- Products
- Learn
- Local User Groups
- Partners
- More
Check Point Jump-Start Online Training
Now Available on CheckMates for Beginners!
Why do Hackers Love IoT Devices so Much?
Join our TechTalk on Aug 17, at 5PM CET | 11AM EST
Welcome to Maestro Masters!
Talk to Masters, Engage with Masters, Be a Maestro Master!
ZTNA Buyer’s Guide
Zero Trust essentials for your most valuable assets
The SMB Cyber Master
Boost your knowledge on Quantum Spark SMB gateways!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
CheckFlix!
All Videos In One Space
Hello
I have updated IPS on management but I cannot find CVE-2021-21972 signature.
Does Check Point has CVE-2021-21972 IPS protection?
Does Check Point has plan to release this signature?
Thank you.
The vulnerability was announced yesterday. Until there is a proof of concept, or a working exploit, IPS signature cannot be produced. VMware has posted a workaround here, that you can apply meanwhile
Hi,
An IPS protection was released for this vulnerability.
Protection name: "VMware vSphere Client Remote Code Execution (CVE-2021-21972)"
Thanks,
Avi
This exploit is in the wild now.
Proof of Concept available on github; https://github.com/horizon3ai/CVE-2021-21972
Any updates on IPS signatures?
Hi,
An IPS protection was released for this vulnerability.
Protection name: "VMware vSphere Client Remote Code Execution (CVE-2021-21972)"
Thanks,
Avi
I don't seem to have any luck triggering this protection.
Testing at home:
Check Point 3100 - R80.40 JHA91
[Expert@cp-fw01:0]# ips stat
IPS Status: Enabled
Active Profiles:
Custom Optimized
IPS Update Version: 635211403
Global Detect: Off
Bypass Under Load: Off
Second test:
VSX R80.30 JHA 227 (Open server)
[Expert@<vsxhostname>:<vsid>]# ips stat
IPS Status: Enabled
IPS Update Version: 635211403
Global Detect: Off
Bypass Under Load: Off
In the test, I'm just running the PoC Code from Github.
x@y:~/CVE-2021-21972$ python3 poc.py -t 10.99.9.9 -f testfile.txt -p /home/vsphere-ui/testfile.txt -o unix
[+] 10.99.9.9 vulnerable to CVE-2021-21972!
[+] Adding testfile.txt as ../../../../../home/vsphere-ui/testfile.txt to archive
[+] Wrote testfile.txt to exploit.tar on local filesystem
[+] File uploaded successfully
root@photon-machine [ ~ ]# cd /home/vsphere-ui/
root@photon-machine [ /home/vsphere-ui ]# ls
testfile.txt
root@photon-machine [ /home/vsphere-ui ]# cat testfile.txt
test
root@photon-machine [ /home/vsphere-ui ]#
Hi,
The PoC you shared is blocked based on our internal testing, I am taking this with you offline to ensure that you configured the testing correctly
Avi
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY