Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Digital Vaccine #9117

    • Updated:
    • 19 Jun 2018
    • Product/Version:
    • TippingPoint Digital Vaccine
    • Platform:
Summary
Digital Vaccine #9117      June 19, 2018
Details
Public
Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs.

New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com

SMS customers can update the Digital Vaccine through the SMS client. From the top line menu, you can open the "File > Download Digital Vaccine from TMC" menu item to detect and load the latest update.
 
System Requirements
The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above,  all NGFW and all TPS systems. The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance.
Please note that vTPS does not currently support pre-disclosed ZDI filters.
 
SMS v5.0.0 Customers
Trend Micro TippingPoint recommends that customers running SMS v5.0.0 upgrade to SMS v5.0.1 or SMS v5.0.0 (Patch 2) + SMS v5.0.0 Hotfix 123030a at the earliest opportunity in order to avoid critical issues related to filter overrides. See Product Bulletin #1078 for more information.
 
The Digital Vaccine can be manually downloaded from the following URLs:
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9117.pkg
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9117.pkg

Update Details

Table of Contents
--------------------------

Filters
 New Filters
 Modified Filters (logic changes)
 Modified Filters (metadata changes only)
 Removed Filters

Filters
----------------
 New Filters:
    31948: SMB: Microsoft Windows SMB Client Improper Initialization Denial-of-Service (ZDI-18-166)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter detects an attempt to exploit a denial-of-service vulnerability in Microsoft Windows.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Bugtraq ID: 102924
        - Common Vulnerabilities and Exposures: CVE-2018-0833
        - Zero Day Initiative: ZDI-18-166

    32024: DHCP: Red Hat NetworkManager DHCP Command Injection Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a command injection vulnerability in Red Hat Fedora DHCP client NetworkManager.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 104195
        - Common Vulnerabilities and Exposures: CVE-2018-1111

    32037: ZDI-CAN-5862: Zero Day Initiative Vulnerability (WECON LeviStudioU)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting WECON LeviStudioU.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    32040: ZDI-CAN-5866: Zero Day Initiative Vulnerability (WECON LeviStudioU)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting WECON LeviStudioU.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    32041: ZDI-CAN-5867-5870: Zero Day Initiative Vulnerability (WECON LeviStudioU)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting WECON LeviStudioU.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    32042: ZDI-CAN-5871: Zero Day Initiative Vulnerability (WECON LeviStudioU)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting WECON LeviStudioU.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    32045: ZDI-CAN-5874: Zero Day Initiative Vulnerability (WECON LeviStudioU)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting WECON LeviStudioU.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    32046: ZDI-CAN-5872: Zero Day Initiative Vulnerability (WECON LeviStudioU)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting WECON LeviStudioU.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    32047: ZDI-CAN-5877: Zero Day Initiative Vulnerability (Fuji Electric V-Server)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Fuji Electric V-Server.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    32048: ZDI-CAN-5879: Zero Day Initiative Vulnerability (Fuji Electric V-Server)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Fuji Electric V-Server.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    32049: ZDI-CAN-5880: Zero Day Initiative Vulnerability (Fuji Electric V-Server)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Fuji Electric V-Server.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    32050: ZDI-CAN-5881: Zero Day Initiative Vulnerability (Fuji Electric V-Server)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Fuji Electric V-Server.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    32051: ZDI-CAN-5882: Zero Day Initiative Vulnerability (Fuji Electric V-Server)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Fuji Electric V-Server.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    32055: ZDI-CAN-5883: Zero Day Initiative Vulnerability (Fuji Electric V-Server)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Fuji Electric V-Server.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    32056: ZDI-CAN-5884: Zero Day Initiative Vulnerability (Fuji Electric V-Server)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Fuji Electric V-Server.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    32057: ZDI-CAN-5885: Zero Day Initiative Vulnerability (Fuji Electric V-Server)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Fuji Electric V-Server.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    32058: ZDI-CAN-5886: Zero Day Initiative Vulnerability (Fuji Electric V-Server)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Fuji Electric V-Server.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    32059: ZDI-CAN-5887: Zero Day Initiative Vulnerability (Fuji Electric V-Server)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Fuji Electric V-Server.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    32060: ZDI-CAN-5888: Zero Day Initiative Vulnerability (Fuji Electric V-Server)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Fuji Electric V-Server.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    32061: ZDI-CAN-5889: Zero Day Initiative Vulnerability (Fuji Electric V-Server)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Fuji Electric V-Server.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    32122: HTTP: Git Submodules Directory Traversal Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a directory traversal vulnerability in Git client.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Bugtraq ID: 104345
        - Common Vulnerabilities and Exposures: CVE-2018-11235

