Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Hitendra
New Contributor

Created on ‎04-01-2024 03:43 AM

vulnerability-SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795)

in recent scanning, we received "SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795)" vulnerability on port 22.

just use this command in nmap "nmap -sV -p 22 --script ssh2-enum-algos 192.168.xxx.xxx"

if it shows "chacha20-poly1305@openssh.com" or any this with "-etm" then it will enables the Terrapin Attack.

will it get patch or need to do anything manually.

 

Forti VA 22.JPG

 

Labels:
14280
0 Kudos
7 REPLIES 7
AEK
SuperUser
SuperUser

Created on ‎04-01-2024 04:09 AM Edited on ‎04-01-2024 04:09 AM

FortiOS is not impacted by this vulnerability.

For other equipment update as mentioned in the below doc.

https://www.fortiguard.com/psirt/FG-IR-23-490

 

Now if you mean you discovered the vulnerability on a device other than Fortinet then you make sure your FG's IPS signatures up to date.

https://www.fortiguard.com/encyclopedia/ips/54577

And ideally update/patch your affected ssh server.

AEK
AEK
14270
0 Kudos
Hitendra
New Contributor

Created on ‎04-01-2024 04:42 AM

@AEK as you mention - FortiOS is not impacted by this vulnerability.

also in link you shared shows 

Products confirmed NOT impacted:

FortiOS

--------------------

but i have FortiGate100E firewall with Firmware Version v7.0.14 build0601 (Mature). as the screenshot shared has the algorithms that are mentioned in "SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795)" vulnerability.

14265
0 Kudos
AEK
SuperUser
SuperUser
In response to Hitendra

Created on ‎04-01-2024 05:12 AM

I searched a bit about this vulnerability and it seems that the ChaCha20-Poly1305 algorithme was not removed in the related OpenSSH fix but just hardened instead. That explains why the mentioned algorithm is still there in your FG.

AEK
AEK
14252
0 Kudos
smaruvala
Staff
Staff

Created on ‎04-01-2024 05:04 AM

Hi,

 

We have confirmed no impact on FortiGate/FortiOS for CVE-2023-48795. Even if scanners flag the device as vulnerable when using the affected ciphers, the vulnerability is not exploitable on FOS. The vulnerability has been fixed in FOS v7.4.4 and 7.2.8, which can be considered as a precaution fix since no version is impacted by this vulnerability.

 

Regards,

Shiva

14258
0 Kudos
Hitendra
New Contributor

Created on ‎04-01-2024 06:04 AM

@smaruvala you mean to say if scanners flag the device as vulnerable due to available of affected ciphers which should not be shown. but still, if we upgrade firmware to 7.2.8 (as shown in below upgrade path) it will fix the vulnerable ciphers and will not show in the scanner.

 

upgrade.JPG

14238
0 Kudos
AEK
SuperUser
SuperUser
In response to Hitendra

Created on ‎04-01-2024 07:52 AM

I don't understand it like that, but probably 7.2.8 has simply dropped this algorithm.

AEK
AEK
14222
0 Kudos
smaruvala
Staff
Staff
In response to Hitendra

Created on ‎04-01-2024 10:10 PM

Hi @Hitendra ,

 

Even though the algorithm is shown in nmap it is not exploitable in Fortigate/FortiOS. Hence it was considered as not vulnerable. However upgrading to fixed version is good idea as it is a preventive step.

 

Regards,

Shiva

14176
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.