Terrapin Attack Vulnerability CVE-2023-48795 on RUCKUS SmartZone(SZ)

Summary

CVE-2023-48795 Terrapin Attack affects OpenSSH v9.5 and earlier versions. Vulnerability allows attacker with local network access to manipulate information during the SSH connection’s initial handshake, potentially downgrading security. The CVSS 3.x rating classifies it as a ‘Medium’ difficulty exploit. By upgrading SZ controller to 7.0 version can fix this vulnerability

Question

What is the impact of the Terrapin Attack Vulnerability (CVE-2023-48795) on RUCKUS SZ?

Customer Environment

Virtual SmartZone (vSZ). SmartZone-144 (SZ-144). SmartZone-100 (SZ-100). SmartZone-300 (SZ-300).

Root Cause

CVE-2023-48795, also known as the ‘Terrapin Attack’, is a vulnerability found in OpenSSH v9.5 and earlier versions. An attacker, who has gained access to the local network and can intercept communications, could exploit this vulnerability to downgrade the security of an SSH connection by manipulating information during the connection’s initial handshake/negotiation sequence. The CVSS 3.x rating of ‘Medium’ indicates the level of difficulty in successfully exploiting this vulnerability.

Symptoms

Security scan tools showing CVE-2023-48795 on RUCKUS SmartZone controllers.

Resolution

The vulnerability is addressed in SmartZone version 7.0, upgrading your controller to 7.0 will fix it. Upgrade guide for 7.0 can be found here.

Article Number:
000014312

Updated:
May 21, 2024 02:31 PM (6 months ago)

Tags:
Firmware, Security, SZ144, SZ300, virtual SmartCell Gateway, SZ100

Votes:
0

This article is:
helpful
not helpful

Working...Please wait

This is here to prevent you from accidentally submitting twice.

The page will automatically refresh.

Alert!!

Close