Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Ruan_Kotze
Advisor

Are Check Point appliances vulnerable to Red-Hat CVE-2021-435?

Jump to solution

Hi All,

Pretty much what the subject says, RH have identified a critical vulnerability (remote code execution flaw) in NSS as per https://access.redhat.com/security/cve/CVE-2021-43527

If I understand the R81 hardening guide correctly, it lists NSS as one of the RPM's that's unchanged in Gaia.  Is this something that needs to be patched by Check Point?

I did log a ticket with TAC, but thought I would ask / share here as well while I wait for an official answer from them.

Ruan

1 Solution

Accepted Solutions
_Val_
Admin
Admin

Hi @Ruan_Kotze and all. Here is the official response:

 

We have carefully reviewed the situation, and found that while the vulnerable NSS package exists on Gaia, there is no direct use of it in any of our products.

Therefore, Check Point Gaia is not vulnerable to CVE-2021-43527

Having said that, we are working on upgrading the NSS package to a version that isn’t vulnerable.

View solution in original post

2 Replies
_Val_
Admin
Admin

Hi @Ruan_Kotze, R&D is looking into this. The official response will be provided shortly. 

_Val_
Admin
Admin

Hi @Ruan_Kotze and all. Here is the official response:

 

We have carefully reviewed the situation, and found that while the vulnerable NSS package exists on Gaia, there is no direct use of it in any of our products.

Therefore, Check Point Gaia is not vulnerable to CVE-2021-43527

Having said that, we are working on upgrading the NSS package to a version that isn’t vulnerable.

View solution in original post