CVE-2022-30190 aka follina
Enzino78
Enthusiast ✭✭
Hello Community,
I am surely that you are aware about the just disclosed vulnerabiliy on MS OS that is currently exploited in the wild. Have sonicwall prepared some signature to intercept such bad traffic ed virtuallypatch the problem? I received an advise from Fortinet that they have already in place GAV signatures to protect form this new issue.
Thanks
Category: Firewall Security Services
0
Answers
That's a good question, I was looking into this myself and see nothing on the SonicWall website.
I do see that Sentinel One has a writeup on it here : https://www.sentinelone.com/blog/staying-ahead-of-cve-2022-30190-follina/
Hopefully we are protected with the Sentinel One engine!
@Enzino78 SNWL did not disclosed any information on this AFAIK. Maybe it's included in yesterdays GAV Signature Update.
But nevertheless, to have any effect you probably need to have DPI-SSL enabled for detection in a encrypted stream.
I became more and more an advocate for getting things done on the Endpoint, because only there is the whole picture. SentinelOne (according to their blog post) is able to detect and hopefully CaptureClient should do the same. There was no specific agent version mentioned.
--Michael@BWC