QID 44169
Date Published: 2024-02-06
QID 44169: Juniper Network Operating System (Junos OS) Terrapin Attack SSH Connection Weakening Vulnerability (JSA76462)
CVE-2023-48795: An Improper Validation of Integrity Check Value vulnerability in OpenSSH before 9.6 of Juniper Networks Junos OS allows a remote attacker to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka the Terrapin Attack.
These issues affect Juniper Networks Junos OS on SRX, EX, PTX, MX, QFX, NFX and ACX Series
Affected Juniper Networks Junos OS versions:
Junos OS: 19.4R3-S13, 20.4R3-S10, 21.4R3-S6, 22.1R3-S5, 22.2R3-S3, 22.4R3-S1, 23.2R2, 23.4R2, 24.1R1, and all subsequent releases.
QID detection logic: (Authenticated)
This QID checks for vulnerable Junos OS version.
QID detection logic: (Unauthenticated)
This QID checks SNMP banner for vulnerable version of JunOS.
The most serious identified impact is that it lets an on-path attacker delete the SSH2_MSG_EXT_INFO message sent before authentication starts, allowing the attacker to disable a subset of the keystroke timing obfuscation features.
Workaround:
The vendor has advised that this issue can be completely remediated by excluding the chacha20-poly1305 cipher from SSH and configuring the following ciphers for SSH.
CVEs related to QID 44169
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| JSA76462 |
supportportal.juniper.net/s/article/2024-01-Reference-Advisory-Junos-OS-and-Junos-OS-Evolved-Impact-of-Terrapin-SSH-Attack-CVE-2023-48795?language=en_US |