Views:
Table of Contents
--------------------------
  New Filters - 8
  Modified Filters (logic changes) - 5
  Modified Filters (metadata changes only) - 3
  Removed Filters - 0
  New Filters: 

    40026: ZDI-CAN-23074: Zero Day Initiative Vulnerability (Papercut NG)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Papercut NG.
      - Deployments:
        - Deployment: Default (Block / Notify / Trace)
        - Deployment: Performance-Optimized (Disabled)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: February 13, 2024

    40065: ZDI-CAN-22328: Zero Day Initiative Vulnerability (Papercut NG)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Papercut NG.
      - Deployments:
        - Deployment: Default (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: February 13, 2024

    42983: HTTP: Paessler PRTG Network Monitor Cross-Site Scripting Vulnerability (ZDI-24-073)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a cross-site scripting vulnerability in Paessler PRTG.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2023-51630 CVSS 8.8
        - Zero Day Initiative: ZDI-24-073
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: February 13, 2024

    43568: HTTP: Ivanti Connect and Policy Secure SAML Component Server-Side Request Forgery Vulnerability
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a sever-side request forgery vulnerability in Ivanti Connect and Policy Secure.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2024-21893
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: February 13, 2024

    43678: HTTP: Cacti Group Cacti managers.php SQL Injection Vulnerability
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a SQL injection vulnerability in Cacti Group Cacti.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2023-51448 CVSS 6.7
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: February 13, 2024

    43784: HTTP: Arcserve UDP Directory Traversal Vulnerability
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a directory traversal vulnerability in Arcserve UDP.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2023-42000
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application
      - Release Date: February 13, 2024

    43785: HTTP: GNU GIMP PSP Image Channel Block Buffer Overflow Vulnerability
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in GNU Image Manipulation Program (GIMP).
      - Deployments:
        - Deployment: Default (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2023-44444
      - Classification: Vulnerability - Buffer/Heap Overflow
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application
      - Release Date: February 13, 2024

    43786: ZDI-CAN-22812: Zero Day Initiative Vulnerability (Papercut NG)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Papercut NG.
      - Deployments:
        - Deployment: Default (Block / Notify / Trace)
        - Deployment: Performance-Optimized (Disabled)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: February 13, 2024

  Modified Filters (logic changes):
    * = Enabled in Default deployments

    43317: HTTP: Ivanti Avalanche FileStoreConfig Arbitrary File Upload Vulnerability (ZDI-24-056)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: October 10, 2023
      - Last Modified Date: February 13, 2024

    43543: HTTP: Lexmark CX331adwe Missing Authentication Vulnerability (Pwn2Own ZDI-24-084)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Name changed from "43543: ZDI-CAN-22520: Zero Day Initiative Vulnerability (Lexmark CX331adwe)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: December 12, 2023
      - Last Modified Date: February 13, 2024

    * 43700: HTTP: Microsoft Windows Internet Shortcut SmartScreen Bypass Vulnerability
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Detection logic updated.
      - Release Date: January 17, 2024
      - Last Modified Date: February 13, 2024

    * 43702: ZDI-CAN-22890: Zero Day Initiative Vulnerability (Linux Kernel)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, or TPS models.
      - Detection logic updated.
      - Release Date: January 23, 2024
      - Last Modified Date: February 13, 2024

    * 43766: HTTP: Jenkins CI Server Arbitrary File Read Vulnerability
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Detection logic updated.
      - Release Date: February 06, 2024
      - Last Modified Date: February 13, 2024

  Modified Filters (metadata changes only):
    * = Enabled in Default deployments

    * 43257: HTTP: Microsoft Exchange IsUNCPath Improper Input Validation NTLM Relay Vulnerability (ZDI-23-1637)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Vulnerability references updated.
      - Release Date: September 19, 2023
      - Last Modified Date: February 13, 2024

    43544: HTTP: Lexmark CX331adwe PostScript File Parsing Memory Corruption Vulnerability (Pwn2Own ZDI-24-083)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Name changed from "43544: ZDI-CAN-22445: Zero Day Initiative Vulnerability (Lexmark CX331adwe)".
      - Description updated.
      - Vulnerability references updated.
      - Release Date: December 12, 2023
      - Last Modified Date: February 13, 2024

    * 43701: HTTP: Microsoft Windows SmartScreen Internet Shortcut Files Security Feature Bypass Vulnerability
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Name changed from "43701: ZDI-CAN-23100: Zero Day Initiative Vulnerability (Microsoft Windows SmartScreen)".
      - Description updated.
      - Vulnerability references updated.
      - Release Date: January 17, 2024
      - Last Modified Date: February 13, 2024

  Removed Filters: None
Keywords: Digital Vaccine #9874