Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Johan_Hillstrom
Contributor

Checkpoints exposure to CVE-2020-2035 and CVE-2020-15936 (SNIcat)

Jump to solution

Hi

Looking for more information regarding Checkpoint products exposure to recent vulnerabilities (CVE-2020-2035 and CVE-2020-15936)

The vulnerability allows to exfiltrate data covertly using anomalous SNI payloads.


The researchers tested against Palo Alto, Fortinet and F5 and found all of them to be vulnerable.

For more info on these vulnerabilities, please see https://www.mnemonic.no/blog/introducing-snicat/
PoC code available at https://github.com/mnemonic-no/SNIcat

0 Kudos
Reply
1 Solution

Accepted Solutions
Ethan_Schorer
Employee
Employee

Hi, We just published the following Security Alert:

https://supportcontent.checkpoint.com/solutions?id=sk170795

TL;DR - we are not vulnerable and as @_Val_ wrote - we have protections in all sorts of blades.

View solution in original post

7 Replies
_Val_
Admin
Admin

We are looking into this. Once the official answer is ready, we will let everyone know.

uf0
Explorer

Hello, do you have any update on this?

0 Kudos
Reply
_Val_
Admin
Admin

We have protections with SandBlast Agent and Threat Emulation for SNIcat. Relevant protections are:

  • SBA
    • Trojan.Win.Snicat.A
    • Trojan.Win.Snicat.B
  • TE
    • Trojan.Wins.Snicat.C
    • Trojan.Wins.Snicat.D
Ethan_Schorer
Employee
Employee

Hi, We just published the following Security Alert:

https://supportcontent.checkpoint.com/solutions?id=sk170795

TL;DR - we are not vulnerable and as @_Val_ wrote - we have protections in all sorts of blades.

View solution in original post

_Val_
Admin
Admin

Here we go: sk170795

 

@uf0 @Johan_Hillstrom 

Johan_Hillstrom
Contributor

Excellent job, Check Point team.
Better than most competitors.

Johan_Hillstrom
Contributor

I also applaud your persistence following up this issue.

Absolutely spotless,  hat's off !

Keep up the good work in this great community.