OpenSSH Terrapin attack (CVE-2023-48795)

Summary

CVE-2023-48795
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms.

Version Affected Solution
FortiAnalyzer 7.4 7.4.2 Upgrade to 7.4.3 or above
FortiAnalyzer 7.2 Not affected Not Applicable
FortiAnalyzer 7.0 7.0.11 Upgrade to 7.0.12 or above
FortiMail 7.4 7.4.0 through 7.4.1 Upgrade to 7.4.2 or above
FortiMail 7.2 7.2.0 through 7.2.5 Upgrade to 7.2.6 or above
FortiMail 7.0 7.0.0 through 7.0.7 Upgrade to 7.0.8 or above
FortiMail 6.4 6.4 all versions Migrate to a fixed release
FortiMail 6.2 6.2 all versions Migrate to a fixed release
FortiManager 7.4 7.4.2 Upgrade to 7.4.3 or above
FortiManager 7.2 Not affected Not Applicable
FortiManager 7.0 7.0.11 Upgrade to 7.0.12 or above
FortiRecorder 7.2 Not affected Not Applicable
FortiRecorder 7.0 7.0.0 through 7.0.3 Upgrade to 7.0.4 or above
FortiRecorder 6.4 6.4 all versions Migrate to a fixed release
FortiRecorder 6.0 6.0 all versions Migrate to a fixed release
FortiVoice 7.0 7.0.0 through 7.0.1 Upgrade to 7.0.2 or above
FortiVoice 6.4 6.4.0 through 6.4.8 Upgrade to 6.4.9 or above
FortiVoice 6.0 6.0.0 through 6.0.12 Upgrade to 6.0.13 or above
FortiWeb 7.6 Not affected Not Applicable
FortiWeb 7.4 7.4.0 through 7.4.2 Upgrade to 7.4.3 or above
FortiWeb 7.2 7.2.0 through 7.2.7 Upgrade to 7.2.8 or above
FortiWeb 7.0 7.0 all versions Migrate to a fixed release
FortiWeb 6.4 6.4 all versions Migrate to a fixed release
FortiWeb 6.3 6.3 all versions Migrate to a fixed release
FortiWeb 6.2 6.2 all versions Migrate to a fixed release

Workarounds:

  1. Disable SSH and use GUI for management, or CLI console from GUI

  2. Disable affected ciphers via the following command (if available):

config system global
set ssh-enc-algo aes256-ctr aes256-gcm@openssh.com
end

Products confirmed NOT impacted:

FortiOS
FortiADC
FortiADC-Manager
FortiAIOps
FortiAnalyzer-BigData
FortiSASE
FortiExtender
FortiTester
FortiProxy
FortiPortal
FortiPAM
FortiAuthenticator
FortiSandbox
FortiDDoS
FortiIsolator

Products under investigation:

FortiSwitch
FortiNAC
FortiSIEM
FortiSOAR
FortiDeceptor
FortiNDR
FortiCamera
FortiConnect
FortiWLM
FortiWLC

Timeline

2024-01-09: Initial publication
2024-02-07: Updated not impacted product list
2024-02-09: Updated affected product versions
2024-02-28: Updated fixed versions