Views:

This vulnerability has been reported to impact the following OpenSSH server versions:

  • OpenSSH versions between 8.5p1 - 9.8p1
  • In addition, OpenSSH versions lower than 4.4p1 if they have not been patched against either CVE-2006-5051 or CVE-2008-4109


At the present time, while there are reports of a public POC, there are no known actual exploits in the wild against this vulnerability.

 

Trend Micro Protection and Detection Against Exploitation


First and foremost, it is always recommended that users apply vendor-specific patches when they are available.  In this case, customers are recommended to update to the latest version of OpenSSH available, version 9.8p1 or later.

At the moment, Trend Micro is actively looking to see if there are any relevant detection/protection that can be proactively applied against any future potential exploits due to the specific race condition of this vulnerability.  If/when anything feasible is found, this article will be updated.

 

Trend Micro Products/Services Potentially Affected


Trend Micro is currently doing a system-wide inventory/investigation to see if any Trend Micro products and/or services may be affected by these vulnerabilities.

At this time, we have not seen any instances or scenarios that can lead to successful exploitation of either of the vulnerabilities in our products or services.

Below is the confirmed list of unaffected products.  Products not listed may still be under investigation, and any additional information will be added here as necessary.
 

 
Several 3rd party vulnerability scanners may flag some of the following products as "affected" by one of these vulnerabilities. It is important to note that many, if not all, of these vulnerability scanners only search for library or component versions and DO NOT or CANNOT take into consideration the actual configuration, context and/or scenarios that make a certain component "vulnerable" to a particular exploit.

In our analysis, Trend Micro takes into account the entire scenario necessary to exploit a particular vulnerability in making a determination of whether or not a particular product may be vulnerable to a specific vulnerability.  In this case, any flagging by a 3rd party vulnerability scanner on one of the mentioned products that are marked "Not Affected" should be treated as a False Positive.
 

 

Trend Micro Product/Service Status
Apex Central Not Affected
Apex One (on premise) Not Affected
Apex One as a Service (SaaS) Not Affected
Cloud One - Endpoint Workload Security Not Affected
Cloud Edge Not Affected
Cloud One - Network Security Not Affected
Cloud Security Posture Management (CSPM) Not Affected
Deep Discovery Email Inspector

Affected

Please contact support for updated module

Deep Discovery Inspector

 Affected - Versions 6.5 and above*

Please contact support for updated module

*(Note that SSH is not enabled by default but can be from web console or preconfig console)

Deep Security Not Affected
Interscan Web Security Virtual Appliance Not Affected
Interscan Messaging Security Virtual Appliance Not Affected
Interscan Messaging Security Not Affected
Safe Lock Not Affected
Service Gateway 

Affected

Please configure Service Gateway to auto-update to version 3.0.10 or above 

ServerProtect for Linux Not Affected
ScanMail for Exchange Not Affected
Smart Protection Service Not Affected
Smart Protection Server Not Affected
TippingPoint TPS Not Affected
TippingPoint Virtual TPS Not Affected
TMEMS Not Affected
TMMS OEM for Android Not Affected
TMNAS Not Affected
TMPM Not Affected
TMRM Not Affected
Trend Micro Web Gateway

Affected (On-premise gateway)

Update to version 3.9.5.5840 or above

Trend Micro IoT Security for Surveillance Cameras (TMIS) Not Affected
Vision One Email and Collaboration Security - Cloud Email Gateway Protection   Not Affected
Vision One Automation Center Not Affected
Worry-Free Business Security (on premise) Not Affected
Worry-Free Business Security Services (WFBSS) Not Affected
Zero Trust Secure Access - Internet Access Not Affected