On March 29, 2022, new CVEs were published on Spring Cloud: CVE-2022-22963, CVE-2022-22946, CVE-2022-22947, and CVE-2022-22950.
On March 31, 2022, a bypass to the fix for CVE-2010-1622 was published by Praetorian, and received the nickname "Spring4Shell" (see Spring Core on JDK9+ is vulnerable to remote code execution). Later, it was assigned to CVE-2022-22965.
The Check Point Infinity architecture is protected against this threat. We verified that this vulnerability does not affect our Infinity portfolio (including Quantum Security Gateways, Smart Management, Quantum Spark appliances with Gaia Embedded OS, Harmony Endpoint, Harmony Mobile, ThreatCloud, and CloudGuard).
We will continue to update you on any new development of this security event.
Check Point Products Status
Notes:
- All Check Point software versions, including out of support versions, are not vulnerable.
- All Check Point appliances are not vulnerable.
IPS protections
Check Point released these IPS protections:
To see these IPS protections in SmartConsole:
- From the left navigation panel, click Security Policies.
- In the upper pane, click Threat Prevention > Custom Policy.
- In the lower pane, click IPS Protections.
- In the top search field, enter the name of the CVE number.
Best Practice - Check Point recommends activating HTTPS Inspection (in the Security Gateway / Cluster object properties > HTTPS Inspection view), as the attack payload may appear in encrypted or decrypted traffic.
Harmony Endpoint for Linux Protection
- Exploit_Linux_Spring4Shell_B
CloudGuard Containers Security Protection
- Exploit_Linux_Spring4Shell_A
Related Articles: