Summary
Digital Vaccine #9384 February 11, 2020
Details
| Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs. New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com. SMS customers can update the Digital Vaccine through the SMS client. From the top-line menu, you can open the "File > Download Digital Vaccine from TMC" menu item to detect and load the latest update. |
| System Requirements |
| The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above, all NGFW and all TPS systems. The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance. Please note that vTPS does not currently support pre-disclosed ZDI filters. |
| Microsoft Security Bulletins This DV includes coverage for the Microsoft vulnerabilities released on or before February 11, 2020. The following table maps TippingPoint filters to the Microsoft CVEs. | ||
| CVE | Filter | Status |
| CVE-2020-0618 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0655 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0657 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0658 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0659 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0660 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0661 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0662 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0663 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0665 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0666 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0667 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0668 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0669 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0670 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0671 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0672 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0673 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0674 | 36973 | |
| CVE-2020-0675 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0676 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0677 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0678 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0679 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0680 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0681 | 37093 | |
| CVE-2020-0682 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0683 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0685 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0686 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0688 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0689 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0691 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0692 | 37063 | |
| CVE-2020-0693 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0694 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0695 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0696 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0697 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0698 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0701 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0702 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0703 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0704 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0705 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0706 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0707 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0708 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0709 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0710 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0711 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0712 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0713 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0714 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0715 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0716 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0717 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0719 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0720 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0721 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0722 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0723 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0724 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0725 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0726 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0727 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0728 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0729 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0730 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0731 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0732 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0733 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0734 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0735 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0736 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0737 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0738 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0739 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0740 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0741 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0742 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0743 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0744 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0745 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0746 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0747 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0748 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0749 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0750 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0751 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0752 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0753 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0754 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0755 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0756 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0759 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0767 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0792 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| Filters marked with * shipped prior to this DV, providing zero-day protection. | ||
