Palo Alto Networks Product Security Incident Response TeamPA-CVE-2023-48795Impact of Terrapin SSH Attack
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
7 High
AI Score
Confidence
Low
0.963 High
EPSS
Percentile
99.5%
The Terrapin attack allows an attacker with the ability to intercept SSH traffic on affected Palo Alto Networks products (through machine-in-the-middle or MitM attacks) to downgrade connection security and force the usage of less secure client authentication algorithms when an administrator or user connects to the product.
This issue does not impact the SSH server component of PAN-OS software configured to exclusively use strong cipher algorithms or configured to operate in FIPS-CC mode, which removes support for the impacted algorithms.
When using the PAN-OS SSH client to connect to an SSH server that supports the CHACHA20-POLY1305 algorithm or any Encrypt-then-MAC algorithms, the traffic is susceptible to this attack.
This issue affects Prisma SD-WAN ION devices.
Additional information and technical details about the attack can be found at https://terrapin-attack.com.
Work around:
If using the SSH client provided with PAN-OS to connect from the firewall to an external SSH server, ensure that the SSH server does not support the CHACHA20-POLY1305 algorithm or any Encrypt-then-MAC algorithms.
Related
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
7 High
AI Score
Confidence
Low
0.963 High
EPSS
Percentile
99.5%