Create a Post
Showing results for 
Search instead for 
Did you mean: 

Check Point vulnerable to Apache CVes - sk176113 ?


This is a question regarding the latest Apache CVE`es, more specifically CVE-2021-41773 & CVE-2021-42013
Check Point has released "sk176113" with a hotfix that is supported on most (not all) major versions/platforms on the latest Jumbo.

The sk176113 states that "No CVE in the list below may compromise Check Point products" and the sk has Medium Severity
with little information on which products/functionality that may be vulnerable/exploitable.

Does this actually mean that all Check Point versions from R80.10 are vulnerable and needs to be patched ASAP ?

Would have thought that this would be a "Very Critical" sk with alarms to all partners and customers and not just a "Medium" sk if that was the case ?



Petter D

2 Replies

Just a follow-up that i was able to get more detailed information about these CVEs and that Check Point due to running 2.4.41 are not vulnerable to them, luckily 🙂


Apache is used in various web portals on Check Point Security Gateways and Management.
Things like the Gaia WebUI, Mobile Access Blade, UserCheck portal, etc.
The CVEs you mention specifically aren't relevant as they are only relevant to precise versions of Apache that we are not using.

The only potentially problematic CVE of the bunch listed in sk176113 (in my opinion) is CVE-2021-40438.
At least as I understand it, this could be used to "hop" into a resource behind the gateway.
Unless the attacker knows intimate details about the internal network, it's not clear how effective exploiting this issue would be, particularly without getting detected.
I presume this CVE is what drove the need for patches, which is why they are being offered out of band of the regular JHF.