Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2023-48795

CWE-354CWE-345CWE-22238 documents17 sources
Severity
5.9MEDIUM
EPSS
56.7%
top 1.87%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
57
Golang.org X/cryptoApple MacosAsyncssh Project Asyncssh+54 more
Timeline
PublishedDec 18
Latest updateApr 15

Description

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the ha

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages73 packages

NVDlibssh2/libssh2< 1.11.1
NVDbitvise/ssh_client< 9.33
NVDbitvise/ssh_server< 9.32

Also affects: Debian Linux 10.0, Fedora 38, 39, Enterprise Linux 8.0, 9.0, Openshift Container Platform 4.0

Patches

Patch: git.libssh.orgPatch: github.comPatch: github.com

🔴Vulnerability Details

10
OSV
ProFTPD vulnerabilities2025-02-25
OSV
Several security issues were fixed in Dropbear2025-02-25
GHSA
Apache MINA SSHD: integrity check bypass2024-08-12
OSV
openssh vulnerabilities2023-12-19
CVEList
CVE-2023-48795: The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 92023-12-18

💥Exploits & PoCs

1
Nuclei
OpenSSH Terrapin Attack - Detection

📋Vendor Advisories

22
Oracle
Oracle Oracle Retail Applications Risk Matrix: Xenvironment (Apache Mina SSHD) — CVE-2023-487952025-04-15
Ubuntu
Dropbear vulnerabilities2025-02-25
Ubuntu
ProFTPD vulnerabilities2025-02-25
Oracle
Oracle Oracle Database Server Risk Matrix: Database Migration Assistant for Unicode (Apache Mina SSHD) — CVE-2023-487952025-01-15
Oracle
Oracle Oracle Blockchain Platform Risk Matrix: Blockchain Cloud Service Console (OpenSSH) — CVE-2023-487952024-10-15

🕵️Threat Intelligence

3
Qualys
Mitigate SSH Vulnerability CVE-2023-48795 with Qualys CSAM | Qualys2023-12-22
Qualys
SSH Attack Surface (CVE-2023-48795): Find and Patch With CyberSecurity Asset Management Before the Grinch Arrives2023-12-22
Huntress
CVE-2023-48795 Vulnerability: Analysis, Impact, Mitigation | Huntress

💬Community

1
HackerOne
Weak ssh algorithms and CVE-2023-48795 Discovered on various subdomains of nextcloud.com2024-05-22