Meraki

Community

Why CVE-2016-7189 vulnerability in MS Edge is not reported by MX67 ?

Solved
FrederiqueC
Here to help
‎Feb 28 2022 2:25 AM
‎Feb 28 2022 2:25 AM

Why CVE-2016-7189 vulnerability in MS Edge is not reported by MX67 ?

Greetings, 

 

I am receiving alarms from the border FW (Stormshield SN) to inform that packets coming from the meraki MX (used as internal FW, with Advanced Security License) are blocked because of CVE-2016-7189 vulnerability in MS Edge. The Meraki is performing NAT and because of NAT, I am not able to detect which end user is using an internet browser which is not up to date.

Which leads me to that question : how come that this vulnerability has not been flagged by the Meraki beforehand  ?

 

Thank you for sharing your knowledge on this matter.

Frederique

0 Kudos
1 Accepted Solution
In response to FrederiqueC
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Feb 28 2022 11:41 AM
‎Feb 28 2022 11:41 AM

100% of my clients use the security ruleset.

 

This is the definition of each ruleset so you can determine which CVEs are included.

https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Threat_Protection#Config... 

View solution in original post

3 Replies 3
CptnCrnch
Kind of a big deal
Kind of a big deal
‎Feb 28 2022 5:47 AM
‎Feb 28 2022 5:47 AM

Hi Frederique,

 

MX could catch this one by using the IPS. Do you have this enabled? If so, which ruleset is enabled?

0 Kudos
In response to CptnCrnch
FrederiqueC
Here to help
‎Feb 28 2022 6:08 AM
‎Feb 28 2022 6:08 AM

Hi CptnCrnch.

Yes, IPS is enabled and the ruleset is set to "Balanced". 

Actually I've checked the snort trule list, and I am not sure if there is one for this particular vulnerability. Do you think we should try with "security" ruleset even if connectivity is essential to our organisation ?

Thanks

F.

 

0 Kudos
In response to FrederiqueC
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Feb 28 2022 11:41 AM
‎Feb 28 2022 11:41 AM

100% of my clients use the security ruleset.

 

This is the definition of each ruleset so you can determine which CVEs are included.

https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Threat_Protection#Config... 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.