Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Digital Vaccine #9382

    • Updated:
    • Product/Version:
    • TippingPoint Digital Vaccine
    • Platform:
Summary
Digital Vaccine #9382      January 28, 2020
Details
Public
Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs.

New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com.

SMS customers can update the Digital Vaccine through the SMS client. From the top-line menu, you can open the "File > Download Digital Vaccine from TMC" menu item to detect and load the latest update.
 
System Requirements
The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above,  all NGFW and all TPS systems.
The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance.
Please note that vTPS does not currently support pre-disclosed ZDI filters.
 
The Digital Vaccine can be manually downloaded from the following URLs:
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9382.pkg
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9382.pkg

Update Details

Table of Contents
--------------------------

Filters
 New Filters - 19
 Modified Filters (logic changes) - 17
 Modified Filters (metadata changes only) - 26
 Removed Filters - 0

Filters
----------------
 New Filters:
    36946: HTTP: ELOG Project ELOG show_uploader_json GET Request NULL Pointer Dereference Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a null pointer dereference vulnerability in the ELOG Server.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-3995
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service

    36955: HTTP: Mozilla Firefox ClearBidiControls Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Mozilla Firefox.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2017-5449
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application

    36960: HTTP: rConfig ajaxArchiveFiles.php Command Injection Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a command injection vulnerability in rConfig Network Device Configuration Tool.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-19509 CVSS 9.0
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: UNIX/Linux Server Application or Service

    36962: HTTP: Google Chrome PDFium Out-of-Bounds Write Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an out-of-bounds write vulnerability in Google Chrome.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-6144
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application

    36963: HTTP: ELOG Project ELOG show_uploader_json POST Request NULL Pointer Dereference Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a null pointer dereference vulnerability in the ELOG Server.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-3995
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service

    36964: HTTP: Google Chrome StableMapDependency Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Google Chrome.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-5831
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application

    36965: HTTP: Google Chrome TextureD3D_2DArray Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Google Chrome.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-5836
      - Classification: Vulnerability - Buffer/Heap Overflow
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application

    36974: HTTP: Microsoft Office SharePoint Stored Cross-site Scripting Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter detects an attempt to exploit a cross-site scripting vulnerability in Microsoft Office SharePoint.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-1070 CVSS 3.5
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service

    36986: HTTP: Linear eMerge E3 Access Controller Command Injection Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a command injection vulnerability in Linear eMerge E3.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-7256 CVSS 10.0
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service

    36988: PWN2OWN ZDI-CAN-10266: Zero Day Initiative Vulnerability (Triangle Microworks SCADA Data Gateway)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Triangle Microworks SCADA Data Gateway.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service

    36989: PWN2OWN ZDI-CAN-10267: Zero Day Initiative Vulnerability (Iconics GENESIS64)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Iconics GENESIS64.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service

    36990: PWN2OWN ZDI-CAN-10268: Zero Day Initiative Vulnerability (Rockwall Automation FactoryTalk)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Rockwall Automation FactoryTalk.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service

    36991: PWN2OWN ZDI-CAN-10276: Zero Day Initiative Vulnerability (Inductive Automation Ignition)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Inductive Automation Ignition.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service

    36992: PWN2OWN ZDI-CAN-10277: Zero Day Initiative Vulnerability (Inductive Automation Ignition)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Inductive Automation Ignition.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service

    36993: PWN2OWN ZDI-CAN-10278: Zero Day Initiative Vulnerability (Inductive Automation Ignition)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Inductive Automation Ignition.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service

    36994: PWN2OWN ZDI-CAN-10279: Zero Day Initiative Vulnerability (Schneider Electric EcoStruxure)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Schneider Electric EcoStruxure Operator Terminal Expert.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service

    37002: PWN2OWN ZDI-CAN-10292: Zero Day Initiative Vulnerability (Rockwall Automation Studio 5000)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Rockwall Automation Studio 5000.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service

    37003: PWN2OWN ZDI-CAN-10297: Zero Day Initiative Vulnerability (Iconics GENESIS64)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Iconics GENESIS64.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service

    37004: PWN2OWN ZDI-CAN-10298: Zero Day Initiative Vulnerability (Rockwall Automation Factory View SE)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Rockwall Automation Factory View SE.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service

  Modified Filters (logic changes):
    * = Enabled in Default deployments

    * 12618: HTTP: WebCruiser Vulnerability Scanner
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category changed from "Exploits" to "Reconnaissance".
      - Detection logic updated.

