January 11, 2024
RE: CVE-2023-48795 SSH Terrapin Prefix Truncation Weakness vulnerability and implications for INSIGHT DLP Appliances
Note: Unless new information is discovered, the INSIGHT Appliance team will no longer be updating this article.
Dear INSIGHT Appliance Customer,
As you may be aware, on December 18th, 2023, NIST released this Security Advisory(CVE-2023-48795) which discusses the issue identified with OpenSSH extensions, found in OpenSSH before 9.6 and other products, allowing remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack.
Broadcom has yet to release any details on this CVE.
Note: INSIGHT Appliance customers must apply IDACT 3.0-16 when available
Additionally, the INSIGHT Development and Security teams have completed an investigation of this vulnerability and its potential impact on INSIGHT Appliances, Symantec Data Loss Prevention (DLP), and the Oracle Database. As a result of this investigation, the INSIGHT Team can confirm that a fix will automatically applied to all affected v3 INSIGHT Appliances via IDACT 3.0-16.
The articles below can be used for additional reference information: