This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
DM
Explorer
‎2019-07-11 02:00 AM
Jump to solution

Meaning of CVE numbers in IPS signatures

Hi,

we are currently running 77.30 and are going to upgrade to 80.x.

Anyway we started using IPS now with the 77.30 and I'm wondering about the meaning of the CVE numbers in the IPS signatures.

As an example I have the "Linux System Files Information Disclosure" going with CVE-2018-3948. The CVE number is about TP-Link devices.

So we don't run TP-Link devices and I first thought I could deactivate this protection. But then I checked the logged events and saw common directory traversal attacks. I checked if there are other "Linux System Files Information Disclosure" protections but cannot find any.

Is this signature just for TP-Link devices because of the CVE or is the CVE just an example for this attack pattern?

Thank you for your help.

0 Kudos
1 Solution

Accepted Solutions
Tal_Paz-Fridman
Employee
Employee
‎2019-07-11 04:14 AM
Jump to solution

Hi,

 

You are correct and this is a bug. I will open an internal issue to have it corrected.

CVE-2018-3948 should be part of the Protection called TP-Link TL-R600VPN remote code execution which also has the Check Point Advisory CPAI-2019-0434

 

HTH

Tal

 

View solution in original post

1 Reply
Tal_Paz-Fridman
Employee
Employee
‎2019-07-11 04:14 AM
Jump to solution

Hi,

 

You are correct and this is a bug. I will open an internal issue to have it corrected.

CVE-2018-3948 should be part of the Protection called TP-Link TL-R600VPN remote code execution which also has the Check Point Advisory CPAI-2019-0434

 

HTH

Tal

 

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events