Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Matlu
Advisor

No information about new vulnerability in IPS blade.

Hello,

I have a Firewall Cluster, version R81.10.
Currently the Cluster has the IPS blade active.

Our Cybersecurity area has made the detection of a new signature, which require to know if this signature "impacts" or not to any asset of our company.

I have reviewed in the IPS Protections option from the SmartConsole, the signature that was reported to me, which is:

Vulnerability in Check Point (CVE-2023-34460) (CVSS Score v3: Undefined).

But you will notice in the attached image, that apparently, Checkpoint, does not have it included in its database, or I'm checking wrong????

IPS2.jpg

What kind of action can be taken in this case?
Currently I have the following version of IPS signatures installed in my Cluster Firewalls.

IPS3.jpg

Just to clarify the doubt, the signatures that I find with the "PREVENT" action in Checkpoint's database, does it mean that Checkpoint "blocks" this type of traffic?

Prevent, is it related to the action of BLOCKING all traffic? Or is it not always like that?

Thanks for your comments.

0 Kudos
7 Replies
Chris_Atkinson
Employee Employee
Employee

Generally only when POC code is available can a protection be created.

If this is critical for you please work with your local CP SE to track it.

'Prevent' does what it says but there can be some dependencies depending on the type of threat/traffic e.g. HTTPS inspection 

CCSM R77/R80/ELITE
0 Kudos
Timothy_Hall
Legend Legend
Legend

You need to update your SmartConsole software.  In some early releases you were not allowed to search by CVE number, however this was fixed in later releases.  From my IPS/AV/ABOT Immersion Course (which was just updated for R81.20) discussing the searching of IPS Protections:

ips_search.png

 

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
Matlu
Advisor

Hello,

Is it possible to "work" with the SmartConsole R81.20, to access my SMS which is in version R81.10?

Or am I forced to update the SMS Gaia to R81.20?

Greetings.

0 Kudos
Chris_Atkinson
Employee Employee
Employee

Alternately you can also search your CVE here: https://advisories.checkpoint.com/advisories/

CCSM R77/R80/ELITE
0 Kudos
Matlu
Advisor

Hello,

I checked my CVE on that page, and it doesn't appear in "LIST" either.

It is recommended to work with the SE, isn't it?

Cheers.

0 Kudos
Chris_Atkinson
Employee Employee
Employee

The SE can make a request internally, again depending on POC code availability.

CCSM R77/R80/ELITE
0 Kudos
PhoneBoy
Admin
Admin

A cursory read of CVE-2023-34460 suggests the issue is in a piece of software used to build other software.
I fail to see how any network-based IPS would protect against this vulnerability. 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events