    33593: HTTP: Samsung Galaxy S9 GameServiceReceiver Unsafe Updates Vulnerability (PWN2OWN ZDI-19-255)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    35524: HTTP: Horner Automation Cscape CSP File Parsing Out-Of-Bounds Write Vulnerability (ZDI-19-903)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "35524: ZDI-CAN-8445: Zero Day Initiative Vulnerability (Horner Automation Cscape)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    35791: HTTP: Foxit PhantomPDF HTML2PDF HTML Parsing Out-Of-Bounds Write Vulnerability (ZDI-19-909)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "35791: ZDI-CAN-8692: Zero Day Initiative Vulnerability (Foxit PhantomPDF)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    * 36019: HTTP: Adobe Media Encoder CC MPG File Parsing Out-Of-Bounds Read Vulnerability (ZDI-19-906)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "36019: ZDI-CAN-8803: Zero Day Initiative Vulnerability (Adobe Media Encoder CC)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    36025: HTTP: Cisco Data Center Network Manager saveLicenseFileToServer Directory Traversal (ZDI-20-004)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "36025: ZDI-CAN-9024: Zero Day Initiative Vulnerability (Cisco Data Center Network Manager)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    36026: HTTP: Cisco Data Center Network Manager runZoneMigrationForBrocade Directory Traversal (ZDI-20-005)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "36026: ZDI-CAN-9026: Zero Day Initiative Vulnerability (Cisco Data Center Network Manager)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    36064: HTTP: Cisco Data Center Network Manager storeConfigToFS Directory Traversal (ZDI-20-009)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "36064: ZDI-CAN-9157: Zero Day Initiative Vulnerability (Cisco Data Center Network Manager)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    36065: HTTP: Cisco Data Center Network Manager readConfigFileFromDBAsXML Directory Traversal (ZDI-20-010)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "36065: ZDI-CAN-9158: Zero Day Initiative Vulnerability (Cisco Data Center Network Manager)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    36072: HTTP: Cisco Data Center Network Manager reportTemplateUploadPolicy Directory Traversal (ZDI-20-007)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "36072: ZDI-CAN-9035: Zero Day Initiative Vulnerability (Cisco Data Center Network Manager)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    36073: HTTP: Cisco Data Center Network Manager ReportWS Directory Traversal (ZDI-20-014)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "36073: ZDI-CAN-9130: Zero Day Initiative Vulnerability (Cisco Data Center Network Manager)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    36254: HTTP: Cisco Data Center Network Manager getModulesBySwitch SQL Injection (ZDI-20-047, ZDI-20-050)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "36254: ZDI-CAN-9058,9059: Zero Day Initiative Vulnerability (Cisco Data Center Network Manager)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    36479: HTTP: Cisco Data Center Network Manager getVsanListForEnclosures SQL Injection (ZDI-20-057)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "36479: ZDI-CAN-9164: Zero Day Initiative Vulnerability (Cisco Data Center Network Manager)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    36480: HTTP: Cisco Data Center Network Manager getVmHostData SQL Injection Vulnerability (ZDI-20-060)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "36480: ZDI-CAN-9165: Zero Day Initiative Vulnerability (Cisco Data Center Network Manager)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    36482: HTTP: Advantech WISE-PaaS/RMM SQLMgmt delData SQL Injection Vulnerability (ZDI-19-951)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "36482: ZDI-CAN-9147: Zero Day Initiative Vulnerability (Advantech WISE-PaaS/RMM)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    36496: HTTP: Advantech WISE-PaaS/RMM SQLMgmt updateData SQL Injection Vulnerability (ZDI-19-952)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "36496: ZDI-CAN-9146: Zero Day Initiative Vulnerability (Advantech WISE-PaaS/RMM)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    * 36927: HTTP: Citrix Application Delivery Controller Directory Traversal Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "36927: HTTP: Citrix Application Delivery Controller (ADC) Directory Traversal Vulnerability".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

  Modified Filters (metadata changes only):
    * = Enabled in Default deployments

    0079: ICMP: Echo Reply (ATT&CK T1018)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "0079: ICMP: Echo Reply".

