Terrapin Attack Vulnerability CVE-2023-48795 on RUCKUS SmartZone(SZ)
Summary
CVE-2023-48795 Terrapin Attack affects OpenSSH v9.5 and earlier versions. Vulnerability allows attacker with local network access to manipulate information during the SSH connection’s initial handshake, potentially downgrading security. The CVSS 3.x rating classifies it as a ‘Medium’ difficulty exploit. By upgrading SZ controller to 7.0 version can fix this vulnerabilityQuestion
What is the impact of the Terrapin Attack Vulnerability (CVE-2023-48795) on RUCKUS SZ?
Customer Environment
Virtual SmartZone (vSZ). SmartZone-144 (SZ-144). SmartZone-100 (SZ-100). SmartZone-300 (SZ-300).Root Cause
CVE-2023-48795, also known as the ‘Terrapin Attack’, is a vulnerability found in OpenSSH v9.5 and earlier versions. An attacker, who has gained access to the local network and can intercept communications, could exploit this vulnerability to downgrade the security of an SSH connection by manipulating information during the connection’s initial handshake/negotiation sequence. The CVSS 3.x rating of ‘Medium’ indicates the level of difficulty in successfully exploiting this vulnerability.Symptoms
Security scan tools showing CVE-2023-48795 on RUCKUS SmartZone controllers.Resolution
The vulnerability is addressed in SmartZone version 7.0, upgrading your controller to 7.0 will fix it. Upgrade guide for 7.0 can be found here.
Article Number:
000014312
Updated:
May 21, 2024 02:31 PM (6 months ago)
Tags:
Firmware, Security, SZ144, SZ300, virtual SmartCell Gateway, SZ100
Votes:
0
This article is:
helpful
not helpful