This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Paulo_Feitosa
Explorer
‎2021-12-29 03:11 AM

Log4j CVE-2021-45105 e CVE-2021-4104 Not Found basedNow IPS

Guys,

I'm trying to update and find the CVE-2021-45105 e CVE-2021-4104 in my IPS checkpoint.

Looks like it hasn't been released yet.

Note: And I say IPS signature trheat prevention.

 

 

0 Kudos
4 Replies
_Val_
Admin
Admin
‎2021-12-29 03:21 AM

CVE-2021-45105 is included into CPAI-2021-0955 on December 21: https://www.checkpoint.com/defense/advisories/public/2021/cpai-2021-0955.html

CVE-2021-4104 is about vulnerability in the product that was EOL in 2015. Are you sure you did not mistype it?

0 Kudos
Paulo_Feitosa
Explorer
‎2021-12-29 03:43 AM
In response to _Val_

I meant the cves below:
CVE - CVE-2021-44832 (mitre.org)
CVE - CVE-2021-4104 (mitre.org)

Not found in my IPS basednow

 

0 Kudos
_Val_
Admin
Admin
‎2021-12-29 06:00 AM
In response to Paulo_Feitosa

You can make an official enquiry through a TAC ticket.

0 Kudos
_Val_
Admin
Admin
‎2021-12-29 08:01 AM
In response to Paulo_Feitosa

In addition, here is a reply from our experts, quoting:


CVE-2021-4104: This CVE contains a local attack vector, and therefore will not be detected in traffic as the known attack vector of Log4j - so it can't be covered by IPS.

Also, notice that it is only affecting Log4j 1.2 that reached the end of life more than 6 years ago.

CVE-2021-44832: We will consult with the IPS team if it is possible to cover it although it also uses a local attack vector.
We will update you as soon as we receive their response.

 

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events