This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
PetterD
Participant
‎2021-11-15 07:37 AM

Check Point vulnerable to Apache CVes - sk176113 ?

Hello,

This is a question regarding the latest Apache CVE`es, more specifically CVE-2021-41773 & CVE-2021-42013
Check Point has released "sk176113" with a hotfix that is supported on most (not all) major versions/platforms on the latest Jumbo.

The sk176113 states that "No CVE in the list below may compromise Check Point products" and the sk has Medium Severity
with little information on which products/functionality that may be vulnerable/exploitable.

Does this actually mean that all Check Point versions from R80.10 are vulnerable and needs to be patched ASAP ?

Would have thought that this would be a "Very Critical" sk with alarms to all partners and customers and not just a "Medium" sk if that was the case ?

Thanks!

 

Regards. 
Petter D

2 Replies
PetterD
Participant
‎2021-11-15 08:40 AM

Just a follow-up that i was able to get more detailed information about these CVEs and that Check Point due to running 2.4.41 are not vulnerable to them, luckily 🙂

PhoneBoy
Admin
Admin
‎2021-11-15 08:47 AM

Apache is used in various web portals on Check Point Security Gateways and Management.
Things like the Gaia WebUI, Mobile Access Blade, UserCheck portal, etc.
The CVEs you mention specifically aren't relevant as they are only relevant to precise versions of Apache that we are not using.

The only potentially problematic CVE of the bunch listed in sk176113 (in my opinion) is CVE-2021-40438.
At least as I understand it, this could be used to "hop" into a resource behind the gateway.
Unless the attacker knows intimate details about the internal network, it's not clear how effective exploiting this issue would be, particularly without getting detected.
I presume this CVE is what drove the need for patches, which is why they are being offered out of band of the regular JHF.