Details about vulnerability CVE-2023-48795.
Product: Flowmon OS
Is the Flowmon OS affected by vulnerability CVE-2023-48795?
|Steps to Reproduce:
A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure in OpenSSH 9.5 against keystroke timing attacks.
Flowmon is affected, but the severity is very low. The most significant identified impact is that it enables a MITM to delete the SSH2_MSG_EXT_INFO message sent before SSH authentication begins. This allows the attacker to disable a subset of keystroke timing obfuscation features. However, there is no other observable impact on session secrecy or integrity.
The solution of this CVE will be present in Flowmon OS 13. It is also possible to mitigate the CVE by installing the hotfix package in Configuration Center - Versions - Import package in Flowmon OS 12.