Detections
Analytics

Palo Alto Networks Prisma SD-WAN ION 5.6.x < 5.6.19 / 6.1.x < 6.1.8 / 6.2.x / 6.3.x < 6.3.2 SSH Prefix Truncation (Terrapin) (CVE-2023-48795)

medium Nessus Plugin ID 298997

Synopsis

The remote Palo Alto Networks Prisma SD-WAN ION host is affected by an SSH prefix truncation vulnerability.

Description

The version of the remote Palo Alto Networks Prisma SD-WAN ION device is 5.6.x prior to 5.6.19, 6.1.x prior to 6.1.8, 6.2.x, or 6.3.x prior to 6.3.2. It is, therefore, affected by an SSH prefix truncation vulnerability known as Terrapin:

 - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. (CVE-2023-48795)

Note that Nessus has not tested for this issue but has instead relied only on the device's self-reported version number.

Solution

Upgrade to Palo Alto Networks Prisma SD-WAN ION version 5.6.19, 6.1.8, or 6.3.2 or later.

See Also

https://security.paloaltonetworks.com/CVE-2023-48795

Plugin Details

Severity: Medium

ID: 298997

File Name: palo_alto_prisma_sd-wan_ion_CVE-2023-48795.nasl

Version: 1.1

Type: local

Published: 2/13/2026

Updated: 2/13/2026

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.1

CVSS v2

Risk Factor: Medium

Base Score: 5.4

Vector: CVSS2#AV:N/AC:H/Au:N/C:N/I:C/A:N

CVSS Score Source: CVE-2023-48795

CVSS v3

Risk Factor: Medium

Base Score: 5.9

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS v4

Risk Factor: Medium

Base Score: 6

Vector: CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Vulnerability Information

CPE: cpe:/o:paloaltonetworks:prisma_ion_os, cpe:/h:paloaltonetworks:prisma_ion

Required KB Items: installed_sw/Palo Alto Networks Prisma ION

Patch Publication Date: 1/8/2024

Vulnerability Publication Date: 1/8/2024

Reference Information

CVE: CVE-2023-48795