Why CVE-2016-7189 vulnerability in MS Edge is not reported by MX67 ?

SOLVED
FrederiqueC
Here to help

Why CVE-2016-7189 vulnerability in MS Edge is not reported by MX67 ?

Greetings, 

 

I am receiving alarms from the border FW (Stormshield SN) to inform that packets coming from the meraki MX (used as internal FW, with Advanced Security License) are blocked because of CVE-2016-7189 vulnerability in MS Edge. The Meraki is performing NAT and because of NAT, I am not able to detect which end user is using an internet browser which is not up to date.

Which leads me to that question : how come that this vulnerability has not been flagged by the Meraki beforehand  ?

 

Thank you for sharing your knowledge on this matter.

Frederique

1 ACCEPTED SOLUTION

100% of my clients use the security ruleset.

 

This is the definition of each ruleset so you can determine which CVEs are included.

https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Threat_Protection#Config... 

View solution in original post

3 REPLIES 3
CptnCrnch
Kind of a big deal
Kind of a big deal

Hi Frederique,

 

MX could catch this one by using the IPS. Do you have this enabled? If so, which ruleset is enabled?

Hi CptnCrnch.

Yes, IPS is enabled and the ruleset is set to "Balanced". 

Actually I've checked the snort trule list, and I am not sure if there is one for this particular vulnerability. Do you think we should try with "security" ruleset even if connectivity is essential to our organisation ?

Thanks

F.

 

100% of my clients use the security ruleset.

 

This is the definition of each ruleset so you can determine which CVEs are included.

https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Threat_Protection#Config... 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels