Hi Community Team,
Check Point firewall for one of the customers, which is used for OT security to analyze traffic and protect the network. Recently, the VAPT (Vulnerability Assessment and Penetration Testing) team provided a list of 453 CVEs, requesting confirmation on whether the patches are available for these vulnerabilities.
Upon reviewing the Check Point SmartConsole GUI, I found that only 13 out of the 453 CVEs are explicitly listed. Our IPS, Anti-Bot, and Anti-Virus databases are up-to-date, as confirmed by our recent checks.
Given the importance of ensuring comprehensive protection for our customer's network, I need some assistance and clarification from the community:
- Coverage of Remaining CVEs: Are the remaining 441 CVEs implicitly covered by generic protections, Anti-Bot, Anti-Virus, or other mechanisms within the Check Point firewall? If yes, how can I verify this coverage?
- Mitigation Steps: If specific patches or protections are not available for some CVEs, what steps can we take to mitigate these vulnerabilities effectively?
- Documentation and Details: Can anyone provide additional details or documentation on how these CVEs are addressed by Check Point?
I have verified that all threat prevention components (IPS, Anti-Bot, Anti-Virus) are up-to-date. Attached is the list of 453 CVEs for reference.(I Bold the line which is displayed in the smartconsole)
Any guidance or assistance from the community would be greatly appreciated, as this is critical to maintaining a secure environment for our customer.
Regards
@Chinmaya_Naik