| Adobe Security Bulletins This DV includes coverage for the Adobe vulnerabilities released on or before February 11, 2020. The following table maps TippingPoint filters to the Adobe CVEs. | ||
| Bulletin | CVE | Filter |
| APSB20-05 | CVE-2020-3741 | 37078 |
| APSB20-05 | CVE-2020-3742 | 37079 |
| APSB20-05 | CVE-2020-3743 | 37080 |
| APSB20-05 | CVE-2020-3744 | 37081 |
| APSB20-05 | CVE-2020-3745 | 37082 |
| APSB20-05 | CVE-2020-3746 | 37083 |
| APSB20-05 | CVE-2020-3747 | 37084 |
| APSB20-05 | CVE-2020-3748 | 36943 |
| APSB20-05 | CVE-2020-3749 | 37086 |
| APSB20-05 | CVE-2020-3750 | 37087 |
| APSB20-05 | CVE-2020-3751 | 37088 |
| APSB20-05 | CVE-2020-3752 | 37089 |
| APSB20-05 | CVE-2020-3754 | 37090 |
| APSB20-05 | CVE-2020-3755 | 37091 |
| APSB20-06 | CVE-2020-3757 | 37092 |
| Filters marked with * shipped prior to this DV, providing zero-day protection. | ||
| The Digital Vaccine can be manually downloaded from the following URLs: https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9384.pkg https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9384.pkg |
Update Details
Table of Contents
--------------------------
Filters
New Filters - 36
Modified Filters (logic changes) - 13
Modified Filters (metadata changes only) - 46
Removed Filters - 0
Filters
----------------
New Filters:
36892: ZDI-CAN-9471: Zero Day Initiative Vulnerability (DLink DIR-882)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Vulnerabilities
- Severity: High
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting DLink DIR-882.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
36943: HTTP: Adobe Acrobat Reader Use-After-Free Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a use-after-free vulnerability in Adobe Acrobat Reader.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2020-3748
- Classification: Vulnerability - Other
- Protocol: HTTP
- Platform: Multi-Platform Client Application
37019: ZDI-CAN-9997: Zero Day Initiative Vulnerability (Advantech WebAccess/SCADA)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Advantech WebAccess/SCADA.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
37020: MQTT: Cesanta Mongoose parse_mqtt Server Denial-of-Service Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Vulnerabilities
- Severity: High
- Description: This filter detects an attempt to exploit a denial-of-service vulnerability in Cesanta Mongoose.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2019-19307
- Classification: Vulnerability - Denial of Service (Crash/Reboot)
- Protocol: TCP (Generic)
- Platform: Multi-Platform Server Application or Service
37021: MQTT: Cesanta Mongoose parse_mqtt Client Denial-of-Service Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Vulnerabilities
- Severity: High
- Description: This filter detects an attempt to exploit a denial-of-service vulnerability in Cesanta Mongoose.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2019-19307
- Classification: Vulnerability - Denial of Service (Crash/Reboot)
- Protocol: TCP (Generic)
- Platform: Multi-Platform Client Application
37023: HTTP: Nagios XI nocscreenapi.php Cross-Site Scripting Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a cross-site scripting vulnerability in Nagios XI.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2019-20139 CVSS 3.5
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
37024: ZDI-CAN-10402: Zero Day Initiative Vulnerability (Microsoft Windows)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Windows.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
37025: ZDI-CAN-10378: Zero Day Initiative Vulnerability (Microsoft Windows)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Windows.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
37033: HTTP: Cacti Group Cacti graphs.php SQL Injection Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a SQL Injection vulnerability in Cacti.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2019-17357 CVSS 4.0
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
37034: ZDI-CAN-10376: Zero Day Initiative Vulnerability (Microsoft Windows)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Windows.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
37036: ZDI-CAN-10120: Zero Day Initiative Vulnerability (Fuji Electric V-Server Lite)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Fuji Electric V-Server Lite.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
37037: ZDI-CAN-10119: Zero Day Initiative Vulnerability (Fuji Electric V-Server Lite)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Fuji Electric V-Server Lite.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
37049: ZDI-CAN-10073: Zero Day Initiative Vulnerability (Trend Micro Worry-Free Business Security)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Trend Micro Worry-Free Business Security.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
37050: ZDI-CAN-10054: Zero Day Initiative Vulnerability (Microsoft JET Database)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft JET Database.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
37051: ZDI-CAN-10039: Zero Day Initiative Vulnerability (Microsoft JET Database)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft JET Database.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
37063: HTTP: HTTP X-JsonProxySecurityContext Header Usage
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Security Policy
- Severity: Moderate
- Description: This filter detects the use of the X-JsonProxySecurityContext HTTP header in an HTTP request.
- Deployment: Not enabled by default in any deployment.
- References:
- Common Vulnerabilities and Exposures: CVE-2020-0692
- Classification: Security Policy - Other
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
37067: ZDI-CAN-9692: Zero Day Initiative Vulnerability (Advantech WebAccess/SCADA)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Advantech WebAccess/SCADA.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
37068: ZDI-CAN-9693: Zero Day Initiative Vulnerability (Advantech WebAccess/SCADA)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Advantech WebAccess/SCADA.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
37069: ZDI-CAN-9699: Zero Day Initiative Vulnerability (Advantech WebAccess/SCADA)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Advantech WebAccess/SCADA.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
37070: HTTP: ELOG Project ELOG retrieve_url Information Disclosure Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit an information disclosure vulnerability in the ELOG Server.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2019-3993 CVSS 5.0
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
