Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Digital Vaccine #9144

    • Updated:
    • 7 Aug 2018
    • Product/Version:
    • TippingPoint Digital Vaccine
    • Platform:
Summary
Digital Vaccine #9144      August 7, 2018
Details
Public
Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs.

New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com

SMS customers can update the Digital Vaccine through the SMS client. From the top line menu, you can open the "File > Download Digital Vaccine from TMC" menu item to detect and load the latest update.

System Requirements
The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above,  all NGFW and all TPS systems. The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance.
Please note that vTPS does not currently support pre-disclosed ZDI filters.

SMS v5.0.0 Customers
Trend Micro TippingPoint recommends that customers running SMS v5.0.0 upgrade to SMS v5.0.1 or higher at the earliest opportunity in order to avoid critical issues related to filter overrides. See Product Bulletin #1078 for more information.

The Digital Vaccine can be manually downloaded from the following URLs:
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9144.pkg
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9144.pkg

Update Details

Table of Contents
--------------------------

Filters
 New Filters
 Modified Filters (logic changes)
 Modified Filters (metadata changes only)
 Removed Filters

Filters
----------------
 New Filters:
    31271: HTTP: wget Command Injection in HTTP Parameters
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Moderate
      - Description: This filter detects wget command injection in an HTTP request parameter.
      - Deployment: Not enabled by default in any deployment.

    32327: HTTP: GE MDS PulseNET Insecure Deserialization Vulnerability (ZDI-18-547, ZDI-18-548, ZDI-18-549)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an insecure deserialization vulnerability in GE MDS PulseNET.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-10611
        - Zero Day Initiative: ZDI-18-547, ZDI-18-548, ZDI-18-549

    32556: ZDI-CAN-6134: Zero Day Initiative Vulnerability (Trend Micro Endpoint Security Platform)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Trend Micro Endpoint Security Platform.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    32726: HTTP: Tor Traffic Through Format Transforming Encryption (FTE) Bridge
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects Tor traffic coming through a FTE proxy bridge.
      - Deployment: Not enabled by default in any deployment.

    32758: ZDI-CAN-6309: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Adobe Acrobat Pro DC.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    32759: ZDI-CAN-6400: Zero Day Initiative Vulnerability (Cisco WebEx)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Cisco WebEx.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    32760: ZDI-CAN-6401: Zero Day Initiative Vulnerability (OMRON CX-Supervisor)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting OMRON CX-Supervisor.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    32761: ZDI-CAN-6402: Zero Day Initiative Vulnerability (OMRON CX-Supervisor)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting OMRON CX-Supervisor.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    32762: ZDI-CAN-6403: Zero Day Initiative Vulnerability (OMRON CX-Supervisor)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting OMRON CX-Supervisor.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    32763: ZDI-CAN-6430: Zero Day Initiative Vulnerability (Horner Automation Cscape)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Horner Automation Cscape.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    32764: ZDI-CAN-6431: Zero Day Initiative Vulnerability (Horner Automation Cscape)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Horner Automation Cscape.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    32765: ZDI-CAN-6432: Zero Day Initiative Vulnerability (Horner Automation Cscape)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Horner Automation Cscape.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    32766: ZDI-CAN-6433: Zero Day Initiative Vulnerability (Horner Automation Cscape)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Horner Automation Cscape.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    32767: ZDI-CAN-6407: Zero Day Initiative Vulnerability (Horner Automation Cscape)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Horner Automation Cscape.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    32768: ZDI-CAN-6408: Zero Day Initiative Vulnerability (Horner Automation Cscape)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Horner Automation Cscape.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    32769: ZDI-CAN-6409: Zero Day Initiative Vulnerability (Horner Automation Cscape)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Horner Automation Cscape.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    32770: ZDI-CAN-6410: Zero Day Initiative Vulnerability (Horner Automation Cscape)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Horner Automation Cscape.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    32771: ZDI-CAN-6411: Zero Day Initiative Vulnerability (Horner Automation Cscape)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Horner Automation Cscape.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    32772: ZDI-CAN-6412: Zero Day Initiative Vulnerability (Horner Automation Cscape)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Horner Automation Cscape.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    32773: ZDI-CAN-6413: Zero Day Initiative Vulnerability (Horner Automation Cscape)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Horner Automation Cscape.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    32776: HTTP: WordPress Strong Testimonials plugin Cross-Site-Scripting Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Moderate
      - Description: This filter detects an attempt to exploit a cross-site-scripting vulnerability in WordPress Strong Testimonials plugin.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    32777: MODBUS: Delta Industrial Automation COMMGR Buffer Overflow Vulnerability (ZDI-18-588)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Delta Industrial Automation COMMGR.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-10594
        - Zero Day Initiative: ZDI-18-588

    32781: ZDI-CAN-6682: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Adobe Acrobat Pro DC.
      - Deployments:
        - Deployment: Default (Block / Notify / Trace)
        - Deployment: Performance-Optimized (Disabled)

    32783: ZDI-CAN-6666: Zero Day Initiative Vulnerability (Apple Safari)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Apple Safari.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    32784: HTTP: Apache CouchDB _config Command Execution Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a command execution vulnerability in Apache CouchDB.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-8007

    32785: ZDI-CAN-6630: Zero Day Initiative Vulnerability (LAquis SCADA)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting LAquis SCADA.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    32786: ZDI-CAN-6602: Zero Day Initiative Vulnerability (LAquis SCADA)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting LAquis SCADA.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    32787: ZDI-CAN-6582: Zero Day Initiative Vulnerability (LAquis SCADA)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting LAquis SCADA.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    32788: ZDI-CAN-6581: Zero Day Initiative Vulnerability (OMRON CX-Supervisor)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting OMRON CX-Supervisor.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    32789: HTTP: WordPress Snazzy Maps Plugin XSS Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter detects an attempt to exploit a cross-site scripting vulnerability in WordPress Snazzy Maps plugin.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    32790: ZDI-CAN-6493: Zero Day Initiative Vulnerability (WECON LeviStudioU)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting WECON LeviStudioU.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    32792: ZDI-CAN-6314: Zero Day Initiative Vulnerability (Cisco WebEx)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Cisco WebEx.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    32793: ZDI-CAN-6316: Zero Day Initiative Vulnerability (Cisco WebEx)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Cisco WebEx.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    32794: ZDI-CAN-6317: Zero Day Initiative Vulnerability (Cisco WebEx)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Cisco WebEx.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    32795: ZDI-CAN-6374: Zero Day Initiative Vulnerability (LAquis SCADA)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting LAquis SCADA.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    32796: ZDI-CAN-6377: Zero Day Initiative Vulnerability (LAquis SCADA)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting LAquis SCADA.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    32797: ZDI-CAN-6373: Zero Day Initiative Vulnerability (LAquis SCADA)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting LAquis SCADA.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    32798: ZDI-CAN-6076: Zero Day Initiative Vulnerability (Microsoft Chakra)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Chakra.
      - Deployments:
        - Deployment: Default (Block / Notify / Trace)
        - Deployment: Performance-Optimized (Disabled)

    32799: ZDI-CAN-6223: Zero Day Initiative Vulnerability (Foxit Reader)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Foxit Reader.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    32800: ZDI-CAN-6226: Zero Day Initiative Vulnerability (ABB Panel Builder 800)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting ABB Panel Builder 800.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    32801: ZDI-CAN-6318: Zero Day Initiative Vulnerability (Cisco WebEx)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Cisco WebEx.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    32802: ZDI-CAN-6327: Zero Day Initiative Vulnerability (Foxit Reader)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Foxit Reader.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    32803: HTTP: Oracle WebLogic Server (WLS - Web Services) Arbitrary File Upload
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects attempted file upload to Oracle WebLogic (WLS - Web Services) "keystore" or "import" files.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-2894

    32804: ZDI-CAN-6305: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Adobe Acrobat Pro DC.
      - Deployments:
        - Deployment: Default (Block / Notify / Trace)
        - Deployment: Performance-Optimized (Disabled)

    32805: ZDI-CAN-6328: Zero Day Initiative Vulnerability (Foxit Reader)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Foxit Reader.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    32806: ZDI-CAN-6376: Zero Day Initiative Vulnerability (Fuji Electric V-Server)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Fuji Electric V-Server.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    32808: ZDI-CAN-6308: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Adobe Acrobat Pro DC.
      - Deployments:
        - Deployment: Default (Block / Notify / Trace)
        - Deployment: Performance-Optimized (Disabled)

    32809: ZDI-CAN-6438: Zero Day Initiative Vulnerability (ABB Panel Builder 800)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting ABB Panel Builder 800.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    32810: ZDI-CAN-6439: Zero Day Initiative Vulnerability (ABB Panel Builder 800)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting ABB Panel Builder 800.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    32811: ZDI-CAN-6367: Zero Day Initiative Vulnerability (Delta Industrial Automation ISPSoft)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Delta Industrial Automation ISPSoft.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    32817: TCP: Suspicious Certificate File Content - (.CRT DER Encoding)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter attempts to detect a suspicious DER encoded certificate file with non-conforming content.
      - Deployment: Not enabled by default in any deployment.

