Check Point Response to CVE-2021-3449 - OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message

Symptoms - OpenSSL published CVE-2021-3449 for versions OpenSSL 1.1.1. - This issue can cause a corresponding process to stop working in Gaia OS. Solution Check Point versions R80.30 and lower are not vulnerable! Check Point is vulnerable to OpenSSL CVE-2021-3449 only in these cases: Quantum...

Check Point Response to CVE-2021-3156 - sudo Privilege Escalation

Symptoms - CVE-2021-3156 states: "Sudo before 1.9.5p2 has a Heap-based Buffer Overflow, allowing privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character." - For more information, refer to https://www.sudo.ws/stable.html1.9.5p2 Solutio...

Check Point Response to SNIcat

...

Check Point Response to CVE-2020-28041 - NAT Slipstreaming

Cause The attack involves several vectors - Local IP disclosure, max MTU UDP and TCP calculation and leveraging a SIP parser weakness in fragmented HTTP packets which enables to "Slipstream" a legitimate SIP connection in an HTTP POST request generated by the victim's browser. The full descriptio...

Check Point Response to CVE-2020-10713 - GRUB2 bootloader is vulnerable to buffer overflow

Symptoms - CVE-2020-10713 states: "The GRUB2 boot loader is vulnerable to buffer overflow, which results in arbitrary code execution during the boot process, even when Secure Boot is enabled." For more information, refer to https://www.kb.cert.org/vuls/id/174059. Solution Gaia OS versions R81.10...

Check Point Response to Ripple20 Vulnerabilities

Symptoms - On June 16, 2020, CERT published vulnerabilities in the Treck IP Stack with the following CVEs: CVE-2020-11896, CVE-2020-11897, CVE-2020-11898, CVE-2020-11899, CVE-2020-11900, CVE-2020-11901, CVE-2020-11902, CVE-2020-11903, CVE-2020-11904, CVE-2020-11905, CVE-2020-11906, CVE-2020-11907...

Few Remote Access clients that do not support Multi-Factor Authentication (MFA) are able to connect to a Security Gateway even though "Allow older clients" is disabled

...

Check Point Response to CVE-2020-8597 - PPP buffer overflow vulnerability

Cause The bounds check for the rhostname was improperly constructed in the EAP request and response functions, which could allow a buffer overflow to occur. Configuring to connect to a malicious server can expose the system to this vulnerability. Symptoms - A buffer overflow flaw was found in the...

Predictable TCP sequences generated by Security Gateway in R80.20 / R80.30

...

Check Point Response to CVE-2020-0601 - CryptoAPI Spoofing Vulnerability

Symptoms - On January 14, 2020, Microsoft published the following: A spoofing vulnerability exists in the way Windows CryptoAPI Crypt32.dll validates Elliptic Curve Cryptography ECC certificates. An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a...

Check Point Response to CVE-2019-14899 (Inferring and hijacking VPN-tunneled TCP connections)

...

In a rare scenario, R80.30 Security Gateway managed by R80.30 Security Management crashes when Threat Prevention Forensics feature is enabled

...

Check Point Response to CVE-2019-8461 - Endpoint Security Initial Client

...

Authenticating to SMB appliances using only the first 8 characters of the Administrator password is allowed

...

Check Point Response to CVE-2019-11477, CVE-2019-11478, CVE-2019-11479 - TCP SACK PANIC Linux Kernel vulnerabilities

Cause CVE-2019-11477: The Linux kernel is vulnerable to an integer overflow in the 16-bit width of TCPSKBCBskb- tcpgsosegs. A remote attacker could exploit this to crash the system and create a Denial Of Service. CVE-2019-11478: The Linux kernel is vulnerable to a flaw that allows attackers to se...

Check Point Response to Intel Microarchitectural Data Sampling Vulnerabilities (Fallout, RIDL, Zombieload) (CVE-2018-12126 , CVE-2018-12127, CVE-2018-12130, CVE-2019-11091)

Symptoms - Researchers have released information about several vulnerabilities in Intel processors: Under certain conditions, data in microarchitectural structures that the currently-running software does not have permission to access may be speculatively accessed by faulting or assisting load or...

