Terrapin Attack Vulnerability CVE-2023-48795 on RUCKUS SmartZone(SZ/vSZ)
Summary
CVE-2023-48795 Terrapin Attack affects OpenSSH v9.5 and earlier versions. Vulnerability allows attacker with local network access to manipulate information during the SSH connection’s initial handshake, potentially downgrading security. The CVSS 3.x rating classifies it as a ‘Medium’ difficulty exploit. By upgrading SZ controller to 7.0 version or 6.1.2 Patch 1 can fix this vulnerabilityQuestion
What is the impact of the Terrapin Attack Vulnerability (CVE-2023-48795) on RUCKUS SZ?
Customer Environment
Virtual SmartZone (vSZ). SmartZone-144 (SZ-144). SmartZone-100 (SZ-100). SmartZone-300 (SZ-300).Symptoms
Security scan tools showing CVE-2023-48795 on RUCKUS SmartZone controllers.Root Cause
CVE-2023-48795, also known as the ‘Terrapin Attack’, is a vulnerability found in OpenSSH v9.5 and earlier versions. An attacker, who has gained access to the local network and can intercept communications, could exploit this vulnerability to downgrade the security of an SSH connection by manipulating information during the connection’s initial handshake/negotiation sequence. The CVSS 3.x rating of ‘Medium’ indicates the level of difficulty in successfully exploiting this vulnerability.Resolution
1) The vulnerability is addressed in SmartZone version 7.0, upgrading your controller to 7.0 will fix it. Upgrade guide for 7.0 can be found here.
2) The vulnerability is addressed in SmartZone version 6.1.2 LT-GD Patch 1 (6.1.2.0.404) version and subsequent builds. Release notes can be found (Security Upgrade section) here
Article Number:
000014312
Updated:
May 31, 2026 08:07 PM (11 days ago)
Tags:
Firmware, Security, virtual SmartCell Gateway, SZ100, SZ300, SZ144
Votes:
0
This article is:
helpful
not helpful