Summary
Digital Vaccine #9390 February 25, 2020
Details
Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs. New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com. SMS customers can update the Digital Vaccine through the SMS client. From the top-line menu, you can open the "File > Download Digital Vaccine from TMC" menu item to detect and load the latest update. |
System Requirements |
The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above, all NGFW and all TPS systems. The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance. Please note that vTPS does not currently support pre-disclosed ZDI filters. |
The Digital Vaccine can be manually downloaded from the following URLs: https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9390.pkg https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9390.pkg |
Update Details
Table of Contents
--------------------------
Filters
New Filters - 39
Modified Filters (logic changes) - 21
Modified Filters (metadata changes only) - 53
Removed Filters - 0
Filters
----------------
New Filters:
37011: HTTP: Rasilient PixelStor 5000 OS Command Injection Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a command execution vulnerability in Rasilient PixelStor 5000. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2020-6756 CVSS 7.5 - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: UNIX/Linux Server Application or Service 37077: UDP: D-Link Devices Unauthenticated Command Execution Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a code execution vulnerability in D-Link Devices. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2019-20215 CVSS 10.0 - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: UDP (Generic) - Platform: Other Server Application or Service 37145: ZDI-CAN-9710: Zero Day Initiative Vulnerability (CentOS Web Panel) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting CentOS Web Panel. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37146: ZDI-CAN-9711: Zero Day Initiative Vulnerability (CentOS Web Panel) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting CentOS Web Panel. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37147: ZDI-CAN-9712: Zero Day Initiative Vulnerability (CentOS Web Panel) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting CentOS Web Panel. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37148: ZDI-CAN-9722: Zero Day Initiative Vulnerability (CentOS Web Panel) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting CentOS Web Panel. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37149: ZDI-CAN-9727: Zero Day Initiative Vulnerability (CentOS Web Panel) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting CentOS Web Panel. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37150: ZDI-CAN-9729: Zero Day Initiative Vulnerability (CentOS Web Panel) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting CentOS Web Panel. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37151: ZDI-CAN-9730: Zero Day Initiative Vulnerability (CentOS Web Panel) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting CentOS Web Panel. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37152: ZDI-CAN-9737: Zero Day Initiative Vulnerability (CentOS Web Panel) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting CentOS Web Panel. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37154: ZDI-CAN-9738: Zero Day Initiative Vulnerability (CentOS Web Panel) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting CentOS Web Panel. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37156: ZDI-CAN-9750: Zero Day Initiative Vulnerability (IBM Spectrum Protect Plus) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting IBM Spectrum Protect Plus. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37158: HTTP: Squid Proxy HTTP Request Processing Buffer Overflow - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Squid. - Deployment: Not enabled by default in any deployment. - References: - Common Vulnerabilities and Exposures: CVE-2020-8450 CVSS 7.5 - Classification: Vulnerability - Buffer/Heap Overflow - Protocol: HTTP - Platform: Multi-Platform Server Application or Service 37168: ZDI-CAN-9752: Zero Day Initiative Vulnerability (IBM Spectrum Protect Plus) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting IBM Spectrum Protect Plus. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37169: ZDI-CAN-9753: Zero Day Initiative Vulnerability (IBM Spectrum Protect Plus) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting IBM Spectrum Protect Plus. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37170: ZDI-CAN-9756: Zero Day Initiative Vulnerability (NETGEAR R6700) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting NETGEAR R6700. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37171: HTTP: Oracle E-Business Human Resources SQL Injection Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: High - Description: This filter detects an attempt to exploit an SQL injection vulnerability in Oracle E-Business Human Resources. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2020-2586 CVSS 6.5 - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: Multi-Platform Server Application or Service 37172: ZDI-CAN-9760: Zero Day Initiative Vulnerability (Advantech WebAccess/NMS) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Advantech WebAccess/NMS. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37173: ZDI-CAN-9767: Zero Day Initiative Vulnerability (NETGEAR R6700) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting NETGEAR R6700. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37174: ZDI-CAN-9768: Zero Day Initiative Vulnerability (NETGEAR R6700) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting NETGEAR R6700. