vulnerability
Aruba ECOS: CVE-2023-48795: Terrapin Attack Vulnerability in OpenSSH Impacting HPE Aruba Networking EdgeConnect SD-WAN
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:M/Au:N/C:N/I:C/A:N) | Jul 23, 2024 | Mar 17, 2025 | Jul 3, 2025 |
Severity
7
CVSS
(AV:N/AC:M/Au:N/C:N/I:C/A:N)
Published
Jul 23, 2024
Added
Mar 17, 2025
Modified
Jul 3, 2025
Description
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. The impact of this vulnerability on HPE Aruba Networking EdgeConnect SD-WAN gateways has not been confirmed, but the version of OpenSSH in ECOS software has been upgraded for mitigation.
Solution
aruba-ecos-cve-2023-48795
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.