CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Results 1 to 1 of 1

Thread: Security issue with checkpoint - vpn

  1. #1
    Join Date
    2011-08-02
    Location
    http://spikefishsolutions.com
    Posts
    1,654
    Rep Power
    10

    Default Security issue with checkpoint - vpn

    sk106162 - Jumbo hotfix for R77.30 - "PMTR-35032, PRJ-99 VPN Important security update for IPSec Site-to-Site (S2S) VPN."

    sk116380 - Jumbo hotfix for R80.10 - "PMTR-35032 VPN Important security update for IPSec Site-to-Site (S2S) VPN."

    sk149892 - Unauthorized VPN access to internal networks via IKEv2 tunnel (CVE-2019-8456)

    nothing points to PMTR or PRJ in sk14892, granted does say R80.10 take 203 which is where PMTR is so that must be it (why is this so hard?).

    I called support and asked "what the *bleep* does important security update for IPSec Site-to-Site (S2S) VPN mean? I didn't know about sk149892 at this time. I pointed out this is really irresponsible to post a security issue in a jumbo hotfix without any details. Diamond support said they've been told they're not going to provide any information on the issue. Not even a severity level for the security issues and since there is nothing for them to do they're going to close the case. The tech did say he thought if it was a big enough deal checkpoint would post something. I was also told to check with my SE to see if maybe they can get more information.

    So today I found SK149892 which says it only effects R80.10 and R80.20 and even goes as far as saying

    "R77.x versions are not affected since they use a different code." and yet it has the same dev code plus an additional one?

    So.. uh.. zero warm fuzzys but hey, maybe the sales team knows something? Thanks thats awesome. Anyone have any idea what the proper channel is to get information about security issues?
    Last edited by jflemingeds; 2019-04-24 at 19:22.

Similar Threads

  1. HTTP Security Server issue
    By avdonzzz in forum Firewall Blade
    Replies: 0
    Last Post: 2013-04-11, 01:46
  2. Upgrade advice for Checkpoint Endpoint Security FDE to Endpoint Security E80.20
    By mrbobuk in forum Full Disk Encryption (FDE) (Formerly Pointsec)
    Replies: 7
    Last Post: 2012-07-18, 18:23
  3. Replies: 4
    Last Post: 2012-07-06, 04:17
  4. Replies: 1
    Last Post: 2011-05-13, 04:33
  5. accept all encrypted traffic - security issue?
    By Brentd in forum IPsec VPN Blade (Virtual Private Networks)
    Replies: 3
    Last Post: 2006-10-01, 13:59

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •