This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
PetterD
Collaborator
‎2021-11-15 07:37 AM

Check Point vulnerable to Apache CVes - sk176113 ?

Hello,

This is a question regarding the latest Apache CVE`es, more specifically CVE-2021-41773 & CVE-2021-42013
Check Point has released "sk176113" with a hotfix that is supported on most (not all) major versions/platforms on the latest Jumbo.

The sk176113 states that "No CVE in the list below may compromise Check Point products" and the sk has Medium Severity
with little information on which products/functionality that may be vulnerable/exploitable.

Does this actually mean that all Check Point versions from R80.10 are vulnerable and needs to be patched ASAP ?

Would have thought that this would be a "Very Critical" sk with alarms to all partners and customers and not just a "Medium" sk if that was the case ?

Thanks!

 

Regards. 
Petter D

CCSM / CCSE / CCVS / CCTE
2 Replies
PetterD
Collaborator
‎2021-11-15 08:40 AM

Just a follow-up that i was able to get more detailed information about these CVEs and that Check Point due to running 2.4.41 are not vulnerable to them, luckily 🙂

CCSM / CCSE / CCVS / CCTE
PhoneBoy
Admin
Admin
‎2021-11-15 08:47 AM

Apache is used in various web portals on Check Point Security Gateways and Management.
Things like the Gaia WebUI, Mobile Access Blade, UserCheck portal, etc.
The CVEs you mention specifically aren't relevant as they are only relevant to precise versions of Apache that we are not using.

The only potentially problematic CVE of the bunch listed in sk176113 (in my opinion) is CVE-2021-40438.
At least as I understand it, this could be used to "hop" into a resource behind the gateway.
Unless the attacker knows intimate details about the internal network, it's not clear how effective exploiting this issue would be, particularly without getting detected.
I presume this CVE is what drove the need for patches, which is why they are being offered out of band of the regular JHF.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events