37071: ZDI-CAN-9700: Zero Day Initiative Vulnerability (Advantech WebAccess/SCADA)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Advantech WebAccess/SCADA.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
37078: HTTP: Adobe Acrobat Reader Use-After-Free Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a use-after-free vulnerability in Adobe Acrobat Reader.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2020-3741
- Classification: Vulnerability - Other
- Protocol: HTTP
- Platform: Multi-Platform Client Application
37079: HTTP: Adobe Acrobat Reader Buffer Overflow Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Adobe Acrobat Reader.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2020-3742
- Classification: Vulnerability - Buffer/Heap Overflow
- Protocol: HTTP
- Platform: Multi-Platform Client Application
37080: HTTP: Adobe Acrobat Reader Use-After-Free Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a use-after-free vulnerability in Adobe Acrobat Reader.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2020-3743
- Classification: Vulnerability - Other
- Protocol: HTTP
- Platform: Multi-Platform Client Application
37081: HTTP: Adobe Acrobat Reader Out-of-Bounds Read Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: High
- Description: This filter detects an attempt to exploit an out-of-bounds read vulnerability in Adobe Acrobat Reader.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2020-3744
- Classification: Vulnerability - Other
- Protocol: HTTP
- Platform: Multi-Platform Client Application
37082: HTTP: Adobe Acrobat Reader Use-After-Free Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a use-after-free vulnerability in Adobe Acrobat Reader.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2020-3745
- Classification: Vulnerability - Other
- Protocol: HTTP
- Platform: Multi-Platform Client Application
37083: HTTP: Adobe Acrobat Reader Use-After-Free Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a use-after-free vulnerability in Adobe Acrobat Reader.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2020-3746
- Classification: Vulnerability - Other
- Protocol: HTTP
- Platform: Multi-Platform Client Application
37084: HTTP: Adobe Acrobat Reader Out-of-Bounds Read Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: High
- Description: This filter detects an attempt to exploit a out-of-bounds read vulnerability in Adobe Acrobat Reader.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2020-3747
- Classification: Vulnerability - Other
- Protocol: HTTP
- Platform: Multi-Platform Client Application
37086: HTTP: Adobe Acrobat Reader Use-After-Free Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a use-after-free vulnerability in Adobe Acrobat Reader.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2020-3749
- Classification: Vulnerability - Other
- Protocol: HTTP
- Platform: Multi-Platform Client Application
37087: HTTP: Adobe Acrobat Reader Use-After-Free Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a use-after-free vulnerability in Adobe Acrobat Reader.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2020-3750
- Classification: Vulnerability - Other
- Protocol: HTTP
- Platform: Multi-Platform Client Application
37088: HTTP: Adobe Acrobat Reader Use-After-Free Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a use-after-free vulnerability in Adobe Acrobat Reader.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2020-3751
- Classification: Vulnerability - Other
- Protocol: HTTP
- Platform: Multi-Platform Client Application
37089: HTTP: Adobe Acrobat Reader Buffer Overflow Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Adobe Acrobat Reader.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2020-3752
- Classification: Vulnerability - Buffer/Heap Overflow
- Protocol: HTTP
- Platform: Multi-Platform Client Application
37090: HTTP: Adobe Acrobat Reader Buffer Overflow Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Adobe Acrobat Reader.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2020-3754
- Classification: Vulnerability - Buffer/Heap Overflow
- Protocol: HTTP
- Platform: Multi-Platform Client Application
37091: HTTP: Adobe Acrobat Reader Out-of-Bounds Read Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: High
- Description: This filter detects an attempt to exploit an out-of-bounds read vulnerability in Adobe Acrobat Reader.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2020-3755
- Classification: Vulnerability - Other
- Protocol: HTTP
- Platform: Multi-Platform Client Application
37092: HTTP: Adobe Flash Player Type Confusion Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a type confusion vulnerability in Adobe Flash Player.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2020-3757
- Classification: Vulnerability - Other
- Protocol: HTTP
- Platform: Multi-Platform Client Application
37093: RDP: Microsoft Remote Desktop Services serverMultiTransportData Usage
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Security Policy
- Severity: Moderate
- Description: This filter detects an attempt to use serverMultiTransportData during a remote desktop session.
- Deployment: Not enabled by default in any deployment.
- References:
- Common Vulnerabilities and Exposures: CVE-2020-0681
- Classification: Security Policy - Other
- Protocol: TCP (Generic)
- Platform: Windows Client Application
Modified Filters (logic changes):
* = Enabled in Default deployments
4560: HTTP: HTTP Request Smuggling
- IPS Version: 1.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "4560: HTTP: Apache Request Smuggling".
- Description updated.
- Detection logic updated.
* 21913: TCP: Oracle Java Apache Commons Collection Library Command Execution Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
35414: HTTP: Apple Safari FrameDestructionObserver Use-After-Free Vulnerability (ZDI-19-920)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "35414: ZDI-CAN-8574: Zero Day Initiative Vulnerability (Apple Safari)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
35822: HTTP: Apple macOS AudioToolbox MP4 Parsing Integer Overflow Vulnerability (ZDI-19-1027)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "35822: ZDI-CAN-8806: Zero Day Initiative Vulnerability (Apple macOS)".
- Severity changed from "Critical" to "High".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
* 36020: HTTP: Adobe Media Encoder CC MP4 File Parsing Out-Of-Bounds Read Vulnerability (ZDI-19-907)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "36020: ZDI-CAN-8804: Zero Day Initiative Vulnerability (Adobe Media Encoder CC)".
