Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

OpenSSH/OpenSSL Vulnerability Response

    • Updated:
    • 22 Sep 2017
    • Product/Version:
    • TippingPoint IPS N-series All
    • TippingPoint IPS NX-series All
    • TippingPoint IPS S-series All
    • Platform:
Summary
OpenSSH/OpenSSL Vulnerability Response
Details
Public
To: Trend Micro TippingPoint Customers

The Trend Micro TippingPoint S-Series, N and NX Platform Intrusion Prevention Systems (IPS) systems implement customized versions of SSH & SSL that advertise standard banners in order to best interoperate with all SSH & SSL clients. The SSH & SSL implementations within TippingPoint IPS models have been customized due to the fact that they have been ported to the VxWorks operating system. Therefore, there are no perfectly equivalent OpenSSH or OpenSSL version numbers with which to compare.

The vulnerability assessment report indicates that S-Series, N and NX Platform management port may be vulnerable to the vulnerabilities it found. Trend Micro TippingPoint has revisited its analysis of these potential vulnerabilities against the SSH & SSL implementations available in the most current TOS release for our S-Series, N and NX Platform models. These TOS versions use the third party libraries SSHield 2.2.0 and SSlimSecure 3.0 from Team F1, which are based on OpenSSH 3.5p1 and OpenSSL 1.0.2k respectively.

The responses to the individual vulnerability warnings are based on information from Trend Micro TippingPoint’s library vendor (Team F1). The analysis concluded that Trend Micro TippingPoint’s S-Series, N and NX Platform IPS models are not susceptible to any of the SSH or SSL vulnerabilities highlighted by the network scanning software.

It is important to note that the IPS is an inline Layer 2 device with no MAC address or IP address in the data path. Any potential vulnerability could only be exploited on its management port. Trend Micro TippingPoint therefore recommends that all customers secure network access to the management port of their IPS using an ACL or a management VLAN.

Also important to highlight is that VA scanning tools generally read the advertised banner version and simply infer potential vulnerabilities that could be present. Only a tool that actually attempts to exploit an SSH or SSL weakness could provide a definitive statement as to the vulnerability of a product. Trend Micro TippingPoint is not aware of any SSH or SSL attacks having been successfully launched against any of our customers’ IPS systems.

If you have concerns or further questions regarding this issue, contact the Trend Micro TippingPoint Technical Assistance Center (TAC).

Thank you,
Trend Micro TippingPoint
Premium
Internal
Rating:
Category:
Troubleshoot
Solution Id:
TP000090626
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.