This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Matlu
MVP Silver
MVP Silver
‎2023-06-25 03:44 PM

No information about new vulnerability in IPS blade.

Hello,

I have a Firewall Cluster, version R81.10.
Currently the Cluster has the IPS blade active.

Our Cybersecurity area has made the detection of a new signature, which require to know if this signature "impacts" or not to any asset of our company.

I have reviewed in the IPS Protections option from the SmartConsole, the signature that was reported to me, which is:

Vulnerability in Check Point (CVE-2023-34460) (CVSS Score v3: Undefined).

But you will notice in the attached image, that apparently, Checkpoint, does not have it included in its database, or I'm checking wrong????

IPS2.jpg

What kind of action can be taken in this case?
Currently I have the following version of IPS signatures installed in my Cluster Firewalls.

IPS3.jpg

Just to clarify the doubt, the signatures that I find with the "PREVENT" action in Checkpoint's database, does it mean that Checkpoint "blocks" this type of traffic?

Prevent, is it related to the action of BLOCKING all traffic? Or is it not always like that?

Thanks for your comments.

0 Kudos
7 Replies
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2023-06-25 04:39 PM

Generally only when POC code is available can a protection be created.

If this is critical for you please work with your local CP SE to track it.

'Prevent' does what it says but there can be some dependencies depending on the type of threat/traffic e.g. HTTPS inspection 

CCSM R77/R80/ELITE
0 Kudos
Timothy_Hall
MVP Gold
MVP Gold
‎2023-06-26 05:30 AM

You need to update your SmartConsole software.  In some early releases you were not allowed to search by CVE number, however this was fixed in later releases.  From my IPS/AV/ABOT Immersion Course (which was just updated for R81.20) discussing the searching of IPS Protections:

ips_search.png

 

Gaia 4.18 (R82) Immersion Tips, Tricks, & Best Practices Video Course
Now Available at https://shadowpeak.com/gaia4-18-immersion-course
Matlu
MVP Silver
MVP Silver
‎2023-06-26 06:50 AM
In response to Timothy_Hall

Hello,

Is it possible to "work" with the SmartConsole R81.20, to access my SMS which is in version R81.10?

Or am I forced to update the SMS Gaia to R81.20?

Greetings.

0 Kudos
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2023-06-26 05:36 AM

Alternately you can also search your CVE here: https://advisories.checkpoint.com/advisories/

CCSM R77/R80/ELITE
0 Kudos
Matlu
MVP Silver
MVP Silver
‎2023-06-26 06:48 AM
In response to Chris_Atkinson

Hello,

I checked my CVE on that page, and it doesn't appear in "LIST" either.

It is recommended to work with the SE, isn't it?

Cheers.

0 Kudos
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2023-06-26 06:51 AM
In response to Matlu

The SE can make a request internally, again depending on POC code availability.

CCSM R77/R80/ELITE
0 Kudos
PhoneBoy
Admin
Admin
‎2023-06-26 11:54 AM

A cursory read of CVE-2023-34460 suggests the issue is in a piece of software used to build other software.
I fail to see how any network-based IPS would protect against this vulnerability. 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events