cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted
Jerry
Gold

R55, R65 - Bug Tracker

hi folks got a quick one for you,

Got weird customer, I'd like to give them a weapon and confidence to upgrade their infra from r55/r65 towards new breads but need to highlight bugs and known cve's.

I found cve's online - that's easy but what I'm struggling with is known bugs for R55 and R65 to be specific - have you got any clue where about I could find them listed online? I'm searching all the resources and cause R55 is EOL back 11y ago I'm really in no clue how to highlight what was a main bugs etc. with those specific versions (splat ofcourse!).

 

Cheer and thanks in advance.

 

Jerry

Jerry
0 Kudos
5 Replies

Re: R55, R65 - Bug Tracker

Is this a kind of joke ? The known bugs for R55 and R65  are identical to the known CVEs since their end of support ! Both versions have been out of any support for more than 10 years now, so anyone still using these in production is more a lunatic than security specialist...

But if you need "bugs", ponder upon the fact that these versions are vulnerable to all kinds of malware, ransomware and spyware you can imagine ! Much more important than bugs that might lead to crashes or reboots is the inherent danger of using such outdated software.

Employee++
Employee++

Re: R55, R65 - Bug Tracker

Admin
Admin

Re: R55, R65 - Bug Tracker

While I'm not surprised organizations are still running R65 or earlier releases somewhere, people really should upgrade.
These versions have been out of support for quite a while now.

SIC in these releases uses SHA-1 hashes, which are known to be weak.
This won't necessarily show up as a Check Point CVE, but it's a fact.
Not to mention whatever vulnerabilities that may be in whatever ancient version of Windows that's being used to run Policy Editor/SmartDashboard.

If the hardware you're running these installations on fails, you will not be able to stand up R5x or R6x on modern hardware, except possibly through VMs.
That's not a CVE, but still represents a risk, depending on where the gateways are deployed.
Jerry
Gold

Re: R55, R65 - Bug Tracker

totally agree, I was just trying to get as much as possible for the most ridiculous customer I've ever supported (as Consultant). it is all over now but they claim that 75% of their SPLAT based not-internet-facing FWs run R65 (some of them even R55) - I was blown away but well ... not my monkeys. At the end of the day it is their choice, their risk, their BAU and their BCP/DR process which comes along. Also it proves very well how the Management and processes works within the entire network. Cannot tell you more chaps but believe me, for it it is over hence I don't care any longer. It was the most pathetic infra I was ever involved in consulting/auditing/assessing in my entire career. EOT.
Jerry
0 Kudos
Employee+
Employee+

Re: R55, R65 - Bug Tracker

I used to have a customer who was afraid to upgrade from R55/R60 because "what if the new versions include some bugs...". So, I know what you are talking about. 🙂

When those versions were released we even didn't dream about the type of attacks we are experiencing today. Your customer needs to have a version that is supported and recommended by Check Point. Every version has an sk that lists known limitations for this version and when jumbo hotfixes and/or new versions are released we also list what was fixed. From R55 you get quite a long list of improvements and new features before you get to R80.30.

0 Kudos