Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs. New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com. SMS customers can update the Digital Vaccine through the SMS client. From the top line menu, you can open the "File > Download Digital Vaccine from TMC" menu item to detect and load the latest update. |
System Requirements |
The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above, all NGFW and all TPS systems. The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance. Please note that vTPS does not currently support pre-disclosed ZDI filters. |
The Digital Vaccine can be manually downloaded from the following URLs: https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9323.pkg https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9323.pkg |
Update Details
Table of Contents
--------------------------
Filters
New Filters - 39
Modified Filters (logic changes) - 8
Modified Filters (metadata changes only) - 18
Removed Filters - 0
Filters
----------------
New Filters:
33082: HTTP: LAquis SCADA LGX Report MemoryWriteByte/MemoryWriteWord Memory Corruption (ZDI-19-079, 083) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a memory corruption vulnerability in LAquis SCADA. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Bugtraq ID: 106634 - Common Vulnerabilities and Exposures: CVE-2018-18988 CVSS 8.3 - Zero Day Initiative: ZDI-19-079, ZDI-19-083 - Classification: Vulnerability - Other - Protocol: HTTP - Platform: Windows Client Application 33094: HTTP: LAquis SCADA LGX Report Untrusted Pointer Dereference (ZDI-19-073 - 077, 084, 085) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit an untrusted pointer dereference vulnerability in LAquis SCADA. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Bugtraq ID: 106634 - Common Vulnerabilities and Exposures: CVE-2018-18988 CVSS 8.3 - Zero Day Initiative: ZDI-19-073, ZDI-19-074, ZDI-19-075, ZDI-19-076, ZDI-19-077, ZDI-19-084, ZDI-19-085 - Classification: Vulnerability - Other - Protocol: HTTP - Platform: Windows Client Application 33391: ZDI-CAN-9227: Zero Day Initiative Vulnerability (Microsoft Office PowerPoint) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Office PowerPoint. - Deployments: - Deployment: Default (Block / Notify / Trace) - Deployment: Performance-Optimized (Disabled) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 35303: ZDI-CAN-9236: Zero Day Initiative Vulnerability (Advantech WebAccess) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Advantech WebAccess. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 36022: RPC: Advantech WebAccess Client BwFreRPT Buffer Overflow Vulnerability (ZDI-19-313) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Advantech WebAccess. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2019-6550 - Zero Day Initiative: ZDI-19-313 - Classification: Vulnerability - Buffer/Heap Overflow - Protocol: RPC Services - Platform: Other Server Application or Service 36023: RPC: Advantech WebAccess Client bwrunrpt Buffer Overflow Vulnerability (ZDI-19-314) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Advantech WebAccess. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2019-6550 - Zero Day Initiative: ZDI-19-314 - Classification: Vulnerability - Buffer/Heap Overflow - Protocol: RPC Services - Platform: Other Server Application or Service 36036: RPC: Advantech WebAccess Client BwCLRptw Buffer Overflow Vulnerability (ZDI-19-315) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Advantech WebAccess. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Bugtraq ID: 107675 - Common Vulnerabilities and Exposures: CVE-2019-6550 - Zero Day Initiative: ZDI-19-315 - Classification: Vulnerability - Buffer/Heap Overflow - Protocol: RPC Services - Platform: Other Server Application or Service 36040: ZDI-CAN-9183: Zero Day Initiative Vulnerability (Microsoft Windows) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Windows. - Deployments: - Deployment: Default (Block / Notify / Trace) - Deployment: Performance-Optimized (Disabled) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 36041: ZDI-CAN-9237: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Adobe Acrobat Pro DC. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 36044: HTTP: ABB PB610 Panel Builder 600 IDAL HTTP Host Buffer Overflow Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in ABB PB610 Panel Builder 600 IDAL. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Bugtraq ID: 108886 - Common Vulnerabilities and Exposures: CVE-2019-7232 CVSS 5.8 - Classification: Vulnerability - Buffer/Heap Overflow - Protocol: HTTP - Platform: Windows Client Application 36050: TCP: Microsoft Windows DHCP Server Failover Code Execution Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: High - Description: This filter detects an attempt to exploit a denial of service vulnerability in Microsoft Windows DHCP Server. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2019-1206 - Classification: Vulnerability - Denial of Service (Crash/Reboot) - Protocol: TCP (Generic) - Platform: Windows Server Application or Service 36051: HTTP: Viber for Desktop URI Handler Code Execution Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: High - Description: This filter detects an attempt to exploit a code execution vulnerability in Viber for Desktop. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2019-12569 CVSS 9.3 - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: Multi-Platform Client Application 36052: ZDI-CAN-9261: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Adobe Acrobat Pro DC. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 36053: ZDI-CAN-9262: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Adobe Acrobat Pro DC. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 36054: ZDI-CAN-9263: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Adobe Acrobat Pro DC. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 36055: ZDI-CAN-9264: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Adobe Acrobat Pro DC. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 36056: ZDI-CAN-9265: Zero Day Initiative Vulnerability (Microsoft Windows) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Windows. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 36057: ZDI-CAN-9269: Zero Day Initiative Vulnerability (Advantech WebAccess) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Advantech WebAccess. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 36058: ZDI-CAN-9270: Zero Day Initiative Vulnerability (Advantech WebAccess) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Advantech WebAccess. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 36059: ZDI-CAN-9271: Zero Day Initiative Vulnerability (Advantech WebAccess) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Advantech WebAccess. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 36060: HTTP: Microsoft Windows fontsub Font Parsing Memory Corruption Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Windows. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - References: - Common Vulnerabilities and Exposures: CVE-2019-1149 - Classification: Vulnerability - Other - Protocol: HTTP - Platform: Windows Client Application 36061: ZDI-CAN-8029: Zero Day Initiative Vulnerability (Microsoft Windows Media Player) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Windows Media Player. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 36062: ZDI-CAN-9238: Zero Day Initiative Vulnerability (Microsoft Windows) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Windows. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 36063: ZDI-CAN-8185: Zero Day Initiative Vulnerability (Microsoft Windows Media Player) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Windows Media Player. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 36064: ZDI-CAN-9157: Zero Day Initiative Vulnerability (Cisco Data Center Network Manager) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Cisco Data Center Network Manager. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 36065: ZDI-CAN-9158: Zero Day Initiative Vulnerability (Cisco Data Center Network Manager) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Cisco Data Center Network Manager. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 36066: HTTP: Microsoft Windows fontsub Font Parsing Memory Corruption Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Windows. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - References: - Common Vulnerabilities and Exposures: CVE-2019-1150 - Classification: Vulnerability - Other - Protocol: HTTP - Platform: Windows Client Application 36067: ZDI-CAN-8186: Zero Day Initiative Vulnerability (Microsoft Windows Media Player) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Windows Media Player. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 36068: ZDI-CAN-8935: Zero Day Initiative Vulnerability (HPE Intelligent Management Center) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Hewlett Packard Enterprise Intelligent Management Center. - Deployments: - Deployment: Security-Optimized (Block / Notify) - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 36069: HTTP: Webmin password_change.cgi Command Injection Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a command injection vulnerability in Webmin. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - References: - Common Vulnerabilities and Exposures: CVE-2019-15107, CVE-2019-15231 - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: Multi-Platform Server Application or Service 36070: ZDI-CAN-8963,8964,8968,8969,8970,8971: Zero Day Initiative Vulnerability (HPE IMC) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Hewlett Packard Enterprise Intelligent Management Center. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 36071: ZDI-CAN-9025: Zero Day Initiative Vulnerability (Cisco Data Center Network Manager) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Cisco Data Center Network Manager. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 36072: ZDI-CAN-9035: Zero Day Initiative Vulnerability (Cisco Data Center Network Manager) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Cisco Data Center Network Manager. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 36073: ZDI-CAN-9130: Zero Day Initiative Vulnerability (Cisco Data Center Network Manager) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Cisco Data Center Network Manager. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 36074: ZDI-CAN-9139: Zero Day Initiative Vulnerability (Cisco Data Center Network Manager) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Cisco Data Center Network Manager. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 36075: HTTP: Microsoft Windows fontsub Font Parsing Memory Corruption Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Windows. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - References: - Common Vulnerabilities and Exposures: CVE-2019-1151 - Classification: Vulnerability - Other - Protocol: HTTP - Platform: Windows Client Application 36076: HTTP: Microsoft Windows fontsub Font Parsing Memory Corruption Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Windows. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - References: - Common Vulnerabilities and Exposures: CVE-2019-1152 - Classification: Vulnerability - Other - Protocol: HTTP - Platform: Windows Client Application 36087: HTTP: Fortinet FortiOS lang Directory Traversal Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: High - Description: This filter detects an attempt to exploit a directory traversal vulnerability in Fortinet FortiOS. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - References: - Common Vulnerabilities and Exposures: CVE-2018-13379 - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: Multi-Platform Server Application or Service 36089: HTTP: Pulse Secure Pulse Connect Secure Directory Traversal Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: High - Description: This filter detects an attempt to exploit a directory traversal vulnerability in Pulse Secure Pulse Connect Secure. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - References: - Common Vulnerabilities and Exposures: CVE-2019-11510 - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: Multi-Platform Client Application Modified Filters (logic changes): * = Enabled in Default deployments 2178: SMB: ADMIN$ Hidden Share Access - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Detection logic updated. 32719: HTTP: Delta Industrial Automation CNCSoft ScreenEditor DPB File Buffer Overflow (ZDI-18-979 - 987) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "32719: ZDI-CAN-6269-6273,6275,6276,6303,6310: ZDI Vulnerability (Delta Industrial Automation CNCSoft)". - Description updated. - Detection logic updated. - Vulnerability references updated. 33096: HTTP: LAquis SCADA LGX Report Ini WriteString/WriteNumber Arbitrary File Creation (ZDI-19-078, 092) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "33096: ZDI-CAN-6574, ZDI-CAN-6629: Zero Day Initiative Vulnerability (LAquis SCADA)". - Description updated. - Detection logic updated. - Vulnerability references updated. 33988: HTTP: HPE Intelligent Management Center SoapConfigBean Expression Language Injection (ZDI-19-454) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "33988: HTTP: HPE Intelligent Management Center Expression Language Injection Vulnerability (ZDI-19-454) ". - Description updated. - Detection logic updated. - Vulnerability references updated. 33989: HTTP: HPE Intelligent Management Center iccSelectDevType Expression Language Injection (ZDI-19-452) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 33991: HTTP: HPE Intelligent Management Center TopoMsgServlet Expression Language Injection (ZDI-19-455) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "33991: ZDI-CAN-6911: Zero Day Initiative Vulnerability (HPE Intelligent Management Center)". - Description updated. - Detection logic updated. - Vulnerability references updated. 35174: RPC: Advantech WebAccess SCADA BwPAlarm IOCTL 70538 Buffer Overflow Vulnerability (ZDI-19-589) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "35174: ZDI-CAN-8064: Zero Day Initiative Vulnerability (Advantech WebAccess)". - Description updated. - Detection logic updated. - Vulnerability references updated. 35227: HTTP: Adobe Acrobat Reader PostScript File Parsing Out-of-Bounds Read Vulnerability (ZDI-19-491) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Detection logic updated. Modified Filters (metadata changes only): * = Enabled in Default deployments 25496: HTTP: HPE Intelligent Management Center UrlAccessController Authentication Bypass (ZDI-17-161) - IPS Version: 3.1.3 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Vulnerability references updated. 31629: HTTP: Advantech WebAccess Node BWSCADASoap SQL Injection Vulnerability (ZDI-18-474, 476, 477, 481) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. 34218: HTTP: Microsoft Windows EMF Graphic Out-Of-Bounds Read Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Miscellaneous modification. * 34221: HTTP: Microsoft Windows Subsetting Library Integer Underflow Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Miscellaneous modification. 34223: HTTP: Microsoft Windows Font Subsetting Library Double Free Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Miscellaneous modification. 34224: HTTP: Microsoft Windows Font Subsetting Library Use-After-Free Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Miscellaneous modification. 35286: HTTP: Microsoft JET Database Engine Out-Of-Bounds Write Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Miscellaneous modification. 35287: HTTP: Microsoft JET Database Engine Out-Of-Bounds Write Vulnerability (ZDI-19-703) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "35287: HTTP: Microsoft JET Database Engine Out-Of-Bounds Write Vulnerability". - Description updated. - Vulnerability references updated. 35293: HTTP: Microsoft JET Database Engine Out-Of-Bounds Write Vulnerability (ZDI-19-711) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "35293: HTTP: Microsoft JET Database Engine Out-Of-Bounds Write Vulnerability". - Description updated. - Vulnerability references updated. 35294: HTTP: Microsoft JET Database Engine Out-Of-Bounds Read Vulnerability (ZDI-19-712) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "35294: HTTP: Microsoft JET Database Engine Out-Of-Bounds Read Vulnerability". - Description updated. - Vulnerability references updated. 35355: HTTP: Microsoft JET Database Engine Out-Of-Bounds Write Vulnerability (ZDI-19-713) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "35355: HTTP: Microsoft JET Database Engine Out-Of-Bounds Write Vulnerability". - Description updated. - Vulnerability references updated. 35356: HTTP: Microsoft Windows gdiplus EMF Parsing Out-Of-Bounds Read Vulnerability (ZDI-19-714) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "35356: HTTP: Microsoft Windows gdiplus EMF Parsing Out-Of-Bounds Read Vulnerability". - Description updated. - Vulnerability references updated. 35420: HTTP: Adobe Acrobat Reader PostScript Type Confusion Vulnerability (ZDI-19-744) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "35420: HTTP: Adobe Acrobat Reader PostScript Type Confusion Vulnerability". - Description updated. - Vulnerability references updated. 35525: HTTP: Adobe Acrobat Pro DC XFA aliasNode Information Disclosure Vulnerability (ZDI-19-748) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "35525: HTTP: Adobe Acrobat Pro DC XFA aliasNode Information Disclosure Vulnerability". - Description updated. - Vulnerability references updated. 35526: HTTP: Adobe Acrobat Reader DC XFA ready Event Use-After-Free Vulnerability (ZDI-19-746) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "35526: HTTP: Adobe Acrobat Reader DC XFA ready Event Use-After-Free Vulnerability". - Description updated. - Vulnerability references updated. * 35840: HTTP: Microsoft Edge Type Confusion Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Miscellaneous modification. * 35841: HTTP: Microsoft Edge Type Confusion Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Miscellaneous modification. * 35842: HTTP: Microsoft Edge Type Confusion Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Miscellaneous modification. Removed Filters: None
Top of the Page