Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
DM
Explorer
Jump to solution

Meaning of CVE numbers in IPS signatures

Hi,

we are currently running 77.30 and are going to upgrade to 80.x.

Anyway we started using IPS now with the 77.30 and I'm wondering about the meaning of the CVE numbers in the IPS signatures.

As an example I have the "Linux System Files Information Disclosure" going with CVE-2018-3948. The CVE number is about TP-Link devices.

So we don't run TP-Link devices and I first thought I could deactivate this protection. But then I checked the logged events and saw common directory traversal attacks. I checked if there are other "Linux System Files Information Disclosure" protections but cannot find any.

Is this signature just for TP-Link devices because of the CVE or is the CVE just an example for this attack pattern?

Thank you for your help.

0 Kudos
1 Solution

Accepted Solutions
Tal_Paz-Fridman
Employee
Employee

Hi,

 

You are correct and this is a bug. I will open an internal issue to have it corrected.

CVE-2018-3948 should be part of the Protection called TP-Link TL-R600VPN remote code execution which also has the Check Point Advisory CPAI-2019-0434

 

HTH

Tal

 

View solution in original post

1 Reply
Tal_Paz-Fridman
Employee
Employee

Hi,

 

You are correct and this is a bug. I will open an internal issue to have it corrected.

CVE-2018-3948 should be part of the Protection called TP-Link TL-R600VPN remote code execution which also has the Check Point Advisory CPAI-2019-0434

 

HTH

Tal

 

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events