Thanks, WW,

How can I verify the rules for CVE, ex CVE-2021-34481?

Natthaphol.

the rules are from snort.

you can search there https://snort.org/

these are latest changes/additions

https://snort.org/advisories/talos-rules-2021-07-13

https://snort.org/advisories/talos-rules-2021-07-15

https://snort.org/advisories/talos-rules-2021-07-20

Dear ww,

Thanks for your tip. But how can we make sure that the rule or rules are actually on MX?

Natthaphol

You can't verify that a specific CVE is included in a specific update.  You can only go by the ruleset definitions:

https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Threat_Protection#Config... 

In short summary (make sure you read the whole definition - this is just to give you a quick feel):

• Connectivity: Contains rules from the current year and the previous two years for vulnerabilities with a CVSS score of 10.
• Balanced: Contains rules that are from the current year and the previous two years, are for vulnerabilities with a CVSS score of nine (9) or greater,
• Security: Contains rules that are from the current year and the previous three years, are for vulnerabilities with a CVSS score of eight (8) or greater

ps. We use "Security" for everyone of our customers.  Works great.

I note that this CVE currently has a rating of 7.8 - so there is no profile that will block it.

https://nvd.nist.gov/vuln/detail/CVE-2021-34481 

Note that the score can go up and down.  I suspect it might only be 7.8 because patches are available and the limited circumstances in which it can be used.

Dear Philip,

Thanks for your explanation. Can we verify the CVE[s] include in the MX appliance box?

And in the case of CVSS score change, how does the MX verify the CVSS score of specific CVE to prevent the threats?

Thanks,

Natthaphol.

Interesting, running this in the event log, my MX84 hasn't had an update since April 30th...