- Severity changed from "Critical" to "High".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
36186: HTTP: Cisco Data Center Network Manager SQL Injection Vulnerability (ZDI-20-055)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "36186: ZDI-CAN-9134: Zero Day Initiative Vulnerability (Cisco Data Center Network Manager)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
36273: HTTP: Cisco Data Center Network Manager getHostEnclList SQL Injection Vulnerability (ZDI-20-034)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "36273: ZDI-CAN-9067,9072: Zero Day Initiative Vulnerability (Cisco Data Center Network Manager)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
36519: HTTP: Cisco Data Center Network Manager createSite SQL Injection Vulnerability (ZDI-20-095)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "36519: ZDI-CAN-9267: Zero Day Initiative Vulnerability (Cisco Data Center Network Manager)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
36585: HTTP: Cisco Data Center Network Manager getSanIslStatJoinList SQL Injection (ZDI-20-072)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "36585: ZDI-CAN-9192: Zero Day Initiative Vulnerability (Cisco Data Center Network Manager)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
36609: HTTP: Cisco Data Center Network Manager getPortGroupStatList SQL Injection (ZDI-20-078)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "36609: ZDI-CAN-9198: Zero Day Initiative Vulnerability (Cisco Data Center Network Manager)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
36691: HTTP: Cisco Data Center Network Manager createSite getIp SQL Injection Vulnerability (ZDI-20-094)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "36691: ZDI-CAN-9266: Zero Day Initiative Vulnerability (Cisco Data Center Network Manager)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
36876: HTTP: Citrix Application Delivery Controller (ADC) Directory Traversal Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
* 36973: HTTP: Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
Modified Filters (metadata changes only):
* = Enabled in Default deployments
2349: MS-RPC: DCOM ISystemActivator Request (ATT&CK T1175)
- IPS Version: 3.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "2349: MS-RPC: DCOM ISystemActivator Request".
2350: MS-RPC: DCOM IRemoteActivation Request (ATT&CK T1175)
- IPS Version: 3.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "2350: MS-RPC: DCOM IRemoteActivation Request".
2351: MS-RPC: DCOM IRemoteActivation Request (ATT&CK T1175)
- IPS Version: 3.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "2351: MS-RPC: DCOM IRemoteActivation Request".
2352: MS-RPC: DCOM ISystemActivator Request (ATT&CK T1175)
- IPS Version: 3.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "2352: MS-RPC: DCOM ISystemActivator Request".
2353: MS-RPC: DCOM ISystemActivator Request (ATT&CK T1175)
- IPS Version: 3.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "2353: MS-RPC: DCOM ISystemActivator Request".
2354: MS-RPC: DCOM IRemoteActivation Request (ATT&CK T1175)
- IPS Version: 3.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "2354: MS-RPC: DCOM IRemoteActivation Request".
2460: SMTP: Zip Attachment Containing .scr File (ATT&CK T1180)
- IPS Version: 3.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "2460: SMTP: Zip Attachment Containing .scr File".
2462: POP/IMAP: Zip Attachment Containing .scr File (ATT&CK T1180)
- IPS Version: 3.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "2462: POP/IMAP: Zip Attachment Containing .scr File".
2558: HTTP: HTTP CONNECT TCP Tunnel to other than http ports (ATT&CK T1071)
- IPS Version: 1.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "2558: HTTP: HTTP CONNECT TCP Tunnel to other than http ports".
2559: HTTP: HTTP CONNECT TCP Tunnel (ATT&CK T1071)
- IPS Version: 1.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "2559: HTTP: HTTP CONNECT TCP Tunnel".
2620: SMTP: Zip Attachment (ATT&CK T1002)
- IPS Version: 1.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "2620: SMTP: Zip Attachment".
2714: SMTP: Rar Attachment Containing .scr File (ATT&CK T1180)
- IPS Version: 3.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "2714: SMTP: Rar Attachment Containing .scr File".
2715: POP/IMAP: Rar Attachment Containing .scr File (ATT&CK T1180)
- IPS Version: 3.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "2715: POP/IMAP: Rar Attachment Containing .scr File".
2796: SMB: Windows Repeated Logon Failure (Possible Brute Force) (ATT&CK T1110)
- IPS Version: 3.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "2796: SMB: Windows Repeated Logon Failure (Possible Brute Force)".
3039: HTTP: Suspicious UNC HREF (ATT&CK T1129)
- IPS Version: 3.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "3039: HTTP: Suspicious UNC HREF".
3040: SMTP: Suspicious UNC HREF (ATT&CK T1129)
- IPS Version: 3.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "3040: SMTP: Suspicious UNC HREF".
3041: POP/IMAP: Suspicious UNC HREF (ATT&CK T1129)
- IPS Version: 3.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "3041: POP/IMAP: Suspicious UNC HREF".
3258: HTTP: Possible ASP.Net Authentication Bypass (ATT&CK T1212)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "3258: HTTP: Possible ASP.Net Authentication Bypass".
3314: HTTP: Obfuscated JScript/VBScript Code (ATT&CK T1027)
- IPS Version: 1.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "3314: HTTP: Obfuscated JScript/VBScript Code".
3436: Tunneling: LogMeIn Remote Control SSL Connection (ATT&CK T1219)
- IPS Version: 1.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "3436: Tunneling: LogMeIn Remote Control SSL Connection".
3573: PPTP: VPN Session Startup (ATT&CK T1133)
- IPS Version: 1.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "3573: PPTP: VPN Session Startup".