  Modified Filters (logic changes):
    * = Enabled in Default deployments

    * 30349: HTTP: Microsoft Chakra JavaScript Array sort JIT Optimization Type Confusion Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    * 30509: HTTP: Microsoft Edge BoxStackInstance Type Confusion Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

  Modified Filters (metadata changes only):
    * = Enabled in Default deployments

  Removed Filters:

    7203: DoS: CPS Flood
      - IPS Version: 2.5.0 up to version 3.0.0.
      - NGFW Version: Not available.
      - TPS Version: Not available.
      - vTPS Version: Not available.

    7204: DoS: Connection Flood
      - IPS Version: 2.5.0 up to version 3.0.0.
      - NGFW Version: Not available.
      - TPS Version: Not available.
      - vTPS Version: Not available.

    7300: ICMP: Traffic Thresholds
      - IPS Version: 2.5.0 up to version 3.0.0.
      - NGFW Version: Not available.
      - TPS Version: Not available.
      - vTPS Version: Not available.

    7301: TCP: Traffic Thresholds
      - IPS Version: 2.5.0 up to version 3.0.0.
      - NGFW Version: Not available.
      - TPS Version: Not available.
      - vTPS Version: Not available.

    7302: UDP: Traffic Thresholds
      - IPS Version: 2.5.0 up to version 3.0.0.
      - NGFW Version: Not available.
      - TPS Version: Not available.
      - vTPS Version: Not available.

    7303: Other: Traffic Thresholds
      - IPS Version: 2.5.0 up to version 3.0.0.
      - NGFW Version: Not available.
      - TPS Version: Not available.
      - vTPS Version: Not available.

    7304: Application: Traffic Thresholds
      - IPS Version: 2.5.0 up to version 3.0.0.
      - NGFW Version: Not available.
      - TPS Version: Not available.
      - vTPS Version: Not available.

    7305: HTTP: Request Traffic Thresholds
      - IPS Version: 2.5.0 up to version 3.0.0.
      - NGFW Version: Not available.
      - TPS Version: Not available.
      - vTPS Version: Not available.

    7306: HTTP: Response Traffic Thresholds
      - IPS Version: 2.5.0 up to version 3.0.0.
      - NGFW Version: Not available.
      - TPS Version: Not available.
      - vTPS Version: Not available.

    7307: HTTPS: Request Traffic Thresholds
      - IPS Version: 2.5.0 up to version 3.0.0.
      - NGFW Version: Not available.
      - TPS Version: Not available.
      - vTPS Version: Not available.

    7308: HTTPS: Response Traffic Thresholds
      - IPS Version: 2.5.0 up to version 3.0.0.
      - NGFW Version: Not available.
      - TPS Version: Not available.
      - vTPS Version: Not available.

    7309: Application: Request Traffic Thresholds
      - IPS Version: 2.5.0 up to version 3.0.0.
      - NGFW Version: Not available.
      - TPS Version: Not available.
      - vTPS Version: Not available.

    7310: Application: Response Traffic Thresholds
      - IPS Version: 2.5.0 up to version 3.0.0.
      - NGFW Version: Not available.
      - TPS Version: Not available.
      - vTPS Version: Not available.

    7400: Firewall: Block
      - IPS Version: 2.5.0 up to version 3.0.0.
      - NGFW Version: Not available.
      - TPS Version: Not available.
      - vTPS Version: Not available.

    7401: Firewall: Permit
      - IPS Version: 2.5.0 up to version 3.0.0.
      - NGFW Version: Not available.
      - TPS Version: Not available.
      - vTPS Version: Not available.

    7402: Firewall: Web Filtering
      - IPS Version: 2.5.0 up to version 3.0.0.
      - NGFW Version: Not available.
      - TPS Version: Not available.
      - vTPS Version: Not available.

    7403: Firewall: Default Block
      - IPS Version: 2.5.0 up to version 3.0.0.
      - NGFW Version: Not available.
      - TPS Version: Not available.
      - vTPS Version: Not available.

    7404: Firewall: Blocked due to Resources
      - IPS Version: 2.5.0 up to version 3.0.0.
      - NGFW Version: Not available.
      - TPS Version: Not available.
      - vTPS Version: Not available.

    7410: Firewall: Application Flow Watermark Reached
      - IPS Version: 2.5.0 up to version 3.0.0.
      - NGFW Version: Not available.
      - TPS Version: Not available.
      - vTPS Version: Not available.
Top of the Page
Premium
Internal
Rating:
Category:
Configure; Troubleshoot; Deploy
Solution Id:
TP000118359
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.