CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


First, I hope you're all well and staying safe.
Second, I want to give a "heads up" that you should see more activity here shortly, and maybe a few cosmetic changes.
I'll post more details to the "Announcements" forum soon, so be on the lookout. -E

 

Results 1 to 1 of 1

Thread: Security issue with checkpoint - vpn

  1. 2019-04-24 #1
    jflemingeds
    jflemingeds is offline Senior Member
    Join Date
    2011-08-02
    Location
    http://spikefishsolutions.com
    Posts
    1,668
    Rep Power
    13

    Default Security issue with checkpoint - vpn

    sk106162 - Jumbo hotfix for R77.30 - "PMTR-35032, PRJ-99 VPN Important security update for IPSec Site-to-Site (S2S) VPN."

    sk116380 - Jumbo hotfix for R80.10 - "PMTR-35032 VPN Important security update for IPSec Site-to-Site (S2S) VPN."

    sk149892 - Unauthorized VPN access to internal networks via IKEv2 tunnel (CVE-2019-8456)

    nothing points to PMTR or PRJ in sk14892, granted does say R80.10 take 203 which is where PMTR is so that must be it (why is this so hard?).

    I called support and asked "what the *bleep* does important security update for IPSec Site-to-Site (S2S) VPN mean? I didn't know about sk149892 at this time. I pointed out this is really irresponsible to post a security issue in a jumbo hotfix without any details. Diamond support said they've been told they're not going to provide any information on the issue. Not even a severity level for the security issues and since there is nothing for them to do they're going to close the case. The tech did say he thought if it was a big enough deal checkpoint would post something. I was also told to check with my SE to see if maybe they can get more information.

    So today I found SK149892 which says it only effects R80.10 and R80.20 and even goes as far as saying

    "R77.x versions are not affected since they use a different code." and yet it has the same dev code plus an additional one?

    So.. uh.. zero warm fuzzys but hey, maybe the sales team knows something? Thanks thats awesome. Anyone have any idea what the proper channel is to get information about security issues?
    Last edited by jflemingeds; 2019-04-24 at 19:22.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Similar Threads

  1. HTTP Security Server issue
    By avdonzzz in forum Firewall Blade
    Replies: 0
    Last Post: 2013-04-11, 01:46
  2. Upgrade advice for Checkpoint Endpoint Security FDE to Endpoint Security E80.20
    By mrbobuk in forum Full Disk Encryption (FDE) (Formerly Pointsec)
    Replies: 7
    Last Post: 2012-07-18, 18:23
  3. Smartdashboard - Firewall Properties - Network Security Tab Display Issue
    By cwatkins18 in forum SmartDashboard
    Replies: 4
    Last Post: 2012-07-06, 04:17
  4. Security issue in SSL VPN On-Demand applications ...anyone applied this hotfix?
    By Eros_G in forum SNX - SSL Network Extender
    Replies: 1
    Last Post: 2011-05-13, 04:33
  5. accept all encrypted traffic - security issue?
    By Brentd in forum IPsec VPN Blade (Virtual Private Networks)
    Replies: 3
    Last Post: 2006-10-01, 13:59

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules