Moved to Corporate User Assistance for faster support.
We did discuss this internally and this is the current response from Intel/McAfee regarding FREAK & Business Products:
McAfee Firewall Enterprise (MFE) was vulnerable but was patched on March 4, 2015, with general maintenance hotfix 7.0.1.03.H11.
At this time, Intel Security does not know of any other McAfee products that are affected. Investigation of all McAfee products is ongoing.
I have asked another Moderator for any updates on the matter.
I have an outstanding Service Request with Corporate Support asking for confirmation on which McAfee products are vulnerable to this exploit.
Ex_Brit has already posted the current response from Intel Security in Post #3 above, but I will chase up on the MWG product.
Certified Product Specialist - ePO
The Latest announcement from Intel is:
"The security impact is quite low risk because it is not easy to perform an exploit on this vulnerability and it requires additional exploits and expert know-how:
a) There must be a man-in-the-middle. (Which already requires much effort (e.g. using an additional exploit) on the attacker side.)
b) The downgrade attack must be executed.
c) The RSA key must be broken by brute force (considered as additional exploit) (e.g. on a EC2 cluster; again, expert crypto know-how is needed for that)
Yes, in theory, this all can be done, but in the real world the risk is negligibly small. MWG is vulnerable because of using the vulnerable openSSL library after the analysis. Fix will be released within 2 weeks"
Thank you Richard for your reply,
I agree that probably the scriptkiddies will be unable to benefit from this vulnerability, but as we know it's a bad world out there and if there is a hole in the chees the mouse is not far away.
Thank you also for the expected timeframe - good the hear.
I can confirm that en engineering statement has been released reporting the same as above.
Certified McAfee Product Specialist - ePO
there is a McAfee SNS newsletter available. FREAK vulnerability is fixed in MWG with the latest Releases.
McAfee Web Gateway 184.108.40.206 (Main Release) and McAfee Web Gateway 220.127.116.11 (Controlled Release) are now available.
Both releases include patches for the following Open SSL vulnerabilities:
- CVE-2015-0204 - FREAK Vulnerability
See the following Security Bulletins for more information on the vulnerabilities:
- SB10108 (https://kc.mcafee.com/corporate/index?page=content&id=SB10108)
- SB10110 (https://kc.mcafee.com/corporate/index?page=content&id=SB10110)
Web Gateway 18.104.22.168 (Main Release)
In addition to the vulnerability fixes, Web Gateway 22.214.171.124 resolves a number of miscellaneous issues.
is it possible to define a MWG ruleset to check if a webserver is vulnerable to the FREAK vulnerability.
Hay anyone any infos?