cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

Jump page listing all Check Point vulnerabilities from past years

Hello CheckMakes,

I was updating vulnerability management process with recent links point to each vendor dedicated security Advisories page. Did all other firewall vendors without a problem and stumbled into an issue with Check Point. I was not able to find page dedicated to _product_ vulnerabilities.

I can not find the way to search for product vulnerabilities, apart of searching knowledge base for keyword "Check Point response" (with quotation marks) and then sorting by time.

The advisories page https://www.checkpoint.com/advisories/  is mostly information about IPS signatures and does not fit into what i'm looking for.

Please share our thoughts.

Regards,

Sergej

6 Replies
Employee+
Employee+

Re: Jump page listing all Check Point vulnerabilities from past years

Hi Sergej,

There's a link in the main support page:

Here you are: 

Support, Support Requests, Training, Documentation, and Knowledge base for Check Point products and ... 

Regards,

Jesús

Re: Jump page listing all Check Point vulnerabilities from past years

Thank you for pointing up to this page, i originally missed it. It is seems like a "natural habitat" for all security advisories.

However, there is only one announcement dated 2017. And some big issues not listed at all.

For example there is no (or i was not able to see) detail on sk122205 - Check Point Response to Meltdown and Spectre (CVE-2017-5753, CVE-2017-5715, CVE-2017-5754) 

Is it defensively the right "catch all" place to see new security advisories from Check Point?

0 Kudos

Re: Jump page listing all Check Point vulnerabilities from past years

This page is a mixed bag - it shows vulnerabilities of CP products, but also other vendors vulnerabilities that Check Point provides coverage for with IPS protections. So there simply seems to be no "catch all" place...

0 Kudos
Highlighted
Admin
Admin

Re: Jump page listing all Check Point vulnerabilities from past years

This page only lists high/critical security vulnerabilities for which patches have been issued, if I recall correctly.

In the last couple years, there have been only two.

We have not issued patches for Meltdown/Spectre.

0 Kudos

Re: Jump page listing all Check Point vulnerabilities from past years

So Check Point does not advertise what they are vulnerable to if there is not a patch issued? The company does not report their security vulnerabilities to MITRE / NIST?

Anything similar to this from Cisco (which included products that do not even have a fix yet..):

Security Advisories and Alerts 

??

Thanks!

0 Kudos
Admin
Admin

Re: Jump page listing all Check Point vulnerabilities from past years

That page should include information about security issues we're planning to patch as well.

For example, when we posted the issue about SegmentStack and FragmentStack, we did not have fixes for some of the appliances yet.

It may also contain statements about security issues in general technology used in security products (e.g. Bleichenbacher oracle cryptographic attack).

0 Kudos