Meraki

Community

Snort rules update for specific CVE

Rob_Oliveira
Meraki Employee
Meraki Employee
‎Jul 25 2024 10:27 AM
‎Jul 25 2024 10:27 AM

Snort rules update for specific CVE

Hello all, do we know if MX appliances(Advanced License tier) already have snort rules 33654 and 63659 protecting against OpenSSH CVE-2024-6387? If so, is there public documentation I can refer and pass along?

 

Thank you!

Labels:
0 Kudos
3 Replies 3
thaack
Getting noticed
‎Jul 25 2024 11:37 AM
‎Jul 25 2024 11:37 AM

You can find snort rule updates in the event log.

 

Search for: Event type include "Intrusion detection rules update"

 

There you should find the snort_rules_version_value.

PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jul 25 2024 2:14 PM
‎Jul 25 2024 2:14 PM

I can't say specifically, but I can give you the rules for whether a signature is included or not, and from here, you should be able to work it out.

https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Threat_Protection#Intrus...

 

PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jul 25 2024 2:16 PM
‎Jul 25 2024 2:16 PM

From what I can see, the CVE has a score of 8.1.

https://nvd.nist.gov/vuln/detail/CVE-2024-6387

 

If you have the "Security" rule set selected then you should be covered.

PhilipDAth_0-1721942176373.png

 

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.