The SSH transport protocol with certain OpenSSH extensions

CVE-2023-48795 is the SSH *Terrapin* prefix-truncation flaw: an on-path attacker can inject unauthenticated messages before encryption starts, then delete the same number right after NEWKEYS, causing SSH_MSG_EXT_INFO and related negotiation data to disappear. In OpenSSH, the named affected line is *before 9.6*, but the CVE is broader than OpenSSH and hits many SSH stacks and clients when they negotiate [email protected] or, for practical EtM abuse, CBC plus *[email protected].

The vendor's 5.9/MEDIUM score is defensible in a lab, but it overshoots enterprise patch urgency. The decisive friction is attacker position: this is not internet-scale unauthenticated exploitation, it is a live machine-in-the-middle attack against an SSH path, and in OpenSSH the practical impact is mostly security-feature downgrade rather than code execution, auth bypass, or plaintext recovery.

Why this verdict

• -2.0 attacker-position penalty: exploitation needs unauthenticated *network* reach plus a man-in-the-middle foothold on the SSH path, which is a huge real-world narrowing versus ordinary remote service CVEs
• -0.7 precondition penalty: the vulnerable behavior only matters when affected algorithms are actually negotiated and strict kex is absent on at least one side
• -0.6 impact penalty: for OpenSSH, the documented practical effect is mainly extension stripping and loss of some negotiated protections, not RCE, plaintext disclosure, or durable privilege gain

Why not higher?

This is not a wormable or sprayable internet bug. An attacker must first win routing position on the path, then catch a new SSH session, then land on affected crypto, and even then the mainstream OpenSSH impact is limited to downgrade behavior rather than direct system compromise.

Why not lower?

It is still a real protocol flaw in one of the most common admin channels in enterprise environments. Affected modes are widespread, PoC code exists, and a successful MITM against bastions, jump boxes, or contractor/Wi-Fi paths can systematically weaken many sessions at once.

1. Disable affected algorithms where practical — Remove [email protected] and CBC+*[email protected] from exposed SSH admin surfaces if you cannot confirm strict kex support on both ends. For a LOW verdict there is no SLA beyond backlog hygiene, but do it earlier on internet-facing bastions, shared jump hosts, and contractor-access paths because those are the few places where the MITM precondition is believable.
2. Keep SSH on trusted paths — Force administrative SSH through private management networks, VPNs, or hardened bastions instead of flat user LANs and untrusted transit. This directly attacks the only thing that really matters for Terrapin: the attacker being able to sit in the middle.
3. Verify strict-kex on both client and server fleets — The OpenSSH-style fix only activates when both peers support it, so a patched server talking to old clients can still leave downgrade room. Audit server banners, client versions, and distro backports during normal patch hygiene for this LOW item.

Run this on the target Linux host that provides OpenSSH server access. Invoke it as sudo bash terrapin-check.sh so it can read the effective sshd config and probe localhost:22; it needs ssh, sshd, and standard shell tools, but no internet access.

#!/usr/bin/env bash
# terrapin-check.sh
# Check whether a local OpenSSH server appears vulnerable to CVE-2023-48795.
# Outputs: VULNERABLE / PATCHED / UNKNOWN
# Exit codes: 0=PATCHED, 1=VULNERABLE, 2=UNKNOWN

set -u

need_cmd() {
  command -v "$1" >/dev/null 2>&1
}

for c in ssh grep awk sed; do
  if ! need_cmd "$c"; then
    echo "UNKNOWN - missing required command: $c"
    exit 2
  fi
done

SSHD_BIN=""
for p in /usr/sbin/sshd /sbin/sshd $(command -v sshd 2>/dev/null || true); do
  if [ -n "$p" ] && [ -x "$p" ]; then
    SSHD_BIN="$p"
    break
  fi
done

if [ -z "$SSHD_BIN" ]; then
  echo "UNKNOWN - sshd not found"
  exit 2
fi

# Capture sshd version (stderr on OpenSSH)
SSHD_VER_RAW="$($SSHD_BIN -V 2>&1 | head -n1)"
SSHD_VER="$(printf '%s' "$SSHD_VER_RAW" | sed -n 's/.*OpenSSH_\([0-9][0-9.]*p\{0,1\}[0-9]*\).*/\1/p')"

# Effective config. Requires privileges on some systems.
SSHD_T="$($SSHD_BIN -T 2>/dev/null || true)"
if [ -z "$SSHD_T" ]; then
  echo "UNKNOWN - could not read effective sshd config; run with sudo"
  exit 2
fi

CIPHERS="$(printf '%s\n' "$SSHD_T" | awk '/^ciphers /{print $2}')"
MACS="$(printf '%s\n' "$SSHD_T" | awk '/^macs /{print $2}')"

has_vuln_cipher=0
has_vuln_cbc=0
has_vuln_etm=0

printf '%s' "$CIPHERS" | grep -q '[email protected]' && has_vuln_cipher=1
printf '%s' "$CIPHERS" | grep -Eq '(^|,)(aes[0-9-]*-cbc|3des-cbc)(,|$)' && has_vuln_cbc=1
printf '%s' "$MACS" | grep -q -- '[email protected]' && has_vuln_etm=1

# Probe localhost for strict-kex advertisement. This does not require auth success.
STRICT_KEX=0
PROBE_OUT="$(ssh -vv \
  -o BatchMode=yes \
  -o StrictHostKeyChecking=no \
  -o UserKnownHostsFile=/dev/null \
  -o ConnectTimeout=5 \
  -o PreferredAuthentications=none \
  -p 22 localhost true 2>&1 || true)"

printf '%s' "$PROBE_OUT" | grep -q '[email protected]' && STRICT_KEX=1

# Helper: compare upstream-ish OpenSSH versions only. Backports may make this conservative.
ver_ge_96=0
case "$SSHD_VER" in
  9.6*|9.7*|9.8*|9.9*|10.*)
    ver_ge_96=1
    ;;
esac

# Decision logic:
# 1) If strict-kex is advertised by the local server, treat as PATCHED.
# 2) Else if upstream version is >=9.6, treat as PATCHED.
# 3) Else if affected algorithms are exposed, treat as VULNERABLE.
# 4) Else UNKNOWN because distro backports / custom configs may apply.
if [ "$STRICT_KEX" -eq 1 ]; then
  echo "PATCHED - server advertises strict kex (mitigation for CVE-2023-48795)"
  exit 0
fi

if [ "$ver_ge_96" -eq 1 ]; then
  echo "PATCHED - OpenSSH version appears to be 9.6 or newer ($SSHD_VER_RAW)"
  exit 0
fi

if [ "$has_vuln_cipher" -eq 1 ] || { [ "$has_vuln_cbc" -eq 1 ] && [ "$has_vuln_etm" -eq 1 ]; }; then
  echo "VULNERABLE - no strict kex detected and affected algorithms are enabled"
  exit 1
fi

echo "UNKNOWN - no strict kex detected, but enabled algorithms do not clearly show an exploitable profile; verify distro backports manually"
exit 2

Sources

1. NVD CVE-2023-48795
2. OpenSSH 9.6 release notes
3. Terrapin attack disclosure on oss-security
4. Terrapin research paper PDF
5. RUB-NDS Terrapin proof-of-concept artifacts
6. Ubuntu USN-6560-1 OpenSSH vulnerabilities
7. Debian DSA-5586-1 openssh security update
8. CISA Known Exploited Vulnerabilities Catalog