Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

OpenSSH Vulnerability Response

    • Updated:
    • 7 Feb 2019
    • Product/Version:
    • TippingPoint IPS N-series All
    • TippingPoint IPS NX-series All
    • TippingPoint IPS S-series All
    • Platform:
OpenSSH Vulnerability Response
The Trend Micro TippingPoint S-Series, N-Platform and NX Intrusion Prevention Systems (IPS) implement customized versions of SSH that advertise standard banners in order to best interoperate with all SSH clients. The SSH implementations within TippingPoint IPS models have been customized due to the fact that they have been ported to the VxWorks operating system. Therefore, there are no perfectly equivalent OpenSSH version numbers with which to compare.

The vulnerability assessment report indicates that S-Series, N and NX management port may be vulnerable to the vulnerabilities it found. Trend Micro TippingPoint has revisited its analysis of these potential vulnerabilities against the SSH implementations available in the most current TOS release for our S-Series, N and NX models. These TOS versions use the third party libraries SSHield 2.2.0 from Team F1, which are based on OpenSSH 3.5p1.

The responses to the individual vulnerability warnings are based on information from Trend Micro TippingPoint’s library vendor (Team F1). The analysis concluded that Trend Micro TippingPoint’s S-Series, N and NX Platform IPS models are not susceptible to any of the SSH vulnerabilities highlighted by the network scanning software.

It is important to note that the IPS is an inline Layer 2 device with no MAC address or IP address in the data path. Any potential vulnerability could only be exploited on its management port. Trend Micro TippingPoint therefore recommends that all customers secure network access to the management port of their IPS using an ACL or a management VLAN.

Also important to highlight is that VA scanning tools generally read the advertised banner version and simply infer potential vulnerabilities that could be present. Only a tool that actually attempts to exploit an SSH weakness could provide a definitive statement as to the vulnerability of a product. Trend Micro TippingPoint is not aware of any SSH attacks having been successfully launched against any of our customers’ IPS systems.

If you have concerns or further questions regarding this issue, contact the Trend Micro TippingPoint Technical Assistance Center (TAC).

Thank you,
Trend Micro TippingPoint
Solution Id:
Did this article help you?

Thank you for your feedback!

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.