This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
D521815
Participant
‎2024-09-26 08:30 AM

Missing IPS protection?

We ran a health check (HCP), and it shows the following:

Protections Impact
IPS | Dynamic_Losant Arduino MQTT Client Buffer Overflow (CVE-2018-17614) | M^AGI$C3A | 6.02% |

We would like to inactivate this protection, but it is impossible to find using SmartConsole or GuiDBedit.
Any suggestions?

Labels
0 Kudos
13 Replies
the_rock
MVP Platinum
MVP Platinum
‎2024-09-26 08:43 AM

Let me search it in the lab and report back.

Andy

Best,
Andy
0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2024-09-26 08:52 AM

Just checked in both R81.20 and R82 and cant find that CVE anywhere, either in IPS or inspection settings. I see some protections for buffer overflow, but nothing with exact same name.

Andy

Best,
Andy
0 Kudos
PhoneBoy
Admin
Admin
‎2024-09-26 08:57 AM

I don't find the protection on my end, either.
Suggest a TAC case: https://help.checkpoint.com 

0 Kudos
Tal_Paz-Fridman
MVP Silver CHKP MVP Silver CHKP
MVP Silver CHKP
‎2024-09-26 09:03 AM

Can you add a screenshot of the output including the test name?

Thanks!

0 Kudos
D521815
Participant
‎2024-09-26 09:19 AM
In response to Tal_Paz-Fridman

Here comes a screenshot.

Preview file
85 KB
0 Kudos
Tal_Paz-Fridman
MVP Silver CHKP MVP Silver CHKP
MVP Silver CHKP
‎2024-09-26 09:27 AM
In response to D521815

This is a protection that was available in the past. I'm checking if it has been removed and if we need to update HCP tests.

0 Kudos
D521815
Participant
‎2024-09-26 09:35 AM
In response to Tal_Paz-Fridman

We have ran Pattern Matcher statistics according to sk43733, and it shows the same result.

0 Kudos
Tal_Paz-Fridman
MVP Silver CHKP MVP Silver CHKP
MVP Silver CHKP
‎2024-09-26 09:51 AM
In response to D521815

I sent the question to relevant owners in R&D.

It exists on the machine in various locations but perhaps it is not active.

Waiting for the reply from owners.

 

 

 

 

0 Kudos
Lesley
MVP Gold
MVP Gold
‎2024-09-26 12:53 PM
In response to Tal_Paz-Fridman

Is it not this but then the other way around? That it got removed instead of added. 

https://support.checkpoint.com/results/sk/sk171752

-------
Please press "Accept as Solution" if my post solved it 🙂
0 Kudos
D521815
Participant
‎2024-10-01 03:21 AM
In response to Tal_Paz-Fridman

Have you heard anything from R&D yet?

0 Kudos
Tal_Paz-Fridman
MVP Silver CHKP MVP Silver CHKP
MVP Silver CHKP
‎2024-10-02 12:55 AM
In response to D521815

They are currently looking at the issue.

Will update once I know more.

D521815
Participant
‎2024-10-31 07:39 AM
In response to Tal_Paz-Fridman

Any news?

Lesley
MVP Gold
MVP Gold
‎2024-09-26 12:54 PM

basic check to make sure IPS is ok. 

You have valid license (cplic print)?

IPS updated? (ips stat)

Version supported (cpinfo -y all)

-------
Please press "Accept as Solution" if my post solved it 🙂
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events