Thursday 03 June 2021
The impact of this issue announcement is medium. Please act accordingly to rectify the issue, as stated below.
What you need to know:
- Quantum Security Management
- Multi-Domain Management
- Quantum Security Gateways
Actions to be taken:
Administrators should note that versions lower than R80.40 are not vulnerable, and that Check Point is vulnerable to OpenSSL CVE-2021-3449 during the following cases only:
- Quantum Security Gateway R80.40 or R81, on the Gaia UI and only when there are no other portals enabled (such as VPN Remote Access clients, UserCheck, etc.).
- Quantum Security Management or Endpoint Management R80.40 or R81 (that should be accessible internally).
- HTTPS Inspection on R81 after enabling TLS 1.3.
The solution fix is included in:
- Jumbo Hotfix Accumulator for R81 starting from Take 25 (https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk170114)
- Jumbo Hotfix Accumulator for R80.40 starting from Take 102 (https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk165456)