https://community.checkpoint.com/t5/General-Topics/Are-Check-Point-appliances-vulnerable-to-Red-Hat-CVE-2021-435/m-p/135727#M24276 <P>Hi All,</P> <P>Pretty much what the subject says, RH have identified a critical vulnerability (<SPAN>remote code execution flaw)</SPAN> in NSS as per&nbsp;<A href="https://access.redhat.com/security/cve/CVE-2021-43527" target="_self">https://access.redhat.com/security/cve/CVE-2021-43527</A></P> <P>If I understand the R81 hardening guide correctly, <A href="https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_Gaia_Hardening/Topics-GAH/Unchanged_RPM_Packages_from_RHEL_7_8.htm?tocpath=_____7" target="_self">it lists NSS as one of the RPM's that's unchanged in Gaia</A>.&nbsp; Is this something that needs to be patched by Check Point?</P> <P>I did log a ticket with TAC, but thought I would ask / share here as well while I wait for an official answer from them.</P> <P>Ruan</P> Tue, 07 Dec 2021 12:02:16 GMT Ruan_Kotze 2021-12-07T12:02:16Z https://community.checkpoint.com/t5/General-Topics/Are-Check-Point-appliances-vulnerable-to-Red-Hat-CVE-2021-435/m-p/135727#M24276 <P>Hi All,</P> <P>Pretty much what the subject says, RH have identified a critical vulnerability (<SPAN>remote code execution flaw)</SPAN> in NSS as per&nbsp;<A href="https://access.redhat.com/security/cve/CVE-2021-43527" target="_self">https://access.redhat.com/security/cve/CVE-2021-43527</A></P> <P>If I understand the R81 hardening guide correctly, <A href="https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_Gaia_Hardening/Topics-GAH/Unchanged_RPM_Packages_from_RHEL_7_8.htm?tocpath=_____7" target="_self">it lists NSS as one of the RPM's that's unchanged in Gaia</A>.&nbsp; Is this something that needs to be patched by Check Point?</P> <P>I did log a ticket with TAC, but thought I would ask / share here as well while I wait for an official answer from them.</P> <P>Ruan</P> Tue, 07 Dec 2021 12:02:16 GMT https://community.checkpoint.com/t5/General-Topics/Are-Check-Point-appliances-vulnerable-to-Red-Hat-CVE-2021-435/m-p/135727#M24276 Ruan_Kotze 2021-12-07T12:02:16Z https://community.checkpoint.com/t5/General-Topics/Are-Check-Point-appliances-vulnerable-to-Red-Hat-CVE-2021-435/m-p/135732#M24277 <P>Hi&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/9028">@Ruan_Kotze</a>,&nbsp;R&amp;D is looking into this. The official response will be provided shortly.&nbsp;</P> Tue, 07 Dec 2021 13:36:18 GMT https://community.checkpoint.com/t5/General-Topics/Are-Check-Point-appliances-vulnerable-to-Red-Hat-CVE-2021-435/m-p/135732#M24277 _Val_ 2021-12-07T13:36:18Z https://community.checkpoint.com/t5/General-Topics/Are-Check-Point-appliances-vulnerable-to-Red-Hat-CVE-2021-435/m-p/135885#M24300 <P>Hi&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/9028">@Ruan_Kotze</a>&nbsp;and all. Here is the official response:</P> <P>&nbsp;</P> <P><SPAN>We have carefully reviewed the situation, and found that while the vulnerable NSS package exists on Gaia, there is no direct use of it in any of our products. </SPAN></P> <P><SPAN>Therefore, <U>Check Point Gaia is not vulnerable to CVE-2021-43527</U>.&nbsp;</SPAN></P> <P><SPAN>Having said that, we are working on upgrading the NSS package to a version that isn’t vulnerable.</SPAN></P> Thu, 09 Dec 2021 07:39:29 GMT https://community.checkpoint.com/t5/General-Topics/Are-Check-Point-appliances-vulnerable-to-Red-Hat-CVE-2021-435/m-p/135885#M24300 _Val_ 2021-12-09T07:39:29Z