https://community.checkpoint.com/t5/Firewall-and-Security-Management/CVE-2022-27255-when-do-we-get-a-signature/m-p/155118#M55263 <P>Gents,</P><P>after DEFCON,&nbsp;<SPAN>CVE-2022-27255 is creating a bit of a panic - and for good reasons, a quick "look" at my own corporate network shows me &gt;100 devices affected usind the Realtek SDK in question.</SPAN></P><P><SPAN>As this is "simple" fixable with looking at the malformed SIP packages, can we get a signature update to the thread protection asap please ?</SPAN></P><P><SPAN>"It looks for&nbsp;"</SPAN><EM>INVITE</EM><SPAN>" messages with the string "</SPAN><EM>m=audio</EM><SPAN>" and triggers when there are more than&nbsp;128 bytes&nbsp;(size of the allocated buffer by the Realtek SDK) and if none of them is a carriage return." (Source: bleepingcomputer)</SPAN></P><P><SPAN>Thx</SPAN></P><P><SPAN>MG</SPAN></P><P>Details:</P><P><A href="https://www.bleepingcomputer.com/news/security/exploit-out-for-critical-realtek-flaw-affecting-many-networking-devices/" target="_blank" rel="noopener">https://www.bleepingcomputer.com/news/security/exploit-out-for-critical-realtek-flaw-affecting-many-networking-devices/</A></P> Wed, 17 Aug 2022 09:58:16 GMT MaxGutberletRM 2022-08-17T09:58:16Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/CVE-2022-27255-when-do-we-get-a-signature/m-p/155118#M55263 <P>Gents,</P><P>after DEFCON,&nbsp;<SPAN>CVE-2022-27255 is creating a bit of a panic - and for good reasons, a quick "look" at my own corporate network shows me &gt;100 devices affected usind the Realtek SDK in question.</SPAN></P><P><SPAN>As this is "simple" fixable with looking at the malformed SIP packages, can we get a signature update to the thread protection asap please ?</SPAN></P><P><SPAN>"It looks for&nbsp;"</SPAN><EM>INVITE</EM><SPAN>" messages with the string "</SPAN><EM>m=audio</EM><SPAN>" and triggers when there are more than&nbsp;128 bytes&nbsp;(size of the allocated buffer by the Realtek SDK) and if none of them is a carriage return." (Source: bleepingcomputer)</SPAN></P><P><SPAN>Thx</SPAN></P><P><SPAN>MG</SPAN></P><P>Details:</P><P><A href="https://www.bleepingcomputer.com/news/security/exploit-out-for-critical-realtek-flaw-affecting-many-networking-devices/" target="_blank" rel="noopener">https://www.bleepingcomputer.com/news/security/exploit-out-for-critical-realtek-flaw-affecting-many-networking-devices/</A></P> Wed, 17 Aug 2022 09:58:16 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/CVE-2022-27255-when-do-we-get-a-signature/m-p/155118#M55263 MaxGutberletRM 2022-08-17T09:58:16Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/CVE-2022-27255-when-do-we-get-a-signature/m-p/155120#M55264 <P>If not already please raise it with TAC and follow-up with your SE accordingly to track the request.&nbsp;</P> <P>Note we also support importing SNORT signatures, perhaps useful as an interim measure.</P> Wed, 17 Aug 2022 11:20:11 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/CVE-2022-27255-when-do-we-get-a-signature/m-p/155120#M55264 Chris_Atkinson 2022-08-17T11:20:11Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/CVE-2022-27255-when-do-we-get-a-signature/m-p/155132#M55265 <P><A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk98937&amp;partition=Basic&amp;product=IPS" target="_self">How quick are turn-around times for IPS signature updates addressing newly found vulnerabilities</A>&nbsp;</P> <P><A href="https://www.checkpoint.com/advisories/" target="_self">CVE Advisories</A>&nbsp;</P> <P>&nbsp;</P> <P>This information might help. You can also subscribe to the 2nd one.</P> Wed, 17 Aug 2022 14:08:57 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/CVE-2022-27255-when-do-we-get-a-signature/m-p/155132#M55265 CE_SE 2022-08-17T14:08:57Z