Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Sergej_Gurenko
Collaborator

Jump page listing all Check Point vulnerabilities from past years

Hello CheckMakes,

I was updating vulnerability management process with recent links point to each vendor dedicated security Advisories page. Did all other firewall vendors without a problem and stumbled into an issue with Check Point. I was not able to find page dedicated to _product_ vulnerabilities.

I can not find the way to search for product vulnerabilities, apart of searching knowledge base for keyword "Check Point response" (with quotation marks) and then sorting by time.

The advisories page https://www.checkpoint.com/advisories/  is mostly information about IPS signatures and does not fit into what i'm looking for.

Please share our thoughts.

Regards,

Sergej

6 Replies
Jesús_Toledano
Contributor

Hi Sergej,

There's a link in the main support page:

Here you are: 

Support, Support Requests, Training, Documentation, and Knowledge base for Check Point products and ... 

Regards,

Jesús

Sergej_Gurenko
Collaborator

Thank you for pointing up to this page, i originally missed it. It is seems like a "natural habitat" for all security advisories.

However, there is only one announcement dated 2017. And some big issues not listed at all.

For example there is no (or i was not able to see) detail on sk122205 - Check Point Response to Meltdown and Spectre (CVE-2017-5753, CVE-2017-5715, CVE-2017-5754) 

Is it defensively the right "catch all" place to see new security advisories from Check Point?

0 Kudos
G_W_Albrecht
Legend Legend
Legend

This page is a mixed bag - it shows vulnerabilities of CP products, but also other vendors vulnerabilities that Check Point provides coverage for with IPS protections. So there simply seems to be no "catch all" place...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
PhoneBoy
Admin
Admin

This page only lists high/critical security vulnerabilities for which patches have been issued, if I recall correctly.

In the last couple years, there have been only two.

We have not issued patches for Meltdown/Spectre.

0 Kudos
Bradley_Marshal
Explorer

So Check Point does not advertise what they are vulnerable to if there is not a patch issued? The company does not report their security vulnerabilities to MITRE / NIST?

Anything similar to this from Cisco (which included products that do not even have a fix yet..):

Security Advisories and Alerts 

??

Thanks!

0 Kudos
PhoneBoy
Admin
Admin

That page should include information about security issues we're planning to patch as well.

For example, when we posted the issue about SegmentStack and FragmentStack, we did not have fixes for some of the appliances yet.

It may also contain statements about security issues in general technology used in security products (e.g. Bleichenbacher oracle cryptographic attack).

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events