Terrapin Scanner reports NSX nodes are vulnerable to CVE-2023-48795.

search cancel

Terrapin Scanner reports NSX nodes are vulnerable to CVE-2023-48795.

book

Article ID: 320294

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

Customer ran Terrapin Scanner against NSX nodes and identified that these are vulnerable to CVE-2023-48795.

Environment

VMware NSX

VMware NSX-T Data Center

Cause

As per https://terrapin-attack.com/ the attack is related to ChaCha20-Poly1305 cipher.

Resolution

Fixed in following releases-
NSX 4.1.2.3 and above
NSX 3.2.4

As a workaround we can disable ChaCha20-Poly1305 cipher. Refer to this KB for steps-
https://knowledge.broadcom.com/external/article/323554/disable-weak-ciphers-on-nsx-manager.html

Additional Information

For additional details on CVE-2023-48795 in Ubuntu, see the CVE-2023-48795 and the changelogs for the openssh source package in Focal.

A successful attack has no observable impact on session secrecy or integrity and it only leads to a stalled connection; the reason is that, the attack requires an active Man-in-the-Middle (MITM) who can intercept and modify the connection's traffic. Basically, the attacker can only remove the initial messages on the secure channel without causing a MAC failure and therefore, prevents user authentication from proceeding.

Feedback

thumb_up Yes

thumb_down No