TippingPoint Intrusion Prevention System TippingPoint Operating System(TOS) v3.9.5 公開のお知らせ：サポート情報 : トレンドマイクロ＠脆弱性対応

TippingPoint Intrusion Prevention System TippingPoint Operating System(TOS) v3.9.5 公開のお知らせ：サポート情報 : トレンドマイクロ

TippingPoint Intrusion Prevention System TippingPoint Operating System(TOS) v3.9.5 を以下の通り公開いたしました。
■公開開始日
2019年08月13日(火)
本リリースの対象製品・モデルは以下の通りです。
TippingPoint IPS NX シリーズ(2600NX / 5200NX / 6200NX / 7100NX / 7500NX)
※他の TippingPoint 製品・モデルは本リリースの適用対象外です
詳細については Release Notes(英語)をご覧ください
■入手方法
Trend Micro TippingPoint Threat Management Centerからアップグレード用のモジュールやドキュメントをダウンロード
することができます。
※ログインには事前に TMC アカウントの作成が必要です。
サポート情報 : トレンドマイクロ

Release Contents

Description Reference

This release addresses the following vulnerabilities affecting the NX-Series management network port: CVE-2019-12255, CVE-2019-12258, and CVE-2019-12263. For more information about this issue refer to Product Bulletin #1080. 40306

Known issues

Description Reference

Reference Devices configured to connect to an NTP server using the server hostname no longer connect to the NTP server after a reboot. To avoid this issue, always establish an NTP server connection using the IPv4/ IPv6 address of the NTP server. 118020

Microsoft Edge or Microsoft Internet Explorer might not connect to the LSM. To resolve this issue, use the conf t server TLS command to enable TLS v1.0 on the IPS security device. Be aware that TLS v1.0 is a weak encryption algorithm. Consider using another supported browser instead. For more information about using the conf t server command, refer to the IPS Command Line Interface Reference. 117878

A profile distribution issue can degrade system performance, including dropped packets and a spike in XLR utilization. A filter reset temporarily clears the condition. 124604

Modifying a profile or changing which profile is applied to the ANY-ANY virtual segment of a device, while that device is unmanaged from SMS, can cause an out-of-sync condition when the device is remanaged to the SMS. The recovery for the out-of-sync condition is to reboot the device. To avoid this condition, make changes to the ANY-ANY virtual segment only through the SMS. 124603

Common CIDRs, such as /56 and /64, cannot be used for IPv6 bypass rules. 124529

http://docs.trendmicro.com/all/tip/ips/v3.9.5/en-us/ips_3.9.5_rn.pdf

Description	Reference
This release addresses the following vulnerabilities affecting the NX-Series management network port: CVE-2019-12255, CVE-2019-12258, and CVE-2019-12263. For more information about this issue refer to Product Bulletin #1080.	40306

Description	Reference
Reference Devices configured to connect to an NTP server using the server hostname no longer connect to the NTP server after a reboot. To avoid this issue, always establish an NTP server connection using the IPv4/ IPv6 address of the NTP server.	118020
Microsoft Edge or Microsoft Internet Explorer might not connect to the LSM. To resolve this issue, use the conf t server TLS command to enable TLS v1.0 on the IPS security device. Be aware that TLS v1.0 is a weak encryption algorithm. Consider using another supported browser instead. For more information about using the conf t server command, refer to the IPS Command Line Interface Reference.	117878
A profile distribution issue can degrade system performance, including dropped packets and a spike in XLR utilization. A filter reset temporarily clears the condition.	124604
Modifying a profile or changing which profile is applied to the ANY-ANY virtual segment of a device, while that device is unmanaged from SMS, can cause an out-of-sync condition when the device is remanaged to the SMS. The recovery for the out-of-sync condition is to reboot the device. To avoid this condition, make changes to the ANY-ANY virtual segment only through the SMS.	124603
Common CIDRs, such as /56 and /64, cannot be used for IPv6 bypass rules.	124529