This article provides information on how to mitigate the CVE-2023-48795 vulnerability.

→ Applies to: SynetoOS 4.x

Vulnerability description

The vulnerability compromises the integrity of the SSH protocol, by manipulating sequence numbers during the handshake. This allows an attacker, acting as a Man-in-the-Middle (MITM), to remove initial messages between the client and server without either side noticing.

The attack only affects SSH connections using ChaCha20-Poly1305 or CBC with Encrypt-then-MAC. To mitigate the risk, avoid to use these encryption methods, update SSH software, and secure the network against MITM attacks.

SOURCES
NIST (https://nvd.nist.gov/vuln/detail/cve-2023-48795)

Mitigation

Update your ssh client/server to the latest available version and verify that the client and server provide kex pseudo-algorithms indicating that they are using the updated, attack-proof version of the protocol.

Solution

Step 1. Connect to SynetoOS appliance via SSH as admin

ssh admin@<your_ip_address_or_hostname>

Step 2 (optional). Change into Solaris shell (in case you're directed to an unsupported shell)

un sh

Step 3. Get root privileges

sudo su -

Step 4. Exclude the cyphers

sudo sed -i '/#RekeyLimit default none/a Ciphers -chacha20-poly1305@openssh.com' /etc/ssh/sshd_config

Step 5. Restart the ssh service

svcadm restart ssh

Step 6. Confirm the effectiveness of the mitigation by running a vulnerability scanner again

VULNERABILITY SCANNER

Terrapin Scanner (https://github.com/RUB-NDS/Terrapin-Scanner/releases/tag/v1.1.3)