3576: ISAKMP: IPSec VPN Session Startup (TCP) (ATT&CK T1133)
- IPS Version: 1.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "3576: ISAKMP: IPSec VPN Session Startup (TCP)".
3584: ISAKMP: IPSec VPN Session Startup (UDP) (ATT&CK T1133)
- IPS Version: 1.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "3584: ISAKMP: IPSec VPN Session Startup (UDP)".
3892: SSL: SSLv2 Negotiation (ATT&CK T1032)
- IPS Version: 1.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "3892: SSL: SSLv2 Negotiation".
3975: SMTP: UPX Compressed Binary Attachment (ATT&CK T1045)
- IPS Version: 1.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "3975: SMTP: UPX Compressed Binary Attachment".
4020: VPN: SoftEther VPN Connection Attempt (ATT&CK T1133)
- IPS Version: 1.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "4020: VPN: SoftEther VPN Connection Attempt".
4079: SMTP: gzip Compressed Attachment (ATT&CK T1002)
- IPS Version: 1.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "4079: SMTP: gzip Compressed Attachment".
4111: HTTP: UPX Compressed Binary Download (ATT&CK T1045)
- IPS Version: 1.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "4111: HTTP: UPX Compressed Binary Download".
4151: VPN: SoftEther VPN Connection Attempt (ATT&CK T1133)
- IPS Version: 1.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "4151: VPN: SoftEther VPN Connection Attempt".
4405: RADMIN: Famtech Remote Administrator (ATT&CK T1219)
- IPS Version: 1.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "4405: RADMIN: Famtech Remote Administrator".
4410: RFB: VNC NULL Authentication Method Request (ATT&CK T1133,T1076,T1219)
- IPS Version: 1.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "4410: RFB: VNC NULL Authentication Method Request".
4652: HTTP: BBProxy Download (ATT&CK T1090)
- IPS Version: 1.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "4652: HTTP: BBProxy Download".
4658: VPN: Hamachi VPN Connection (ATT&CK T1133)
- IPS Version: 1.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "4658: VPN: Hamachi VPN Connection".
4704: ICMP: Ping Tunnel Proxy Reply (ATT&CK T1090)
- IPS Version: 1.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "4704: ICMP: Ping Tunnel Proxy Reply".
4815: Tunneling: RemotelyAnywhere SSL Connection (ATT&CK T1219)
- IPS Version: 1.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "4815: Tunneling: RemotelyAnywhere SSL Connection".
4816: Tunneling: RemotelyAnywhere SSL Connection (ATT&CK T1219)
- IPS Version: 1.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "4816: Tunneling: RemotelyAnywhere SSL Connection".
4817: Tunneling: RemotelyAnywhere Cleartext Connection (ATT&CK T1219)
- IPS Version: 1.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "4817: Tunneling: RemotelyAnywhere Cleartext Connection".
4818: Tunneling: RemotelyAnywhere Cleartext Connection (ATT&CK T1219)
- IPS Version: 1.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "4818: Tunneling: RemotelyAnywhere Cleartext Connection".
4837: HTTP: GhostSurf Proxy HTTP Access (ATT&CK T1090)
- IPS Version: 1.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "4837: HTTP: GhostSurf Proxy HTTP Access".
4887: Tunneling: GetByMail SMTP Remote Control (ATT&CK T1219)
- IPS Version: 1.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "4887: Tunneling: GetByMail SMTP Remote Control".
4945: HTTP: JBoss jmx-console Remote Command Execution (ATT&CK T1210)
- IPS Version: 1.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "4945: HTTP: JBoss jmx-console Remote Command Execution".
5097: Tunneling: GoToMyPC Software (ATT&CK T1219)
- IPS Version: 1.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "5097: Tunneling: GoToMyPC Software".
5195: HTTP: PHProxy Online Web Proxy Attempt (ATT&CK T1090)
- IPS Version: 1.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "5195: HTTP: PHProxy Online Web Proxy Attempt".
5199: HTTP: CGIProxy Online Web Proxy Request (ATT&CK T1090)
- IPS Version: 1.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "5199: HTTP: CGIProxy Online Web Proxy Request".
9896: IP: IP Protocol 0 (IPv6 hop-by-hop option)
- IPS Version: 3.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Deployments updated and are now:
- No Deployments.
36021: HTTP: Oracle ADF Faces Remote Regions Insecure Deserialization Vulnerability (ZDI-19-1024)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "36021: ZDI-CAN-8823: Zero Day Initiative Vulnerability (Oracle ADF Faces)".
- Description updated.
- Vulnerability references updated.
Removed Filters: None
Top of the Page
