This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Thin
Contributor
‎2021-02-04 11:23 PM

Do Check Point have IPS signature CVE-2020-3992?

Hello 

I have a question about CVE-2020-3992.

Due to the concern on my site, Will Check Point create a signature for this CVE?

 

Thank you

0 Kudos
5 Replies
ED
Advisor
‎2021-02-05 12:38 AM

They did mention the CVE in this article on October 26, 2020 so it's weird that they don't already have one yet. 

https://research.checkpoint.com/2020/26th-october-threat-intelligence-bulletin/ 

 

As always it's best to patch the vulnerable system itself

https://www.vmware.com/security/advisories/VMSA-2020-0023.html 

PhoneBoy
Admin
Admin
‎2021-02-07 09:43 PM

In general, we cannot create an IPS signature for every CVE.
Some CVEs are not exploitable over the network.
There may also not be sufficient details available to us to create a signature.
Not sure what the specific reason is in this case—I’ll check.

PhoneBoy
Admin
Admin
‎2021-02-16 10:09 PM

At this time there are no plans to release an IPS signature for this CVE.
If you really need it, I would request it via your local Check Point office.
However, a better approach would be to apply the relevant VMware patches/upgrades.

Thin
Contributor
‎2021-02-16 10:21 PM
In response to PhoneBoy

Thank you, I have applied a workaround for this issue. It will be great if Check Point has a signature for the CVE.

0 Kudos
G_W_Albrecht
Legend
Legend
‎2021-02-17 01:19 AM
In response to Thin

- If you apply the relevant VMware patches/upgrades, IPS will only have one job more if there is a new protection created for it, putting mote load on your GWs

- if you do not apply the relevant VMware patches/upgrades and instead wait for CP to add a protection to IPS you seem not to need much security at all

CCSE CCTE SMB Specialist
0 Kudos