Safeguard
Vulnerability Analysis

CVE-2023-48795: Terrapin attack affecting paramiko SSH ex...

The Terrapin attack (CVE-2023-48795) lets on-path attackers truncate SSH extension negotiation, downgrading security in paramiko and other SSH implementations.

Aman Khan
AppSec Engineer
8 min read

A prefix-truncation flaw in the SSH transport protocol — nicknamed the Terrapin attack — lets a man-in-the-middle attacker delete or splice messages sent early in an SSH connection without either endpoint noticing. Tracked as CVE-2023-48795, the issue is not a bug in one library; it is a weakness in how the SSH Binary Packet Protocol combined with certain encryption modes handles sequence numbers during the handshake. Because paramiko, the widely used pure-Python SSH implementation, supports the affected cipher and MAC combinations, it shipped a fix alongside OpenSSH and most other major SSH stacks. The practical impact for most deployments is a downgrade of connection security rather than full compromise: an attacker positioned on the network path can strip the SSH extension-negotiation message (RFC 8308) that clients and servers use to advertise support for stronger signature algorithms and countermeasures, quietly forcing a fallback to weaker options and, in a narrower set of configurations, degrading keystroke-timing obfuscation used by some interactive clients.

What the Terrapin attack actually does

SSH secures data in transit using sequence numbers to detect injected, dropped, or reordered packets. Terrapin abuses an interaction between this sequence-number counter and specific encryption modes — namely the chacha20-poly1305@openssh.com cipher, and CBC ciphers used with -etm@openssh.com (encrypt-then-MAC) MAC algorithms. Under these modes, a network attacker who can intercept and modify traffic during the initial key exchange can strip a specific number of messages from the very start of the encrypted stream and adjust sequence numbers so that neither client nor server detects the tampering. The prime target is the optional SSH_MSG_EXT_INFO message, which is sent immediately after key exchange to negotiate extension capabilities such as the server-sig-algs extension (used to signal support for RSA/SHA-2 signatures) or, in some client implementations, terminal-related countermeasure extensions.

By silently dropping this message, an attacker can push a connection toward legacy signature algorithms or disable specific protections, without breaking the encrypted channel or being visible to either party. Terrapin does not allow decryption of SSH traffic, arbitrary command injection, or authentication bypass on its own — it is a targeted protocol-downgrade primitive that requires an active on-path attacker, not a passive eavesdropper or a remote attacker without network positioning.

The vulnerability was discovered and responsibly disclosed by researchers at Ruhr University Bochum (Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk), who coordinated with the OpenSSH team and other affected SSH implementations before publishing details and a companion vulnerability scanner.

Affected versions and components

CVE-2023-48795 is a protocol-level weakness affecting any SSH client or server that negotiates the vulnerable cipher/MAC combinations without a countermeasure. In the paramiko ecosystem, this means:

  • paramiko versions prior to the release that introduced the "strict kex" extension (kex-strict-c-v00@openssh.com / kex-strict-s-v00@openssh.com) are exposed when connecting to peers that also lack the fix, because the mitigation only fully engages when both sides advertise support for it.
  • Connections using chacha20-poly1305@openssh.com, or any *-cbc cipher paired with an *-etm@openssh.com MAC, are the exploitable configurations. Sessions negotiated purely with AES-GCM are not affected by the core truncation primitive.
  • The issue is not unique to paramiko — it affects the SSH protocol as implemented across OpenSSH, PuTTY, libssh, Twisted Conch, AsyncSSH, Dropbear, and numerous other clients and servers, each of which needed and largely shipped its own patch.

Because paramiko underpins tools like Fabric, Ansible (in some configurations), Netmiko, and many CI/CD and infrastructure-automation scripts, any pipeline that uses an outdated paramiko dependency to reach SSH endpoints inherits the exposure, particularly where automation runs across untrusted or shared networks (cloud provider backbones, VPNs, bastion hops).

CVSS, EPSS, and KEV context

NVD's published CVSS v3.1 base score for CVE-2023-48795 is 5.9 (Medium), reflecting a network attack vector that requires high attack complexity (an active on-path position) and no privileges or user interaction, with an integrity impact but no confidentiality or availability impact — consistent with the vulnerability's nature as a downgrade/truncation issue rather than a full compromise primitive. EPSS scoring for this CVE has generally sat in the low range, consistent with the fact that exploitation requires active network interposition rather than a remotely scannable weakness. As of this writing, CVE-2023-48795 does not appear on CISA's Known Exploited Vulnerabilities (KEV) catalog; there are no confirmed reports of in-the-wild exploitation, and the practical bar for exploitation — sustained MITM positioning against an SSH session — is meaningfully higher than for typical remotely exploitable bugs. That said, "Medium" severity and no confirmed exploitation should not be read as "ignore this": SSH is a foundational trust boundary for infrastructure access, and downgrade attacks against it have historically been stepping stones for more targeted follow-on attacks once an attacker already has network position (e.g., on compromised Wi-Fi, a malicious ISP hop, or a compromised network device).