    32128: HTTP: CMS Made Simple login.php Unauthorized Password Reset Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an unauthorized password reset vulnerability in CMS Made Simple.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-10081 CVSS 7.5

    32135: SIP: Asterisk PJSIP Invalid fmtp Media Attribute Denial-Of-Service Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a denial-of-service vulnerability in Digium Asterisk over UDP protocol.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-1000099

    32136: SIP: Asterisk PJSIP Invalid fmtp Media Attribute Denial-Of-Service Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a denial-of-service vulnerability in Digium Asterisk over TCP protocol.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-1000099

    32140: RELP: Red Hat librelp Stack Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Red Hat librelp.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-1000140

    32141: ZDI-CAN-6155: Zero Day Initiative Vulnerability (Crestron Multiple Products)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting multiple Crestron products.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    32142: ZDI-CAN-6161: Zero Day Initiative Vulnerability (Crestron Multiple Products)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting multiple Crestron products.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    32143: ZDI-CAN-6157: Zero Day Initiative Vulnerability (Crestron Multiple Products)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting multiple Crestron products.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    32144: ZDI-CAN-6158: Zero Day Initiative Vulnerability (Crestron Multiple Products)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting multiple Crestron products.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    32145: ZDI-CAN-6159: Zero Day Initiative Vulnerability (Crestron Multiple Products)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting multiple Crestron products.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    32146: ZDI-CAN-6160: Zero Day Initiative Vulnerability (Crestron Multiple Products)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting multiple Crestron products.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    32147: HTTP: JavaScript Code Obfuscation (aaencode)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects the download of documents which employ the aaencode encoding scheme.
      - Deployment: Not enabled by default in any deployment.

    32148: HTTP: Overlong Multipart MIME Type Boundary Usage
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects an attempt to use a multipart MIME type with an overlong boundary.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 65400, 91453
        - Common Vulnerabilities and Exposures: CVE-2014-0050 CVSS 7.5, CVE-2016-3092 CVSS 7.8

    32149: ZDI-CAN-6163: Zero Day Initiative Vulnerability (Crestron Multiple Products)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting multiple Crestron products.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    32150: ZDI-CAN-6164: Zero Day Initiative Vulnerability (Crestron Multiple Products)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting multiple Crestron products.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    32151: ZDI-CAN-6165: Zero Day Initiative Vulnerability (Crestron Multiple Products)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting multiple Crestron products.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    32152: ZDI-CAN-6167: Zero Day Initiative Vulnerability (Crestron Multiple Products)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting multiple Crestron products.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    32153: ZDI-CAN-6168: Zero Day Initiative Vulnerability (Crestron Multiple Products)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting multiple Crestron products.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    32154: ZDI-CAN-6169: Zero Day Initiative Vulnerability (Crestron Multiple Products)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting multiple Crestron products.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    32155: ZDI-CAN-6170: Zero Day Initiative Vulnerability (Crestron Multiple Products)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting multiple Crestron products.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    32156: ZDI-CAN-6171: Zero Day Initiative Vulnerability (Crestron Multiple Products)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting multiple Crestron products.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    32157: ZDI-CAN-6172: Zero Day Initiative Vulnerability (Crestron Multiple Products)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting multiple Crestron products.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    32158: ZDI-CAN-6174: Zero Day Initiative Vulnerability (Crestron Multiple Products)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting multiple Crestron products.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    32159: ZDI-CAN-6175: Zero Day Initiative Vulnerability (Crestron Multiple Products)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting multiple Crestron products.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    32160: ZDI-CAN-6177: Zero Day Initiative Vulnerability (Crestron Multiple Products)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting multiple Crestron products.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    32161: ZDI-CAN-6189: Zero Day Initiative Vulnerability (Crestron Multiple Products)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting multiple Crestron products.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    32163: TCP: Stratum Mining Protocol Usage
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects usage of the Stratum mining protocol.
      - Deployment: Not enabled by default in any deployment.

