This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Paulo_Feitosa
Explorer
‎2021-12-29 03:11 AM

Log4j CVE-2021-45105 e CVE-2021-4104 Not Found basedNow IPS

Guys,

I'm trying to update and find the CVE-2021-45105 e CVE-2021-4104 in my IPS checkpoint.

Looks like it hasn't been released yet.

Note: And I say IPS signature trheat prevention.

 

 

0 Kudos
4 Replies
_Val_
Admin
Admin
‎2021-12-29 03:21 AM

CVE-2021-45105 is included into CPAI-2021-0955 on December 21: https://www.checkpoint.com/defense/advisories/public/2021/cpai-2021-0955.html

CVE-2021-4104 is about vulnerability in the product that was EOL in 2015. Are you sure you did not mistype it?

0 Kudos
Paulo_Feitosa
Explorer
‎2021-12-29 03:43 AM
In response to _Val_

I meant the cves below:
CVE - CVE-2021-44832 (mitre.org)
CVE - CVE-2021-4104 (mitre.org)

Not found in my IPS basednow

 

0 Kudos
_Val_
Admin
Admin
‎2021-12-29 06:00 AM
In response to Paulo_Feitosa

You can make an official enquiry through a TAC ticket.

0 Kudos
_Val_
Admin
Admin
‎2021-12-29 08:01 AM
In response to Paulo_Feitosa

In addition, here is a reply from our experts, quoting:


CVE-2021-4104: This CVE contains a local attack vector, and therefore will not be detected in traffic as the known attack vector of Log4j - so it can't be covered by IPS.

Also, notice that it is only affecting Log4j 1.2 that reached the end of life more than 6 years ago.

CVE-2021-44832: We will consult with the IPS team if it is possible to cover it although it also uses a local attack vector.
We will update you as soon as we receive their response.

 

 

0 Kudos
Labels