cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
DM
Ivory

Meaning of CVE numbers in IPS signatures

Jump to solution

Hi,

we are currently running 77.30 and are going to upgrade to 80.x.

Anyway we started using IPS now with the 77.30 and I'm wondering about the meaning of the CVE numbers in the IPS signatures.

As an example I have the "Linux System Files Information Disclosure" going with CVE-2018-3948. The CVE number is about TP-Link devices.

So we don't run TP-Link devices and I first thought I could deactivate this protection. But then I checked the logged events and saw common directory traversal attacks. I checked if there are other "Linux System Files Information Disclosure" protections but cannot find any.

Is this signature just for TP-Link devices because of the CVE or is the CVE just an example for this attack pattern?

Thank you for your help.

0 Kudos
1 Solution

Accepted Solutions
Employee+
Employee+

Re: Meaning of CVE numbers in IPS signatures

Jump to solution

Hi,

 

You are correct and this is a bug. I will open an internal issue to have it corrected.

CVE-2018-3948 should be part of the Protection called TP-Link TL-R600VPN remote code execution which also has the Check Point Advisory CPAI-2019-0434

 

HTH

Tal

 

1 Reply
Employee+
Employee+

Re: Meaning of CVE numbers in IPS signatures

Jump to solution

Hi,

 

You are correct and this is a bug. I will open an internal issue to have it corrected.

CVE-2018-3948 should be part of the Protection called TP-Link TL-R600VPN remote code execution which also has the Check Point Advisory CPAI-2019-0434

 

HTH

Tal