This vulnerability has been reported to impact the following OpenSSH server versions:
- OpenSSH versions between 8.5p1 - 9.8p1
- In addition, OpenSSH versions lower than 4.4p1 if they have not been patched against either CVE-2006-5051 or CVE-2008-4109
At the present time, while there are reports of a public POC, there are no known actual exploits in the wild against this vulnerability.
Trend Micro Protection and Detection Against Exploitation
First and foremost, it is always recommended that users apply vendor-specific patches when they are available. In this case, customers are recommended to update to the latest version of OpenSSH available, version 9.8p1 or later.
At the moment, Trend Micro is actively looking to see if there are any relevant detection/protection that can be proactively applied against any future potential exploits due to the specific race condition of this vulnerability. If/when anything feasible is found, this article will be updated.
Trend Micro Products/Services Potentially Affected
Trend Micro is currently doing a system-wide inventory/investigation to see if any Trend Micro products and/or services may be affected by these vulnerabilities.
At this time, we have not seen any instances or scenarios that can lead to successful exploitation of either of the vulnerabilities in our products or services.
Below is the confirmed list of unaffected products. Products not listed may still be under investigation, and any additional information will be added here as necessary.
In our analysis, Trend Micro takes into account the entire scenario necessary to exploit a particular vulnerability in making a determination of whether or not a particular product may be vulnerable to a specific vulnerability. In this case, any flagging by a 3rd party vulnerability scanner on one of the mentioned products that are marked "Not Affected" should be treated as a False Positive.
| Trend Micro Product/Service | Status |
|---|---|
| Apex Central | Not Affected |
| Apex One (on premise) | Not Affected |
| Apex One as a Service (SaaS) | Not Affected |
| Cloud One - Endpoint Workload Security | Not Affected |
| Cloud Edge | Not Affected |
| Cloud One - Network Security | Not Affected |
| Cloud Security Posture Management (CSPM) | Not Affected |
| Deep Discovery Email Inspector |
Affected Please contact support for updated module |
| Deep Discovery Inspector |
Affected - Versions 6.5 and above* Please contact support for updated module *(Note that SSH is not enabled by default but can be from web console or preconfig console) |
| Deep Security | Not Affected |
| Interscan Web Security Virtual Appliance | Not Affected |
| Interscan Messaging Security Virtual Appliance | Not Affected |
| Interscan Messaging Security | Not Affected |
| Safe Lock | Not Affected |
| Service Gateway |
Affected Please configure Service Gateway to auto-update to version 3.0.10 or above |
| ServerProtect for Linux | Not Affected |
| ScanMail for Exchange | Not Affected |
| Smart Protection Service | Not Affected |
| Smart Protection Server | Not Affected |
| TippingPoint TPS | Not Affected |
| TippingPoint Virtual TPS | Not Affected |
| TMEMS | Not Affected |
| TMMS OEM for Android | Not Affected |
| TMNAS | Not Affected |
| TMPM | Not Affected |
| TMRM | Not Affected |
| Trend Micro Web Gateway |
Affected (On-premise gateway) Update to version 3.9.5.5840 or above |
| Trend Micro IoT Security for Surveillance Cameras (TMIS) | Not Affected |
| Vision One Email and Collaboration Security - Cloud Email Gateway Protection | Not Affected |
| Vision One Automation Center | Not Affected |
| Worry-Free Business Security (on premise) | Not Affected |
| Worry-Free Business Security Services (WFBSS) | Not Affected |
| Zero Trust Secure Access - Internet Access | Not Affected |