanner for the Security Analytics application -

./Terrapin_Scanner_Linux_amd64 -connect
==================================== Report ====================================

Remote Banner: SSH-2.0-OpenSSH_8.0

ChaCha20-Poly1305 support:   false
CBC-EtM support:             false

Strict key exchange support: false

The scanned peer supports Terrapin mitigations and can establish
connections that are NOT VULNERABLE to Terrapin. 
For strict key exchange to take effect, both peers must support it.

Note: This tool is provided as is, with no warranty whatsoever. It determines
      the vulnerability of a peer by checking the supported algorithms and
      support for strict key exchange. It may falsely claim a peer to be
      vulnerable if the vendor supports countermeasures other than strict key

For more details visit

Additional Information

For sites that require ssh access to the iDRAC and ME4 Web UI, the vulnerable cypher can be removed. Dell has provided the instructions.  Broadcom has not tested and does not support this configuration change.

These are not supported but a quick test show that the instructions might work in some cases.