Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
G_W_Albrecht
Legend Legend
Legend

Latest firmware builds for 77.20.xx SMB appliances

In sk165875: Check Point Response to CVE-2020-8597 (PPP buffer overflow vulnerability) we found the latest 77.20.xx firmware builds for SMB appliances - but now in response to DNSpooQ (CVE-2020-25686, CVE-2020-25684, CVE-2020-25685), CP TAC provided fixed versions also for older models (2021-02):

With sk176148: Check Point response to CVE-2021-26414 - "Windows DCOM Server Security Feature Bypass" customers using MS DC/AD received fixed firmware versions that are available from TAC only (01-Nov-2021):

  • R77.20.87 build 990173127 for 700/1400 appliances
  • R77.20.81 Build 990172625 for 1200R appliances
CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
67 Replies
G_W_Albrecht
Legend Legend
Legend

Added references to  sk176148

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Peter_Lyndley
Advisor
Advisor

Can anyone confirm if we still need to contact TAC for 

  • R77.20.87 build 990173127 for 700 / 1400 appliances (contact Check Point Support to get it or whether the fixes related to DCOM etc are now included in the latest build(s) - there are still a lot of 1400s out there.
0 Kudos
_Val_
Admin
Admin

1400 series reached Engineering support in October 2022. R77.20 HFA 11 firmware can be downloaded throughsk151574

0 Kudos
G_W_Albrecht
Legend Legend
Legend

YES.

Build 990173120 is the latest R77.20.87 Jumbo Hotfix Accumulator General Availability release that can be directly downloaded from this article: sk153433: Jumbo Hotfix Accumulator for R77.20.87

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Naftali_Oziel
Collaborator

You can request custom build, based on TAC another GA will be released but unknown date? Running on B139 that provided many accumulative fixes including brute force vulnerability against SSL VPN, fix was ported from R81.   So if you are using VPN SSL which uses the SNX portal get the fix asap or disable using that feature.  

0 Kudos
G_W_Albrecht
Legend Legend
Legend

Good to know ! I still run fw1_sx_dep_R77_990173127_20.img but no SNX is enabled.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Naftali_Oziel
Collaborator

Read my updates post below 

0 Kudos
G_W_Albrecht
Legend Legend
Legend

Above Links have changed:

R77.20.80 Build 2507 is not available anymore - only R77.20 HFA 80 Build 990172392 firmware for 1200R Appliances https://support.checkpoint.com/results/sk/sk123294

And from https://support.checkpoint.com/results/sk/sk182357

Effective 29 May 2024: The R77.20.81 images were replaced with Build 990172628 (replacing Build 990172701) to protect against CVE-2024-24919. https://support.checkpoint.com/results/sk/sk151574#Downloads See sk182357.

Effective 29 May 2024: The R77.20.87 images were replaced with Build 990173160 (replacing Build 990173122) to protect against CVE-2024-24919. https://support.checkpoint.com/results/sk/sk151574#Downloads See sk182357.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events