Snort rules update for specific CVE

Rob_Oliveira
Meraki Employee
Meraki Employee

Snort rules update for specific CVE

Hello all, do we know if MX appliances(Advanced License tier) already have snort rules 33654 and 63659 protecting against OpenSSH CVE-2024-6387? If so, is there public documentation I can refer and pass along?

 

Thank you!

3 Replies 3
thaack
Getting noticed

You can find snort rule updates in the event log.

 

Search for: Event type include "Intrusion detection rules update"

 

There you should find the snort_rules_version_value.

PhilipDAth
Kind of a big deal
Kind of a big deal

I can't say specifically, but I can give you the rules for whether a signature is included or not, and from here, you should be able to work it out.

https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Threat_Protection#Intrus...

 

PhilipDAth
Kind of a big deal
Kind of a big deal

From what I can see, the CVE has a score of 8.1.

https://nvd.nist.gov/vuln/detail/CVE-2024-6387

 

If you have the "Security" rule set selected then you should be covered.

PhilipDAth_0-1721942176373.png

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels