Re: Do Check Point have IPS signature CVE-2020-399...

Thin · ‎2021-02-04

Hello

I have a question about CVE-2020-3992.

Due to the concern on my site, Will Check Point create a signature for this CVE?

Thank you

ED · ‎2021-02-05

They did mention the CVE in this article on October 26, 2020 so it's weird that they don't already have one yet.

https://research.checkpoint.com/2020/26th-october-threat-intelligence-bulletin/

As always it's best to patch the vulnerable system itself

https://www.vmware.com/security/advisories/VMSA-2020-0023.html

PhoneBoy · ‎2021-02-07

In general, we cannot create an IPS signature for every CVE.
Some CVEs are not exploitable over the network.
There may also not be sufficient details available to us to create a signature.
Not sure what the specific reason is in this case—I’ll check.

PhoneBoy · ‎2021-02-16

At this time there are no plans to release an IPS signature for this CVE.
If you really need it, I would request it via your local Check Point office.
However, a better approach would be to apply the relevant VMware patches/upgrades.

Thin · ‎2021-02-16

Thank you, I have applied a workaround for this issue. It will be great if Check Point has a signature for the CVE.

G_W_Albrecht · ‎2021-02-17

- If you apply the relevant VMware patches/upgrades, IPS will only have one job more if there is a new protection created for it, putting mote load on your GWs

- if you do not apply the relevant VMware patches/upgrades and instead wait for CP to add a protection to IPS you seem not to need much security at all

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

Are you a member of CheckMates?

Do Check Point have IPS signature CVE-2020-3992?