This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
HeikoAnkenbrand
Champion Champion
Champion
‎2024-06-02 11:43 PM

Feature Request Firewall + WAF (would have been protected against CVE-2024-24919)

Check Point has been selling firewalls for years and WAFs for some years now.
The interesting question for me is why this is not combined.

For example, there was a WAF in front of the GAIA portal (multi-portal) or the MAB portal,
the attack (CVE-2024-24919) could easily have been detected and can be blocked.

Technically, I don't see any difficulties in implementing something like this.

WAF_1_hggfhgfd553245.png

And both technologies are available from Check Point.
And you would be the first firewall manufacturer to protect its products in this way.

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
0 Kudos
4 Replies
_Val_
Admin
Admin
‎2024-06-03 12:01 AM

WAF is insufficient here. Full inbound HTTPS Inspection is required, and it is already being reviewed as an option. We are looking into this very seriously. 

0 Kudos
HeikoAnkenbrand
Champion Champion
Champion
‎2024-06-03 01:22 AM
In response to _Val_

@Dorit_Dor 
Is a feature request for the future.

Why can't you build a WAF in front of your web portals on the firewall in R82.x or R8x in the future?
Then attacks like these would be intercepted on the Check Point firewall.

Browser --> (WAF with Https interseption as reverse proxy) --> (Gaia Portal or MAB Portal)
From my point of view, any WAF would sound an alarm when the following string ‘../../../../../’ is used in communication.

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
0 Kudos
Gera_Dorfman
Employee
Employee
‎2024-06-04 01:59 AM

Hi Heiko

We are indeed considering additional protective measures to avoid such issues in the future. Integrating  WAF is one of the options.

Thanks

PhoneBoy
Admin
Admin
‎2024-06-05 06:23 PM

In a sense, we've provided this already in the form of vpnf.
The new vpnf process (deployed through AutoUpdater or manually) captures and prevents attempts to execute path traversal.
This was deployed as an interim preventative measure until the CVE-2024-24919 fixes are fully installed on customers’ Security Gateways.
More details here: https://support.checkpoint.com/results/sk/sk182376

Despite the presence of vpnf, installing the Hotfix is the best way to stay protected from this vulnerability.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events