Timeline

  • Pre-disclosure: Researchers at Ruhr University Bochum identified the prefix-truncation weakness in the SSH transport protocol and began coordinated disclosure with the OpenSSH team and other major SSH implementation maintainers, allowing vendors to prepare patches ahead of public release.
  • December 18, 2023: Public disclosure of the Terrapin attack, accompanied by the assignment of CVE-2023-48795, an academic paper, and a companion scanner tool (terrapin-scanner) that administrators could use to test whether a given SSH server or client was vulnerable.
  • Coordinated patch releases: OpenSSH shipped version 9.6, introducing the strict-kex extension negotiation as the primary mitigation. Paramiko released a fixed version implementing the same kex-strict-c-v00@openssh.com / kex-strict-s-v00@openssh.com strict key-exchange extension shortly after disclosure, alongside similar updates from PuTTY, libssh, Dropbear, AsyncSSH, and other maintainers.
  • Ongoing: Because the mitigation is only fully effective when both peers in a connection support strict kex, remediation has been a gradual rollout — organizations running older SSH clients or servers, or pinning older paramiko versions, remain exposed to downgrade behavior when talking to unpatched peers even after the fix is broadly available.

Remediation steps

  1. Upgrade paramiko to a version that implements the strict key-exchange countermeasure. Check your dependency lockfiles (requirements.txt, Pipfile.lock, poetry.lock, or equivalent) for any pinned paramiko version predating the Terrapin fix, and update pinned ranges in CI/CD pipelines, not just local developer environments.
  2. Patch both ends of every SSH connection. Strict kex only fully neutralizes the attack when client and server both advertise support. Audit SSH servers (OpenSSH, network appliances, embedded devices, cloud bastion hosts) alongside client libraries — a patched paramiko client talking to an unpatched legacy server is still exposed.
  3. Inventory indirect exposure. Identify tools and frameworks that vendor or depend on paramiko — Fabric, Netmiko, certain Ansible connection plugins, custom automation scripts, and internal deployment tooling — and confirm they resolve to a patched paramiko release rather than a bundled or cached older copy.
  4. Restrict weak algorithm negotiation where feasible. If your environment can tolerate it, prefer AES-GCM cipher suites over chacha20-poly1305 and CBC+ETM combinations until you've confirmed strict-kex support across your fleet, reducing exposure even against unpatched peers.
  5. Scan your SSH surface. Use the researchers' terrapin-scanner or equivalent SSH configuration auditing tooling against externally and internally reachable SSH endpoints (servers and, where possible, clients) to confirm strict-kex is negotiated and vulnerable algorithm-only configurations are not silently in use.
  6. Treat this as a supply-chain dependency issue, not just an app-code issue. Because the exposure lives in a transitive dependency (paramiko) rather than in code your team wrote, standard code review and SAST scanning won't catch it — you need dependency-level visibility across every repository and pipeline that pulls in an SSH library, directly or indirectly.

How Safeguard Helps

CVE-2023-48795 is a textbook example of the risk that lives below the application layer: a widely reused library, embedded in dozens of higher-level tools, silently carrying a protocol-level weakness that ordinary code review will never surface. Safeguard is built to close exactly this gap across the software supply chain.

  • Continuous SCA and SBOM visibility identifies every repository, service, and CI/CD pipeline that pulls in paramiko — directly or as a transitive dependency through frameworks like Fabric or Netmiko — so you don't have to manually chase down which teams are exposed.
  • Vulnerability prioritization surfaces CVE-2023-48795 alongside real-world context — CVSS, exploitability signals, and whether both sides of an affected connection are patched — so security and platform teams can triage based on actual risk rather than raw CVE counts.
  • Policy-driven remediation workflows let you enforce minimum paramiko (and OpenSSH) versions across pipelines, flag pinned or vendored dependencies that predate the fix, and track remediation to closure instead of relying on a one-time scan.
  • Attestation and provenance tracking give you an audit trail showing when vulnerable dependencies were identified, patched, and verified — evidence that matters for SOC 2 and other compliance frameworks when an auditor asks how you manage known SSH-related CVEs across your infrastructure.

Protocol-level vulnerabilities like Terrapin rarely make headlines the way remote code execution bugs do, but they erode the trust assumptions that infrastructure automation depends on. Safeguard helps you find every place that trust assumption is still unpatched — before an attacker with network position does.

Never miss an update

Weekly insights on software supply chain security, delivered to your inbox.