Table of Contents
--------------------------
Filters
New Filters - 30
Modified Filters (logic changes) - 10
Modified Filters (metadata changes only) - 1
Removed Filters - 0
Filters
----------------
New Filters:
35269: HTTP: WordPress Comment Content Filter Code Execution Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a code execution vulnerability in WordPress.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Bugtraq ID: 107411
- Common Vulnerabilities and Exposures: CVE-2019-9787 CVSS 6.8
35270: HTTP: Drupal Core Login Request
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Security Policy
- Severity: Low
- Description: This filter detects login attempts to the default login endpoint of the Drupal Content Management System (CMS).
- Deployment: Not enabled by default in any deployment.
35271: SSH: PuTTY SSH Client RSA Key Exchange Integer Overflow Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit an integer overflow vulnerability in PuTTY.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2019-9894 CVSS 6.4
35283: HTTP: Ruby on Rails Action View Information Disclosure Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit an information disclosure vulnerability in Ruby on Rails.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Bugtraq ID: 107409
- Common Vulnerabilities and Exposures: CVE-2019-5418 CVSS 5.0
35284: HTTP: Zoho ManageEngine Applications Manager FaultTemplateOptions.jsp resourceid SQL Injection
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a SQL injection vulnerability in Zoho ManageEngine Applications Manager.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2019-11469 CVSS 10.0
35286: ZDI-CAN-8277: Zero Day Initiative Vulnerability (Microsoft Windows)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Windows.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
35287: ZDI-CAN-8278: Zero Day Initiative Vulnerability (Microsoft Windows)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Windows.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
35288: HTTP: OPF OpenProject Activities API SQL Injection Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a SQL injection vulnerability in OPF OpenProject.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2019-11600 CVSS 6.8
35289: HTTP: mIRC URI Handler Code Execution Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Vulnerabilities
- Severity: High
- Description: This filter detects an attempt to exploit a code execution vulnerability in mIRC.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2019-6453 CVSS 6.8
35292: HTTP: Drupal Core Site Configuration Request
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Security Policy
- Severity: Low
- Description: This filter detects attempts to retrieve the main site configuration page of the Drupal Content Management System (CMS).
- Deployment: Not enabled by default in any deployment.
35293: ZDI-CAN-8121: Zero Day Initiative Vulnerability (Microsoft JET Database)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft JET Database.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
35294: ZDI-CAN-8131: Zero Day Initiative Vulnerability (Microsoft JET Database)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft JET Database.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
35295: ZDI-CAN-8132: Zero Day Initiative Vulnerability (Microsoft JET Database)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft JET Database.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
35296: RDP: Microsoft Remote Desktop Services Negotiation Request Without CredSSP
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Security Policy
- Severity: Moderate
- Description: This filter detects Windows Remote Desktop Protocol (RDP) requests without Credential Security Support Provider Protocol (CredSSP) enabled.
- Deployment: Not enabled by default in any deployment.
- References:
- Common Vulnerabilities and Exposures: CVE-2019-0708
35297: ZDI-CAN-8167: Zero Day Initiative Vulnerability (Red Lion Crimson)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Red Lion Crimson.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
35298: ZDI-CAN-8168: Zero Day Initiative Vulnerability (Red Lion Crimson)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Red Lion Crimson.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
35299: ZDI-CAN-8179: Zero Day Initiative Vulnerability (Red Lion Crimson)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Red Lion Crimson.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
35300: ZDI-CAN-8189: Zero Day Initiative Vulnerability (Advantech WebAccess)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Advantech WebAccess.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
35301: HTTP: Delta Industrial Automation ScreenEditor Information Disclosure Vulnerability (ZDI-19-419)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: High
- Description: This filter detects an attempt to exploit an information disclosure vulnerability in Delta Industrial Automation CNCSoft ScreenEditor.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2019-10949
- Zero Day Initiative: ZDI-19-419
35302: ZDI-CAN-8191: Zero Day Initiative Vulnerability (Advantech WebAccess)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Advantech WebAccess.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
35304: ZDI-CAN-8193: Zero Day Initiative Vulnerability (Advantech WebAccess)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Advantech WebAccess.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
35305: ZDI-CAN-8198: Zero Day Initiative Vulnerability (LAquis SCADA)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting LAquis SCADA.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
35306: ZDI-CAN-8200: Zero Day Initiative Vulnerability (LAquis SCADA)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting LAquis SCADA.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
35307: ZDI-CAN-8202: Zero Day Initiative Vulnerability (Microsoft Windows)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Windows.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
35309: ZDI-CAN-8246: Zero Day Initiative Vulnerability (WECON LeviStudioU)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting WECON LeviStudioU.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
35310: ZDI-CAN-8250: Zero Day Initiative Vulnerability (Delta Industrial Automation DOPSoft)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Delta Industrial Automation DOPSoft.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
35311: ZDI-CAN-8251: Zero Day Initiative Vulnerability (Delta Industrial Automation DOPSoft)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Delta Industrial Automation DOPSoft.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
35312: ZDI-CAN-8252: Zero Day Initiative Vulnerability (Delta Industrial Automation DOPSoft)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Delta Industrial Automation DOPSoft.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
35313: ZDI-CAN-8253: Zero Day Initiative Vulnerability (Delta Industrial Automation DOPSoft)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Delta Industrial Automation DOPSoft.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
35314: ZDI-CAN-8254: Zero Day Initiative Vulnerability (Delta Industrial Automation DOPSoft)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Delta Industrial Automation DOPSoft.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
Modified Filters (logic changes):
* = Enabled in Default deployments
2178: SMB: ADMIN$ Hidden Share Access
- IPS Version: 1.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
16246: RTSP: VideoLAN VLC RTSP Buffer Overflow Vulnerability
- IPS Version: 1.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
33485: HTTP: Schneider Electric IIoT Monitor UpgradeMgmt upload Directory Traversal (ZDI-19-032)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
- Vulnerability references updated.
33487: HTTP: Schneider Electric IIoT Monitor ProtectionMgmt upload Directory Traversal (ZDI-19-021)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
- Vulnerability references updated.
33488: HTTP: Schneider Electric IIoT Monitor RecoveryMgmt upload Directory Traversal (ZDI-19-022)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
- Vulnerability references updated.
* 33929: HTTP: Microsoft Edge Chakra NewScObjectNoCtor InitProtoType Confusion Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "33929: HTTP: Microsoft Edge Type Confusion Vulnerability".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
34723: SMB: Windows Drive Hidden Share Access
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
35002: DHCP: Microsoft Windows DHCP Client Code Execution Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
35085: HTTP: Oracle WebLogic Server Remote Code Execution Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
35094: HTTP: SQL Injection (JSON)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
Modified Filters (metadata changes only):
* = Enabled in Default deployments
29657: RPC: Advantech WebAccess Malicious IOCTL(ZDI-17-938-940,ZDI-18-009-025,18-029-054,18-058-063,18-483)
- IPS Version: 3.2.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Vulnerability references updated.
Removed Filters: None