- Products
- Learn
- Local User Groups
- Partners
- More
Firewall Uptime, Reimagined
How AIOps Simplifies Operations and Prevents Outages
Introduction to Lakera:
Securing the AI Frontier!
Check Point Named Leader
2025 Gartner® Magic Quadrant™ for Hybrid Mesh Firewall
HTTPS Inspection
Help us to understand your needs better
CheckMates Go:
SharePoint CVEs and More!
Hi,
I would like to raise a query re: Checkpoint's response to the recently released statement on the aggregation and fragmentation attacks against WiFi. Some other vendors have produced guidance on this e.g when patches/firmware will be coming out to mitigate against these risks but I can't see anything from Checkpoint. Are you able to supply any more guidance on this?
https://www.icasi.org/aggregation-fragmentation-attacks-against-wifi/
Obviously some the SMB appliances have integrated Wireless (e.g the 1590 appliance)
Thanks - pnormanmtvh
I’ll ask around.
Meanwhile, I recommend a TAC case for a formal response.
Any response yet ?
I have also asked internally if we are vulnerable for the Frag attack. Having said that, all attacks can only be launched from the internal network. The vulnerabilities are using 802.11 design flaws on frame aggregation and fragmentation. Once we know more about risk, severity, exploitation factor etc. I will update you all.
Hi
There are several CVE there which are based on the 802.11 standard design, (and flaws) which are related to the way the standard handles frame aggregation and fragmentation.
We are working with the WiFi Vendor, and once fixes will be available, we will deploy them.
First analysis suggest you may be vulnerable only in close proximity as the described attacks can only carried out from the internal wireless network and therefore require physical proximity.
Any updates? Many other companies already provude fixes.
I assume you have a TAC case open on this, correct?
No, I was referring to Amir, who said, that CP is working with the vendors on it.
Hi Guys
TAC was updated, so i wonder why the message didn't convey..
Anyway -
we have a fix ready, and it will be available on the next SMB release. (R80.20.30 - around the first week of July)
If your need a solution sooner, we can deliver a jumbo fix on top of R80.20.25. please contact TAC
Thanks
Hi Amir aware for R80.20. for CP 1500 series +
My inquiry is specific to R77.20.87 for those that are still running on CP1400 series?? did open with TAC and it's unknown?
Hi Amir,
thank you for the update!
What about the 1400s (77.20.87) and the 1100s (77.20.80), which are both still covered by support?
Is there any SK for these issues?
Amir, does this apply for SMB 1400 series appliances that also have the integrated WiFi. I see talks about 1500 series hope no one is forgetting the others.
Pls advise.
The TAC case for this is: 6-0002681820
Did they say anything? I also looked at below link, but cant find much for this
no info as of yet from CP.
I would definitely bring that up to someone in TAC, because any vendor should and must have response to things like this.
already did...but it's no show response or unknown response for now.
Hi all, I am happy to share with you sk173718. As you can see the severity is low and has been fixed.
Enjoy!
@Naftali_Oziel , @pnormanmtvh you have your answer
Thanks all for the discussion and responses,
So as I understand it to mitigate these wi-fi vulnerabilities we can upgrade our 1590's to either:
It is likely that we will upgrade directly up to R80.20.30 due to Build 992002136 not appearing as a valid build on the sk171824 page.
Thanks
Incidentally, will Checkpoint be responding publicly to the ICASI statement with the fixes located at: https://www.icasi.org/aggregation-fragmentation-attacks-against-wifi/ ?
Yes, either is fine.
Thanks for the 700/900/1400 firmware why is it older than the current GA? Does that make sense?
it's not older
its a jumbo_hf based on latest jumbo release.
sequence number is different because it's a different branch (until a new public jumbo GA will be available)
Ok so it contains all fixes from B3083 GA?
yes
Thank you, no fix for the 1100s?
Will there be a fix for the 1100s?
Hi Steffen
to fix it a patch is needed from the WiFi Vendor. for the 1100, the driver is very old, and doesn't get frequently updated, so currently, there is no fix. if things will change, I'll update.
Any news for the 1100s?
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
User | Count |
---|---|
9 | |
3 | |
3 | |
1 | |
1 | |
1 |
Tue 07 Oct 2025 @ 10:00 AM (CEST)
Cloud Architect Series: AI-Powered API Security with CloudGuard WAFThu 09 Oct 2025 @ 10:00 AM (CEST)
CheckMates Live BeLux: Discover How to Stop Data Leaks in GenAI Tools: Live Demo You Can’t Miss!Thu 09 Oct 2025 @ 10:00 AM (CEST)
CheckMates Live BeLux: Discover How to Stop Data Leaks in GenAI Tools: Live Demo You Can’t Miss!Wed 22 Oct 2025 @ 11:00 AM (EDT)
Firewall Uptime, Reimagined: How AIOps Simplifies Operations and Prevents OutagesAbout CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY