In your environment, do you see other logs?

The task running the script creates a log that represents the task's status. It's possible that there is a delay in indexing in your environment, or indexing is deactivated, therefore you cannot open the task details.

I suggest to try a little bit later, or run the script manually by connecting to the Management/Standalone machine's console.

I am getting logs fine

Ran it manually from Home directory, on the management server.

chmod u+x VPNcheck.sh

chmod u+x check-for-local-users-with-password-only-authentication.sh

./VPNcheck.sh
No Local accounts with Password Authentication method found. No further action required.

./check-for-local-users-with-password-only-authentication.sh
No Local accounts with Password Authentication method found. No further action required.

I am asumming that "No Local accounts with Password Authentication method found. No further action required." is a good thing 🙂

You may want to double-check to see if you have the correct script for the the vulnerability check. When I download it from the SK182336 I get a file named "check-for-CVE-2024-24919.sh" not "VPNcheck.sh". The initial scripts released only validated whether or not local users exist with password auth and VPN access, the newer CVE script is running checks to see if the vulnerability is present. (Important Note: it is possible to not have any local users present and still be vulnerable)

Ran that one all good 🙂

still adding the Hot fix regardless, 5 more clusters to go, taking longer to sort out change windows.

Looks at Checkpoint where do I send the bill for my wifes flowers, that is our weekend wrecked.

I just re read this, we have a separate events server, wonders what difference this would make? if any

Hi,

Thank you for the feedback. The script automates checking whether Mobile Access blade (MAB) is activated or the gateway belongs to the Remote Access VPN community. These are the manual instructions we give to customer to check potential vulnerability.

To keep things simple, we did not invoke APIs or scripts to the gateways themselves to see if the HF was installed. The outcome of the script is whether it's important to install the HF.

We will check if we can improve the text to be clearer, in case we release an updated script.

A little bit confusing, but that explains it. Thank you very much!

We just released an updated script that will iterate over potentially vulnerable gateways and will run commands to check for relevant HF or JHF fix installation.

The updated script will no longer mark patched gateways as vulnerable.
Thank you for the community feedback!

https://support.checkpoint.com/results/download/133115 

Awesome, will test in later and report back.

Andy

@Tomer_Noy 

Not sure if this is expected (I assume not), but here is what I experienced. Before upgrade of my cluster, it was on R81.20 jumbo 53 and I upgraded to jumbo 65, but I get below when running script from the mgmt for the cve check. I attached 2 screenshots, first worked fine BEFORE the upgrade and 2nd I get the error seen.

Thoughts?

Best,

Andy

Is this a multi-domain environment, or Security Management Server?

On what did you install JHF 65? On the gateway or management server?

The error message seems to indicate a problem in fetching data on the management, so upgrading the gateway/cluster should not have done this.

Can you try again?

Just regular SMS

I even rebooted the mgmt, same issue. Let me install jumbo 65 on the mgmt server, not sure if that will make a difference, but will let you know.

Andy

No joy 😞

I upgraded mgmt to take 65, rebooted, even deleted and re-added the script, exact same problem, except now it shows same for both gateways, not just the backup.

Super odd...

Andy

Anyway @Tomer_Noy , honestly, not a biggie, as they say, I copied the script to the mgmt via winscp and showed correct output. I want to THANK you and everyone else, @FuzzyLogic , @PhoneBoy , @_Val_ , and all the other people (hard to remember everyone now) who worked very hard on this. I know what Val meant when he said recently people are working around the clock for this issue and its most likely true. Super important to be on top of things like this, so I can say we appreciate, and Im sure I speak for others as well.

Best regards mate.

Andy

Output from the lab mgmt:

[Expert@CP-management:0]# cd /var/log/scripts/
[Expert@CP-management:0]# chmod 777 *
[Expert@CP-management:0]# ./check-for-CVE-2024-24919.sh
All gateways are not vulnerable to CVE-2024-24919. No further action required.
[Expert@CP-management:0]#

Just to update quick, @Omer_Kleinstern reached out to me directly about the script, I ended up rebooting the mgmt again, ran it all good. Thanks so much guys, I truly value and am grateful for how quickly you responded and are on top of this

Andy

👍✌️👌

This might be a little ironic @the_rock , but it's possible that the errors you got were not related to installing JHF or rebooting the Management.

The original post in this thread by @FuzzyLogic was to make people aware that they need to select the Management object, otherwise they will get an error "Failed to collect (get) domains". That's the error that you got, so it's highly possible that you simply selected a gateway object when you ran the script, instead of the management.

Thanks @Omer_Kleinstern for pointing out that possibility.

@Tomer_Noy You are 100% CORRECT! Thats exactly what I was doing...layer 8 iussue HAHAHA

Thanks mate!

Andy

Maybe not updated yet? Just ran it, but got same as yesterday...

Andy

Not sure if this is expected when running script on standalone?

Andy

I cant seem to find exactly where that setting is...never mind, ended up rebooting, good now, though still does NOT show anything for cccd

Did you explicitly enable cccd?
It's not enabled by default.

Definitely not, its brand new install.

That's why you didn't get anything about cccd then 🙂

lol...I thought even if its disabled it would tell you, but guess not 🙂

Even when enabled, does not seem to matter...

Andy