Cyber Resilience

CVE-2023-48795

MediumPublic PoC

Published: 18 December 2023

Published
18 December 2023
Modified
12 May 2026
KEV Added
Patch
CVSS Score v3.1 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Score 0.9407 99.8th percentile
Risk Priority 80 floored blend · peak EPSS

Summary

CVE-2023-48795 is a medium-severity Improper Validation of Integrity Check Value (CWE-354) vulnerability in Erlang Erlang\/Otp. Its CVSS base score is 5.9 (Medium).

Operationally, ranked in the top 0.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

CVE-2023-48795 is a protocol-level flaw in the SSH Binary Packet Protocol (BPP) handshake that affects OpenSSH before version 9.6 and numerous other implementations, including PuTTY before 0.80, Dropbear through 2022.83, libssh before 0.10.6, Paramiko before 3.4.0, AsyncSSH before 2.14.2, and many additional SSH libraries and products. The vulnerability, known as the Terrapin attack, stems from improper handling of sequence numbers and extension negotiation messages, allowing an attacker to omit packets from the handshake and thereby disable or downgrade integrity protections when ChaCha20-Poly1305 or CBC-with-Encrypt-then-MAC modes are in use.

A remote attacker positioned on the network path between client and server can exploit the flaw during the initial key exchange to strip selected packets without detection, resulting in a connection that has lost certain security properties while still appearing valid to both endpoints. The attack requires no authentication and succeeds against connections that negotiate the affected algorithms, though it is rated medium severity (CVSS 5.9) because of the high attack complexity involved.

Public advisories and coordinated disclosures referenced in the provided URLs describe vendor-specific patches that update the listed products to versions that correctly enforce sequence numbers and resist prefix truncation; operators are advised to apply those updates and, where feasible, prefer algorithms less susceptible to the prefix truncation technique.

EPSS for this CVE rose sharply from a low baseline to a peak of 0.9548 on 2025-01-22 before receding to the current value of 0.5300, indicating that exploitation interest increased substantially after public disclosure.

EU & UK References

Vulnerability details

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may…

more

consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.

CWE(s)

Related Threats

CVEs Like This One

CVE-2014-0160Same product: Debian Debian Linux
CVE-2025-54309Same product: Crushftp Crushftp
CVE-2023-53959Same product: Filezilla-Project Filezilla Client
CVE-2026-24751Same product class: managed file transfer
CVE-2026-24750Same product class: managed file transfer
CVE-2026-8488Same product class: managed file transfer
CVE-2026-28272Same product class: managed file transfer
CVE-2025-13444Same product class: managed file transfer
CVE-2023-34362Same product class: managed file transfer
CVE-2026-24752Same product class: managed file transfer

Affected Assets

openbsd
openssh
≤ 9.6
putty
putty
≤ 0.80
filezilla-project
filezilla client
≤ 3.66.4
panic
transmit 5
≤ 5.10.4
panic
nova
≤ 11.8
roumenpetrov
pkixssh
≤ 14.4
winscp
winscp
≤ 6.2.2
bitvise
ssh client
≤ 9.33
bitvise
ssh server
≤ 9.32
lancom-systems
lcos
≤ 3.66.4
+58 more product configuration(s) — see NVD for full list

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-354

Proper validation of integrity check values is required for reliable tamper detection, directly reducing undetected modification risks.

addresses: CWE-354

Requires validation of integrity check values on every resolution response, directly mitigating tampered or corrupted DNS data.

addresses: CWE-354

Control mandates proper validation of integrity values (checksums) on prepared data, making flawed validation of those checks ineffective for attackers.

addresses: CWE-354

Requires use of proper integrity verification tools, reducing the chance an incorrect check value is accepted.

addresses: CWE-354

Requires proper validation of integrity mechanisms, directly mitigating flawed check-value handling.

References