POODLE Vulnerability found in all latest Checkpoint versions portals (Multi-Portal, GAIA WEBUI Portal, IPSO Portal, Secure Platform WEBUI, LoM card WEBUI)
In continuation to SHELLSHOCK bash vulnerability found exploitable in Checkpoint WEBUI the company is currently working on closing SSL 3 in all portals since found vulnerable for CVE-2014-3566 POODLE Bites vulnerability.
The Checkpoint sk102989 explains step by step procedure about disabling SSL 3 in all portals and howto enable IPS and HTTPS inspection protections in order to block the endpoint user browsers from successful SSL 3 negotiation in case the remote WEB site is trying to force it. The SK is being updated in mostly daily basis. There is no full solution for diskless IPSO systems can survive reboot yet as well as pending solution for SmartPortal and LOM card WEBUI.
Of course all portals without solution provided shouldn’t be normally available from unsecured networks because designed to manage OS and hardware settings only.
All Checkpoint customers should check their publicly available portals and use the SK in order to fix. In addition it is highly recommended to disable the SSL 3 protocol on browser and network inspection gateways (UTM, Antivirus, Proxies).
There are free online tools customers can easely use in order to verify SSL 3 protocol support as well as POODLE vulnerability and configuration issues for their public portals