Vulnerability found: SSH Prefix Truncation Vulnerability (Terrapin)
search cancel

Vulnerability found: SSH Prefix Truncation Vulnerability (Terrapin)

book

Article ID: 277997

calendar_today

Updated On:

Products

Security Analytics

Issue/Introduction

Some releases and configurations of ssh are vulnerable to CVE-2023-48795. Security Analytics 8.2.7 and later are not.

See SSH Prefix Truncation Vulnerability Used in Terrapin Attacks (CVE-2023-48795)

The iDRAC for the Dell r640xl is vulnerable, but the management interface for the Dell ME4 and ME5 storage arrays are not vulnerable.

Environment

Security Analytics 8.2.7
Dell ME4012 Storage
Dell ME4084 Storage
Dell VA084
Dell VA012
SA-STAG8-5U840
SA-STAG8-2U144

Resolution

Security Analytics itself and the Dell ME4/5 storage arrays are not vulnerable, but the iDRAC is.  We recommend disabling ssh in these interfaces. ssh is not used by the application or for support.
 
To disable ssh in the iDRAC, login to the iDRAC

For the iDRAC

  1. Log in to the iDRAC and searched for the keyword ssh in the top right corner.
  2. This navigates directly to the Services -> SSH menu
  3. Enable or Disable SSH.

Even though the storage devices are not vulnerable, if you want to disable SSH, here are the steps:

  1. Log in and select Home -> Action -> System Settings
  2. Under Services, deselect SSH.

 
 
 
 
 

Additional Information

For sites that require ssh access to the iDRAC, the vulnerable cypher can be removed. Dell has provided the instructions.  Broadcom has not tested and does not support this configuration change.

ME4 Storage Array - Configuring the SSH Server Cipher List
 
r640 iDRAC - Setting Cipher Suite Selection using the iDRAC GUI
 
CVE-2023-48795      
SSH Prefix Truncation Vulnerability (Terrapin)

CVE-2025-26465      
OpenSSH Security Update (CVE-2025-26465)

CVE-2025-61984      
OpenSSH ssh Function Vulnerability (CVE-2025-61984)

CVE-2023-48795      
OpenSSH SSH Protocol Vulnerability (CVE-2023-48795)

CVE-2023-51384      
OpenSSH Incomplete Constrains Sensitive Information Disclosure Vulnerability

CVE-2023-51385      
OpenSSH OS Command Injection Vulnerability

CVE-2023-38408      
OpenSSH Remote Code Execution (RCE) Vulnerability in its forwarded ssh-agen




These are the results from the Terrapin vulnerability scanner for the Security Analytics application -

./Terrapin_Scanner_Linux_amd64 -connect
================================================================================
==================================== Report ====================================
================================================================================

Remote Banner: SSH-2.0-OpenSSH_8.0

ChaCha20-Poly1305 support:   false
CBC-EtM support:             false

Strict key exchange support: false

The scanned peer supports Terrapin mitigations and can establish
connections that are NOT VULNERABLE to Terrapin. 
For strict key exchange to take effect, both peers must support it.

Note: This tool is provided as is, with no warranty whatsoever. It determines
      the vulnerability of a peer by checking the supported algorithms and
      support for strict key exchange. It may falsely claim a peer to be
      vulnerable if the vendor supports countermeasures other than strict key
      exchange.

For more details visit https://terrapin-attack.com
Powered by Wolken Software