https://community.checkpoint.com/t5/Firewall-and-Security-Management/Check-Point-vulnerable-to-Apache-CVes-sk176113/m-p/134088#M20040 <P>Hello,</P><P>This is a question regarding the latest Apache CVE`es, more specifically CVE-2021-41773 &amp; CVE-2021-42013<BR />Check Point has released "sk176113" with a hotfix that is supported on most (not all) major versions/platforms on the latest Jumbo.</P><P>The sk176113 states that "No CVE in the list below may compromise Check Point products" and the sk has Medium Severity<BR />with little information on which products/functionality that may be vulnerable/exploitable.</P><P>Does this actually mean that all Check Point versions from R80.10 are vulnerable and needs to be patched ASAP ?</P><P>Would have thought that this would be a "Very Critical" sk with alarms to all partners and customers and not just a "Medium" sk if that was the case ?</P><P>Thanks!</P><P>&nbsp;</P><P>Regards.&nbsp;<BR />Petter D</P> Mon, 15 Nov 2021 15:37:06 GMT PetterD 2021-11-15T15:37:06Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Check-Point-vulnerable-to-Apache-CVes-sk176113/m-p/134088#M20040 <P>Hello,</P><P>This is a question regarding the latest Apache CVE`es, more specifically CVE-2021-41773 &amp; CVE-2021-42013<BR />Check Point has released "sk176113" with a hotfix that is supported on most (not all) major versions/platforms on the latest Jumbo.</P><P>The sk176113 states that "No CVE in the list below may compromise Check Point products" and the sk has Medium Severity<BR />with little information on which products/functionality that may be vulnerable/exploitable.</P><P>Does this actually mean that all Check Point versions from R80.10 are vulnerable and needs to be patched ASAP ?</P><P>Would have thought that this would be a "Very Critical" sk with alarms to all partners and customers and not just a "Medium" sk if that was the case ?</P><P>Thanks!</P><P>&nbsp;</P><P>Regards.&nbsp;<BR />Petter D</P> Mon, 15 Nov 2021 15:37:06 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Check-Point-vulnerable-to-Apache-CVes-sk176113/m-p/134088#M20040 PetterD 2021-11-15T15:37:06Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Check-Point-vulnerable-to-Apache-CVes-sk176113/m-p/134096#M20046 <P>Just a follow-up that i was able to get more detailed information about these CVEs and that Check Point due to running 2.4.41 are not vulnerable to them, luckily <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Mon, 15 Nov 2021 16:40:03 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Check-Point-vulnerable-to-Apache-CVes-sk176113/m-p/134096#M20046 PetterD 2021-11-15T16:40:03Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Check-Point-vulnerable-to-Apache-CVes-sk176113/m-p/134098#M20048 <P>Apache is used in various web portals on Check Point Security Gateways and Management.<BR />Things like the Gaia WebUI, Mobile Access Blade, UserCheck portal, etc.<BR />The CVEs you mention specifically aren't relevant as they are only relevant to precise versions of Apache that we are not using.</P> <P>The only potentially problematic CVE of the bunch listed in sk176113 (in my opinion) is CVE-2021-40438.<BR />At least as I understand it, this could be used to "hop" into a resource behind the gateway.<BR />Unless the attacker knows intimate details about the internal network, it's not clear how effective exploiting this issue would be, particularly without getting detected.<BR />I presume this CVE is what drove the need for patches, which is why they are being offered out of band of the regular JHF.</P> Mon, 15 Nov 2021 16:47:36 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Check-Point-vulnerable-to-Apache-CVes-sk176113/m-p/134098#M20048 PhoneBoy 2021-11-15T16:47:36Z