This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Daniel_Kavan
MVP Gold
MVP Gold
‎2022-08-23 01:29 PM
Jump to solution

nessus flags log4j on Identity awareness servers

Hi all, we are seeing nessus flag our identity awareness server running IDC.

 

  Path              : C:\Program Files (x86)\CheckPoint\Identity Collector\ISE-Extension-shade.jar
  Installed version : 1.2.15

I responsed that we are on the latest  build We're running 81.035.0000

and attached Check Point's response to Apache Log4j Remote Code Execution

 

 

 

 

0 Kudos
1 Solution

Accepted Solutions
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2023-09-11 08:15 AM
In response to stallwoodj
Jump to solution

It's deemed part of Quantum and unaffected to my knowledge.

Do you use the Cisco ISE integration?

CCSM R77/R80/ELITE

View solution in original post

0 Kudos
12 Replies
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2022-08-23 04:34 PM
Jump to solution

How is Nessus making it's determination and have you raised it for investigation with TAC?

@Royi_Priov 

CCSM R77/R80/ELITE
0 Kudos
stallwoodj
Collaborator
Collaborator
‎2023-09-11 03:43 AM
In response to Chris_Atkinson
Jump to solution

Hi, our customer's Nessus is also seeing this alert, it appears to detected this when given credentials to access the C$ share.

I'm going to raise an SR and will report back.

 

Thanks

Jamie

0 Kudos
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2023-09-11 04:02 AM
In response to stallwoodj
Jump to solution

IDC was previously analysed and isn't vulnerable.

Are you currently running the latest IDC version per: sk134312?

CCSM R77/R80/ELITE
0 Kudos
stallwoodj
Collaborator
Collaborator
‎2023-09-11 04:09 AM
In response to Chris_Atkinson
Jump to solution

Hi Chris,

Yes, we installed Collector version 81.40 dated Sep-2022. 

0 Kudos
stallwoodj
Collaborator
Collaborator
‎2023-09-11 08:03 AM
In response to stallwoodj
Jump to solution

Just waiting for confirmation from TAC, as it's not a product listed as unaffected as per sk176865.

0 Kudos
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2023-09-11 08:15 AM
In response to stallwoodj
Jump to solution

It's deemed part of Quantum and unaffected to my knowledge.

Do you use the Cisco ISE integration?

CCSM R77/R80/ELITE
0 Kudos
stallwoodj
Collaborator
Collaborator
‎2023-09-11 09:25 AM
In response to Chris_Atkinson
Jump to solution

Hi Chris,

No we don't, only LDAPS to on-prem AD. Hopefully it's safe to remove ISE-Extension-shade.jar

 

Thanks

Jamie

0 Kudos
stallwoodj
Collaborator
Collaborator
‎2023-09-13 07:55 AM
In response to Chris_Atkinson
Jump to solution

TAC confirmed that the Identity Collector for Windows (81.040) is unaffected.

In any case, if you aren't using ISE then the JAR can be removed without the service failing from my testing.

Thanks

Jamie

0 Kudos
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2023-09-13 08:19 AM
In response to stallwoodj
Jump to solution

FWIW Avoiding the scan result in this manner shouldn't be necessary with the next IDC client release.

CCSM R77/R80/ELITE
0 Kudos
EY
Contributor
‎2023-09-21 10:59 AM
In response to Chris_Atkinson
Jump to solution

Any idea when that next IDC client release might be?  This has been an issue for over a year now.

0 Kudos
PhoneBoy
Admin
Admin
‎2023-09-21 01:07 PM
In response to EY
Jump to solution

In the coming weeks. @Royi_Priov 

0 Kudos
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2023-12-07 05:04 PM
In response to EY
Jump to solution

R81.069.0000 is now available per sk134312

CCSM R77/R80/ELITE

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events