Trend Micro products and the CCS Injection Vulnerability – [CVE-2014-0224] OpenSSL Vulnerability

Product / Version includes:

Deep Security8.0 , Control Manager6.0

Last updated: 2021/10/10

Solution ID: KA-0004227

Category: Troubleshoot , Remove a Malware / Virus

Summary

What is the CCS Injection Vulnerability?

The CCS Injection Vulnerability (CVE-2014-0224) is a serious vulnerability in the popular OpenSSL cryptographic software library. OpenSSL is an implementation of the SSL/TLS encryption protocol used to protect the privacy of Internet communication. OpenSSL is used by many websites and other applications such as email, instant messaging, and VPNs.

In certain versions of OpenSSL, an attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. This can be exploited by a man-in-the-middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server.

Who is impacted by the CCS Injection Vulnerability?

Recent reports indicate that this vulnerability has existed for at least ten (10) years but was only just discovered, and due to the number of organizations that have deployed servers running OpenSSL, companies who were concerned or affected by the recent Heartbleed bug may also want to take serious note of this vulnerability.

OpenSSL versions said to be affected include:

versions before 0.9.8za
1.0.0 before 1.0.0m
1.0.1 before 1.0.1h

Preliminary reports have noted that it is very difficult, if not impossible, to determine if an attack has occurred in the past because it leaves virtually no trace. Accordingly, even if an organization is not currently vulnerable, it may have been in the past and it should therefore take immediate steps to remediate if they have deployed the vulnerable OpenSSL versions.

Since some Trend Micro products may be using the affected OpenSSL version, these products may be affected by this vulnerability. This article contains the list of products that are affected and the recommended action to take to eliminate the risks as they are identified and corrected.

For your external references:

What Trend Micro products are not affected?

Product	Version	Affected?	Notes
Advanced Reporting and Management for InterScan Web Security (ARM)	1.5	No	0.9.8b
Advanced Reporting and Management for InterScan Web Security (ARM)	1.6	No	1.0.0b
Control Manager (TMCM)	5.5, 6.0, 6.0 SP1	No	0.9.6m, 1.0.1g
Core Protection Module (CPM) - ESP	10.5, 10.6, 10.6 SP1, 10.6 SP2	No	Not using OpenSSL
Core Protection Module (CPM) for Mac	1.1	No	Not using OpenSSL
Cisco Content Security and Control Security Services Module (Stargate)	6.6	No	Not using OpenSSL
Damage Cleanup Services (DCS)	3.2	No	Not using OpenSSL
Deep Discovery Email Inspector (DDEI)	2.0 SP1	No	v1.0.1h
Deep Discovery Inspector (DDI)	3.0, 3.1	No	1.0.0d
Deep Discovery Inspector (DDI)	3.2, 3.5, 3.6	No	1.0.0j
Deep Security for Web Apps	2.0	No	Not using OpenSSL
DirectPass	1.8	No	Not using OpenSSL
Data Loss Prevention (DLP) Endpoint	5.0J, 5.2J, 5.5, 5.6	No	0.9.7a, 1.0.0c
Email Security Platform for Service Providers - White Label	3.0	No	0.9.8e-fips-rhel5
Email Security Platform for Service Providers - White Label (EMSP-SP - NTT-C)	3.2	No	0.9.8e
InterScan Messaging Security Suite (IMSS)	7.0 Linux	No	0.9.8j
InterScan Messaging Security Suite (IMSS)	7.1 Linux	No	0.9.8x
InterScan VirusWall (ISVW)	6.02 Linux, 7.0 Win	No	0.9.8
InterScan Web Security Suite (IWSS)	3.1 Sol JP, Linux EN/JP, Win EN/JP	No	0.9.7d
InterScan Web Security Suite (IWSS)	5.6 Linux JP	No	1.0.0b
InterScan Web Security Virtual Appliance (IWSVA)	5.5 EN	No	0.9.8a
	5.6 EN/JP/SC	No	1.0.0b
	6.0 SP1 EN	No	1.0.0j
Mobile Security (TMMS)	1.2, 2.0, 2.1, 2.2, 2.5, 2.6, 3.0, 3.1, 3.5, 5.0	No	Not using OpenSSL
OfficeScan (OSCE)	10.5, 10.6, 10.6 SP1, 10.6 SP2, 10.6 SP3, 11.0	No	0.9.6l
Portable Security (TMPS)	2.0	No	1.0.1g
Portable Security (TMPS)	1.0, 1.1, 1.5	No	Not using OpenSSL
PortalProtect	2.0, 2.1	No	1.0.0a
Safe Lock (TMSL)	1.0?, 1.1	No	Not using OpenSSL
SafeSync	5.0	No	Not using OpenSSL
SafeSync for Business	5.1	No	1.0.1-4ubuntu5.14
Smart Protection Server (TMSPS)	2.0, 2.5, 2.6	No	0.9.8q
Smart Protection Server (TMSPS)	3.0	No	v0.9.8q
Smart Surfing for MAC	1.6	No	Not using OpenSSL
ScanMail for Microsoft Exchange (SMEX)	10.2, 10.2 SP2, 11.0	No	1.0.0a
ScanMail for Lotus Domino (SMLD)	3.0, 3.1, 5.0, 5.5	No	Not using OpenSSL
Security for NAS (TMNAS)	1.0, 1.1	No	1.0.0
ServerProtect for Windows (SPNT)	5.7, 5.8	No	Not using OpenSSL
Threat Discovery Appliance (TDA)	2.55	No	0.9.8
	2.58	No	1.0.1g
	2.6	No	1.0.0
	2.6 SP1	No	1.0.0d
Threat Mitigator (TMTM)	2.58	No	1.0.0L
Threat Mitigator (TMTM)	2.6	No	0.9.8h
TMEE Data Armor	3.0?, 5.0	No	Not using OpenSSL
TMEE Drive Armor	3.0?, 5.0	No	Not using OpenSSL
TMEE File Armor	3.0?, 5.0	No	Not using OpenSSL
TMEE Key Armor	3.0?, 5.0	No	Not using OpenSSL
TMEE Policy Server	3.1?, 5.0	No	Not using OpenSSL
Trend Micro Online Guardian (TMOG)	1.0, 1.5, 1.6, 1.8	No	Not using OpenSSL
Trend Micro Security for Macintosh (TMSM)	2.0, 2.0 SP1, 2.1	No	1.0.1e
USB Security (TMUSB)	1.1, 1.3, 2.0	No	Not using OpenSSL
Worry-Free Business Security (WFBS)	7.0	No	0.9.8i
	8.0	No	1.0.0a
	9.0	No	1.0.1g
Worry-Free Business Security Services (WFBS-SVC)	5.3 SP1	No	1.0.1e
Worry-Free Remote Manager (WFRM)	2.5, 2.6, 3.0, 3.1	No	1.0.0

What if my product is not listed?

If the product has not reached End-of-Support, it is most likely that Trend Micro is still analyzing the vulnerability and its impact on your product. As soon as the analysis is completed, the product will be added in the list.

What if I have additional questions?

For additional inquiries, contact Technical Support.

Was this article helpful?

Featured

Automation Center

Education Portal

Online Help Center

Service Status

TrendConnect

Trend Micro products and the CCS Injection Vulnerability – [CVE-2014-0224] OpenSSL Vulnerability

Trend Micro products and the CCS Injection Vulnerability – [CVE-2014-0224] OpenSSL Vulnerability

Product / Version includes:

Summary