The Trend Micro TippingPoint S-Series, N and NX Platform Intrusion Prevention Systems (IPS) systems implement customized versions of SSH & SSL that advertise standard banners in order to best interoperate with all SSH & SSL clients. The SSH & SSL implementations within TippingPoint IPS models have been customized due to the fact that they have been ported to the VxWorks operating system. Therefore, there are no perfectly equivalent OpenSSH or OpenSSL version numbers with which to compare.
The vulnerability assessment report indicates that S-Series, N and NX Platform management port may be vulnerable to the vulnerabilities it found. Trend Micro TippingPoint has revisited its analysis of these potential vulnerabilities against the SSH & SSL implementations available in the most current TOS release for our S-Series, N and NX Platform models. These TOS versions use the third party libraries SSHield 2.2.0 and SSlimSecure 3.0 from Team F1, which are based on OpenSSH 3.5p1 and OpenSSL 1.0.2k respectively.
The responses to the individual vulnerability warnings are based on information from Trend Micro TippingPoint’s library vendor (Team F1). The analysis concluded that Trend Micro TippingPoint’s S-Series, N and NX Platform IPS models are not susceptible to any of the SSH or SSL vulnerabilities highlighted by the network scanning software.
It is important to note that the IPS is an inline Layer 2 device with no MAC address or IP address in the data path. Any potential vulnerability could only be exploited on its management port. Trend Micro TippingPoint therefore recommends that all customers secure network access to the management port of their IPS using an ACL or a management VLAN.
Also important to highlight is that VA scanning tools generally read the advertised banner version and simply infer potential vulnerabilities that could be present. Only a tool that actually attempts to exploit an SSH or SSL weakness could provide a definitive statement as to the vulnerability of a product. Trend Micro TippingPoint is not aware of any SSH or SSL attacks having been successfully launched against any of our customers’ IPS systems.
If you have concerns or further questions regarding this issue, contact the Trend Micro TippingPoint Technical Assistance Center (TAC).
Trend Micro TippingPoint