https://community.checkpoint.com/t5/Firewall-and-Security-Management/Meaning-of-CVE-numbers-in-IPS-signatures/m-p/57988#M57545 <P>Hi,</P><P>we are currently running 77.30 and are going to upgrade to 80.x.</P><P>Anyway we started using IPS now with the 77.30 and I'm wondering about the meaning of the CVE numbers in the IPS signatures.</P><P>As an example I have the "Linux System Files Information Disclosure" going with CVE-2018-3948. The CVE number is about TP-Link devices.</P><P>So we don't run TP-Link devices and I first thought I could deactivate this protection. But then I checked the logged events and saw common directory traversal attacks. I checked if there are other "Linux System Files Information Disclosure" protections but cannot find any.</P><P>Is this signature just for TP-Link devices because of the CVE or is the CVE just an example for this attack pattern?</P><P>Thank you for your help.</P> Thu, 11 Jul 2019 09:00:08 GMT DM 2019-07-11T09:00:08Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Meaning-of-CVE-numbers-in-IPS-signatures/m-p/57988#M57545 <P>Hi,</P><P>we are currently running 77.30 and are going to upgrade to 80.x.</P><P>Anyway we started using IPS now with the 77.30 and I'm wondering about the meaning of the CVE numbers in the IPS signatures.</P><P>As an example I have the "Linux System Files Information Disclosure" going with CVE-2018-3948. The CVE number is about TP-Link devices.</P><P>So we don't run TP-Link devices and I first thought I could deactivate this protection. But then I checked the logged events and saw common directory traversal attacks. I checked if there are other "Linux System Files Information Disclosure" protections but cannot find any.</P><P>Is this signature just for TP-Link devices because of the CVE or is the CVE just an example for this attack pattern?</P><P>Thank you for your help.</P> Thu, 11 Jul 2019 09:00:08 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Meaning-of-CVE-numbers-in-IPS-signatures/m-p/57988#M57545 DM 2019-07-11T09:00:08Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Meaning-of-CVE-numbers-in-IPS-signatures/m-p/58004#M57546 <P>Hi,</P> <P>&nbsp;</P> <P>You are correct and this is a bug. I will open an internal issue to have it corrected.</P> <P><SPAN><A href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3948" target="_self">CVE-2018-3948</A> should&nbsp;be part of the Protection called&nbsp;<STRONG>TP-Link TL-R600VPN remote code execution</STRONG> which also has the Check Point Advisory&nbsp;</SPAN><A href="https://www.checkpoint.com/defense/advisories/public/2019/cpai-2019-0434.html" target="_self"><SPAN style="font-family: inherit;">CPAI-2019-0434</SPAN></A></P> <P>&nbsp;</P> <P><SPAN style="font-family: inherit;">HTH</SPAN></P> <P><SPAN style="font-family: inherit;">Tal</SPAN></P> <P><SPAN>&nbsp;</SPAN></P> Thu, 11 Jul 2019 11:14:59 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Meaning-of-CVE-numbers-in-IPS-signatures/m-p/58004#M57546 Tal_Paz-Fridman 2019-07-11T11:14:59Z