Home
On Premises
Switches
Nvidia KBs
CVE-2023-48795 Vulnerability on NVIDIA switch MSN2100

CVE-2023-48795 Vulnerability on NVIDIA switch MSN2100

Last updated
Save as PDF
Share
1. Share
2. Tweet
3. Share

Views:: 22

Visibility:: Public

Votes:: 0

Category:: ontap-9

Specialty:: hw

Last Updated:

Applies to

ONTAP9
NVIDIA MSN2100 cluster network switches

Issue

A security scan reported vulnerability (CVE-2023-48795) on NVIDIA cluster network switch MSN2100:

tcp 22 SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795)

Observation: SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795)

IP: 10.21.x.xxx Port:22

Description: The remote SSH server is vulnerable to a man-in-the-middle prefix truncation weakness known as Terrapin. This can allow a remote, man-in-the-middle attacker to bypass integrity checks and downgrade the connection's security.

Note that this plugin only checks for remote SSH servers that support either ChaCha20-Poly1305 or CBC with Encrypt-then-MAC and do not support the strict key exchange countermeasures. It does not check for vulnerable software versions.

Recommendation: Contact the vendor for an update with the strict key exchange countermeasures or disable the affected algorithms. The remote SSH server is vulnerable to a man-in-the-middle prefix truncation weakness known as Terrapin. This can allow a remote, man-in-the-middle attacker to bypass integrity checks and downgrade the connection's security.

The affected switches are running Cumulus Linux version 5.4.0