    32165: ZDI-CAN-6156: Zero Day Initiative Vulnerability (Crestron Multiple Products)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting multiple Crestron products.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    32166: HTTPS: Advantech WebAccess NMS DownloadAction Directory Traversal Vulnerability (ZDI-18-471)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: High
      - Description: This filter detects an attempt to exploit a directory traversal vulnerability in Advantech WebAccess.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Bugtraq ID: 104190
        - Common Vulnerabilities and Exposures: CVE-2018-7503
        - Zero Day Initiative: ZDI-18-471

    32167: ZDI-CAN-5891: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Adobe Acrobat Pro DC.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    32169: ZDI-CAN-5892: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Adobe Acrobat Pro DC.
      - Deployments:
        - Deployment: Default (Block / Notify / Trace)
        - Deployment: Performance-Optimized (Disabled)

  Modified Filters (logic changes):
    * = Enabled in Default deployments

    * 22008: HTTP: Microsoft Internet Explorer Object Element Type Confusion Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    27635: HTTP: Microsoft Edge ProfiledLdElem Type Confusion Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    29151: HTTP: Microsoft IE and Excel Urlmon Information Disclosure Vulnerability (ZDI-17-847, ZDI-18-300)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "29151: HTTP: Microsoft Internet Explorer and Excel Urlmon Information Disclosure Vulnerability (ZDI-17-847)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Deployments updated and are now:
        - Deployment: Security-Optimized (Block / Notify)

    * 29785: HTTP: Trend Micro Control Manager sCloudService GetPassword SQL Injection Vulnerability (ZDI-18-067)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Vulnerability references updated.

    30337: HTTP: Foxit Reader XFA layout sheet Type Confusion Vulnerability (ZDI-18-324)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "30337: ZDI-CAN-5374: Zero Day Initiative Vulnerability (Foxit Reader)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    30388: HTTP: Microsoft Excel XLS Parsing Type Confusion Vulnerability (ZDI-18-219)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "30388: HTTP: Microsoft Excel XLS Parsing Type Confusion Vulnerability".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    * 30926: SIP: Digium Asterisk INVITE TCP Connection Close Denial-of-Service Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    31556: HTTP: Microsoft Office Graph Chart Out-Of-Bounds Write Vulnerability (ZDI-18-430)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "31556: HTTP: Microsoft Office Buffer Overflow Vulnerability (ZDI-18-430)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    * 31561: HTTP: Microsoft Windows Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    31591: HTTP: Adobe Acrobat JPEG2000 Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "31591: HTTP: Adobe Acrobat JPEG2000 Out-of-Bounds Read Vulnerability".
      - Description updated.
      - Detection logic updated.
      - Deployments updated and are now:
        - No Deployments.

    31724: HTTP: Adobe Acrobat Pro BMP Buffer Overflow Vulnerability (ZDI-18-466)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    * 31744: HTTPS: Dell EMC VMAX Virtual Appliance Manager Directory Traversal Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Vulnerability references updated.

    * 31756: HTTP: ManageEngine Applications Manager Code Injection Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    31787: HTTP: Microsoft Windows JScript Error Object Use-After-Free Vulnerability (ZDI-18-534)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "31787: ZDI-CAN-5613: Zero Day Initiative Vulnerability (Microsoft Edge)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    31973: HTTP: Advantech WebAccess NMS DownloadAction Directory Traversal Vulnerability (ZDI-18-471)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    * 40732: HTTP: Apple iOS and OS X Use-After-Free Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "40732: HTTP: Apple iOS and OSX Information Disclosure Vulnerability".
      - Severity changed from "High" to "Critical".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

  Modified Filters (metadata changes only):
    * = Enabled in Default deployments

    * 21029: RPC: Advantech WebAccess webvrpcs Service BwWebSvc.dll Buffer Overflow (ZDI-16-132,144,146,149,151)
      - IPS Version: 3.2.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Vulnerability references updated.

    * 28534: HTTP: Joomla! CMS com_fields SQL Injection Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Miscellaneous modification.

    30333: HTTP: Foxit Reader XFA subform Type Confusion Vulnerability (ZDI-18-321)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "30333: ZDI-CAN-5371: Zero Day Initiative Vulnerability (Foxit Reader)".
      - Description updated.
      - Vulnerability references updated.

    30335: HTTP: Foxit Reader XFA layout Type Confusion Vulnerability (ZDI-18-323)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "30335: ZDI-CAN-5373: Zero Day Initiative Vulnerability (Foxit Reader)".
      - Description updated.
      - Vulnerability references updated.

    31709: HTTP: Adobe Acrobat Pro Path RenderTransform Memory Corruption Vulnerability (ZDI-18-451)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "31709: HTTP: Adobe Acrobat Pro Path RenderTransform Memory Corruption Vulnerability".
      - Description updated.
      - Vulnerability references updated.

  Removed Filters: None
Top of the Page
Premium
Internal
Rating:
Category:
Configure; Troubleshoot; Deploy
Solution Id:
TP000109740
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.