Check Point Response to CVE-2019-8456 - unauthorized VPN access to internal networks via IKEv2 tunnel

Symptoms - In some less common conditions, Check Point IKEv2 IPsec VPN up to R80.30 may allow an attacker with knowledge of the internal configuration and setup to successfully connect to a site-to-site VPN server. Solution Important Notes: R77.x versions are not affected because they use a...

Machine is vulnerable to attacks after CPUSE clean install and before completing the First Time Wizard

...

Check Point CloudGuard Controller fails to connect to a VMware vCenter Data Center in R80.20.M2

...

RADIUS/TACACS+ users fail to change the default admin password when running the First Time Wizard

...

Check Point response to Bleichenbacher oracle cryptographic attack (IKEv1/IKEv2)

...

Check Point response to SegmentSmack (CVE-2018-5390) and FragmentSmack (CVE-2018-5391)

...

Rare failure in the Identity Sharing network registration may potentially result in incorrect policy actions

Cause The connection is handled by the PEP Gateway, but no identity is found on the PEP for the connection’s IPs. With smart pull Identity sharing, the PEP Gateway will hold the connection if: 1. The Access Role is used in the policy and required for the final rulebase match. 2. There is a remote...

Using Domain Objects in the rulebase might cause wrong policy actions in R80.10 JHF Take_91-103

...

R77.30, R77.20 Security hotfix for DLP and Threat Extraction blades

...

Mail Transfer Agent (MTA) protection bypass

...

Detection issue of malicious URLs in Anti-Bot / Anti-Virus after installing Take 143 of R77.30 Jumbo Hotfix Accumulator

...

Check Point Response to BadLock vulnerabilities

...

Check Point response to ZoneAlarm DLL injection

...

Check Point response to NTP "panic threshold" Bypass Vulnerability (CVE-2015-5300)

...

Check Point Response to CVE-2016-0728 kernel: Possible use-after-free vulnerability in keyring facility

...

Check Point Response to CVE-2016-0777 and CVE-2016-0778 - OpenSSH Client vulnerabilities

Symptoms - Qualys Security team discovered two vulnerabilities in the roaming code of the OpenSSH client CVE-2016-0777 and CVE-2016-0778: SSH roaming enables a client, in case an SSH connection breaks unexpectedly, to resume it at a later time, provided the SSH server also supports it. Solution T...

Check Point response to CVE-2015-3456 (VENOM)

Symptoms - A vulnerability in the virtual floppy drive code was discovered CVE-2015-3456. Solution The relevant fix for Threat Emulation gateway is already available and has been integrated in Threat Emulation engine version 24.990000010 refer to sk95235. Any Threat Emulation engine version that ...

Check Point Response to CVE-2015-0204 - TLS FREAK Attack

Symptoms - On Tuesday, March 3, 2015, researchers disclosed a new SSL/TLS vulnerability - the FREAK attack. The vulnerability allows attackers to intercept HTTPS connections between vulnerable clients and vulnerable servers and force them to use the "export-grade" cryptography, which can then be...

Check Point Response to CVE-2015-0235 (glibc - GHOST)

...

Check Point response to NTP vulnerabilities (CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, CVE-2014-9296)

...

Check Point response to TLS 1.x padding vulnerability

...

Check Point response to the POODLE Bites vulnerability (CVE-2014-3566)

...

Check Point Response to CVE-2014-6271 and CVE-2014-7169 Bash Code Injection vulnerability

...

HTTPS Inspection update for attending India CCA unauthorized digital certificates

...

SSL/TLS MITM vulnerability (CVE-2014-0224)

...

Check Point response to TCP reassembly vulnerability (CVE-2014-3000; FreeBSD-SA-14:08.tcp)

...

Important security and stability enhancements for Security Gateway

...

Check Point response to OpenSSL vulnerability (CVE-2014-0160)

...

Check Point response to "Bypassing Application Control"

...

Some protections may not work for specific HTTP evasions in R77.10 / R77 / R76

...

Check Point response to GnuTLS certificate verification vulnerability (CVE-2014-0092)

...

Blocking NTP access on Gaia OS / IPSO OS (CVE-2013-5211)

...

Check Point response to Apple CVE-2014-1266

...

Check Point offers important security update for Endpoint Security Management Server

...