PSIRTOpenSSH Terrapin attack (CVE-2023-48795)
Summary
CVE-2023-48795
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms.
| Version | Affected | Solution |
|---|---|---|
| FortiAnalyzer 7.4 | 7.4.2 | Upgrade to 7.4.3 or above |
| FortiAnalyzer 7.2 | Not affected | Not Applicable |
| FortiAnalyzer 7.0 | 7.0.11 | Upgrade to 7.0.12 or above |
| FortiAnalyzer 6.4 | Not affected | Not Applicable |
| FortiMail 7.4 | 7.4.0 through 7.4.1 | Upgrade to 7.4.2 or above |
| FortiMail 7.2 | 7.2.0 through 7.2.5 | Upgrade to 7.2.6 or above |
| FortiMail 7.0 | 7.0.0 through 7.0.7 | Upgrade to 7.0.8 or above |
| FortiMail 6.4 | 6.4 all versions | Migrate to a fixed release |
| FortiMail 6.2 | 6.2 all versions | Migrate to a fixed release |
| FortiManager 7.4 | 7.4.2 | Upgrade to 7.4.3 or above |
| FortiManager 7.2 | Not affected | Not Applicable |
| FortiManager 7.0 | 7.0.11 | Upgrade to 7.0.12 or above |
| FortiManager 6.4 | Not affected | Not Applicable |
| FortiNAC-F 7.4 | Not affected | Not Applicable |
| FortiNAC-F 7.2 | 7.2.0 through 7.2.5 | Upgrade to 7.2.6 or above |
| FortiNDR 7.4 | 7.4.0 through 7.4.2 | Upgrade to 7.4.3 or above |
| FortiNDR 7.2 | 7.2.0 through 7.2.1 | Upgrade to 7.2.2 or above |
| FortiNDR 7.1 | 7.1 all versions | Migrate to a fixed release |
| FortiNDR 7.0 | 7.0.0 through 7.0.5 | Upgrade to 7.0.6 or above |
| FortiRecorder 7.2 | Not affected | Not Applicable |
| FortiRecorder 7.0 | 7.0.0 through 7.0.3 | Upgrade to 7.0.4 or above |
| FortiRecorder 6.4 | 6.4 all versions | Migrate to a fixed release |
| FortiRecorder 6.0 | 6.0 all versions | Migrate to a fixed release |
| FortiSIEM 7.2 | Not affected | Not Applicable |
| FortiSIEM 7.1 | 7.1.0 through 7.1.3 | Upgrade to 7.1.4 or above |
| FortiSIEM 7.0 | 7.0 all versions | Migrate to a fixed release |
| FortiSIEM 6.7 | 6.7 all versions | Migrate to a fixed release |
| FortiSIEM 6.6 | 6.6 all versions | Migrate to a fixed release |
| FortiSIEM 6.5 | 6.5 all versions | Migrate to a fixed release |
| FortiSIEM 6.4 | 6.4 all versions | Migrate to a fixed release |
| FortiSIEM 6.3 | 6.3 all versions | Migrate to a fixed release |
| FortiSIEM 6.2 | 6.2 all versions | Migrate to a fixed release |
| FortiSIEM 6.1 | 6.1 all versions | Migrate to a fixed release |
| FortiSIEM 5.4 | 5.4 all versions | Migrate to a fixed release |
| FortiSIEM 5.3 | 5.3 all versions | Migrate to a fixed release |
| FortiSOAR 7.5 | Not affected | Not Applicable |
| FortiSOAR 7.4 | 7.4.0 through 7.4.2 | Upgrade to 7.4.3 or above |
| FortiSOAR 7.3 | 7.3 all versions | Migrate to a fixed release |
| FortiSOAR 7.2 | 7.2 all versions | Migrate to a fixed release |
| FortiSOAR 7.0 | 7.0 all versions | Migrate to a fixed release |
| FortiSOAR 6.4 | 6.4 all versions | Migrate to a fixed release |
| FortiVoice 7.0 | 7.0.0 through 7.0.1 | Upgrade to 7.0.2 or above |
| FortiVoice 6.4 | 6.4.0 through 6.4.8 | Upgrade to 6.4.9 or above |
| FortiVoice 6.0 | 6.0.0 through 6.0.12 | Upgrade to 6.0.13 or above |
| FortiWeb 7.6 | Not affected | Not Applicable |
| FortiWeb 7.4 | 7.4.0 through 7.4.2 | Upgrade to 7.4.3 or above |
| FortiWeb 7.2 | 7.2.0 through 7.2.7 | Upgrade to 7.2.8 or above |
| FortiWeb 7.0 | 7.0 all versions | Migrate to a fixed release |
| FortiWeb 6.4 | 6.4 all versions | Migrate to a fixed release |
| FortiWeb 6.3 | 6.3 all versions | Migrate to a fixed release |
| FortiWeb 6.2 | 6.2 all versions | Migrate to a fixed release |
Workarounds:
1. Disable SSH and use GUI for management, or CLI console from GUI
2. Disable affected ciphers via the following command (if available):
config system global
set ssh-enc-algo aes256-ctr aes256-gcm@openssh.com
end
Products confirmed NOT impacted:
FortiOS
FortiADC
FortiADC-Manager
FortiAIOps
FortiAnalyzer-BigData
FortiSASE
FortiExtender
FortiTester
FortiProxy
FortiPortal
FortiPAM
FortiAuthenticator
FortiSandbox
FortiDDoS
FortiIsolator
FortiSwitch
FortiDeceptor
FortiCamera
FortiConnect
FortiWLM
FortiWLC
Timeline
2024-01-09: Initial publication
2024-02-07: Updated not impacted product list
2024-02-09: Updated affected product versions
2024-02-28: Updated fixed versions
2024-04-24: Updated affected product versions