    0164: ICMP: Echo Request (Ping) (ATT&CK T1018)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "0164: ICMP: Echo Request (Ping)".

    0692: Rservices: Attempted rlogin to root (ATT&CK T1021,T1078)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "0692: Rservices: Attempted rlogin to root".

    1125: HTTP: ../.. Directory Traversal
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Vulnerability references updated.

    1259: SMB: nbtstat Query (ATT&CK T1016)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "1259: SMB: nbtstat Query".

    1390: SMB: Windows Registry Access (ATT&CK T1112,T1012,T1058)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "1390: SMB: Windows Registry Access".

    1393: SMB: Windows Service Control Access (ATT&CK T1046,T1035)
      - IPS Version: 3.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "1393: SMB: Windows Service Control Access".

    1565: Tunneling: Data Transfer Using socks2http (ATT&CK T1048)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "1565: Tunneling: Data Transfer Using socks2http".

    1566: Tunneling: socks2http SetUp (ATT&CK T1048)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "1566: Tunneling: socks2http SetUp".

    1569: Tunneling: httptunnel Data Transfer (ATT&CK T1048)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "1569: Tunneling: httptunnel Data Transfer".

    1570: Tunneling: Fire Extinguisher Data Transfer (ATT&CK T1048)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "1570: Tunneling: Fire Extinguisher Data Transfer".

    1591: Tunneling: HTTPort Data transfer (ATT&CK T1043,T1048)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "1591: Tunneling: HTTPort Data transfer".

    1592: Tunneling: GoToMyPC Software (ATT&CK T1048)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "1592: Tunneling: GoToMyPC Software".

    2178: SMB: ADMIN$ Hidden Share Access (ATT&CK T1077)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "2178: SMB: ADMIN$ Hidden Share Access".

    2179: SMB: User Enumeration (ATT&CK T1087)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "2179: SMB: User Enumeration".

    2180: SMB: User Session Enumeration (ATT&CK T1087)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "2180: SMB: User Session Enumeration".

    2181: SMB: Service Enumeration (ATT&CK T1046)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "2181: SMB: Service Enumeration".

    2183: SMB: Network Service Enumeration (ATT&CK T1046)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "2183: SMB: Network Service Enumeration".

    2272: HTTP: ../ Directory Traversal Beyond WebRoot (level 0) (ATT&CK T1190)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "2272: HTTP: ../ Directory Traversal Beyond WebRoot (level 0)".

    2273: HTTP: ../ Directory Traversal Beyond WebRoot (level 1) (ATT&CK T1190)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "2273: HTTP: ../ Directory Traversal Beyond WebRoot (level 1)".

    2274: HTTP: ../ Directory Traversal Beyond WebRoot (level 2) (ATT&CK T1190)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "2274: HTTP: ../ Directory Traversal Beyond WebRoot (level 2)".

    2275: HTTP: ../ Directory Traversal Beyond WebRoot (level 3) (ATT&CK T1190)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "2275: HTTP: ../ Directory Traversal Beyond WebRoot (level 3)".

    2276: HTTP: ../ Directory Traversal Beyond WebRoot (level 4) (ATT&CK T1190)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "2276: HTTP: ../ Directory Traversal Beyond WebRoot (level 4)".

    2277: HTTP: ../ Directory Traversal Beyond WebRoot (level 5) (ATT&CK T1190)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "2277: HTTP: ../ Directory Traversal Beyond WebRoot (level 5)".

    13855: TCP: XML External Entity (XXE) Usage
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Vulnerability references updated.

    34841: HTTP: OpenMRS webservices.rest Insecure Object Deserialization Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.

  Removed Filters: None
  

Top of the Page
Premium
Internal
Partner
Rating:
Category:
Configure; Troubleshoot; Deploy
Solution Id:
TP000238721
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.