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37175: ZDI-CAN-9775: Zero Day Initiative Vulnerability (Advantech WebAccess/NMS) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Advantech WebAccess/NMS. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37176: ZDI-CAN-9776: Zero Day Initiative Vulnerability (Advantech WebAccess/NMS) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Advantech WebAccess/NMS. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37178: ZDI-CAN-9777: Zero Day Initiative Vulnerability (Advantech WebAccess/NMS) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Advantech WebAccess/NMS. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37179: ZDI-CAN-9778: Zero Day Initiative Vulnerability (Advantech WebAccess/NMS) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Advantech WebAccess/NMS. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37180: ZDI-CAN-9793: Zero Day Initiative Vulnerability (Advantech WebAccess/NMS) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Advantech WebAccess/NMS. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37181: ZDI-CAN-9801,9802: Zero Day Initiative Vulnerability (Advantech WebAccess/NMS) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Advantech WebAccess/NMS. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37182: ZDI-CAN-9803,9806,9822: Zero Day Initiative Vulnerability (Advantech WebAccess/NMS) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Advantech WebAccess/NMS. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37183: ZDI-CAN-9804: Zero Day Initiative Vulnerability (Advantech WebAccess/NMS) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Advantech WebAccess/NMS. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37185: ZDI-CAN-9807,9812: Zero Day Initiative Vulnerability (Advantech WebAccess/NMS) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Advantech WebAccess/NMS. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37186: ZDI-CAN-9810: Zero Day Initiative Vulnerability (Advantech WebAccess/NMS) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Advantech WebAccess/NMS. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37189: ZDI-CAN-9813,9814: Zero Day Initiative Vulnerability (Advantech WebAccess/NMS) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Advantech WebAccess/NMS. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37190: ZDI-CAN-9815-9818: Zero Day Initiative Vulnerability (Advantech WebAccess/NMS) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Advantech WebAccess/NMS. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37192: ZDI-CAN-9820,9821: Zero Day Initiative Vulnerability (Advantech WebAccess/NMS) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Advantech WebAccess/NMS. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37193: ZDI-CAN-9823: Zero Day Initiative Vulnerability (Advantech WebAccess/NMS) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Advantech WebAccess/NMS. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37194: ZDI-CAN-9824: Zero Day Initiative Vulnerability (Advantech WebAccess/NMS) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Advantech WebAccess/NMS. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37195: ZDI-CAN-9825: Zero Day Initiative Vulnerability (Advantech WebAccess/NMS) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Advantech WebAccess/NMS. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37196: ZDI-CAN-9827: Zero Day Initiative Vulnerability (Advantech WebAccess/NMS) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Advantech WebAccess/NMS. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37201: HTTP: Microsoft SQL Server Reporting Services Insecure Deserialization Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2020-0618 - Classification: Vulnerability - Other - Protocol: HTTP - Platform: Windows Server Application or Service 37202: HTTP: Microsoft Exchange Server Cryptographic Key Memory Corruption Vulnerability (ZDI-20-258) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Exchange Server. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2020-0688 - Zero Day Initiative: ZDI-20-258 - Classification: Vulnerability - Other - Protocol: HTTP - Platform: Windows Server Application or Service Modified Filters (logic changes): * = Enabled in Default deployments 22622: HTTP: ThinkPHP Framework Code Injection Vulnerability - IPS Version: 3.1.3 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Detection logic updated. 27492: HTTP: NetGear Multiple Routers Command Injection Vulnerability - IPS Version: 3.1.3 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Detection logic updated. * 33973: HTTP: Microsoft Windows SetEnhMetaFileBits Out-Of-Bounds Read Vulnerability (ZDI-19-279) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "33973: ZDI-CAN-7551: Zero Day Initiative Vulnerability (Microsoft Windows)". - Severity changed from "Critical" to "High". - Description updated. - Detection logic updated. - Vulnerability references updated. 33984: HTTP: Adobe Photoshop GIF Parsing Memory Corruption Vulnerability (ZDI-19-258) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "33984: ZDI-CAN-7584: Zero Day Initiative Vulnerability (Adobe Photoshop)". - Description updated. - Detection logic updated. - Vulnerability references updated. 34006: HTTP: Adobe Flash Player ActionScript Vector Out-Of-Bounds Read Vulnerability (ZDI-19-219) - IPS Version: 3.1.4 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "34006: ZDI-CAN-7432: Zero Day Initiative Vulnerability (Adobe Flash)". - Severity changed from "Critical" to "High". - Description updated. - Detection logic updated. - Vulnerability references updated. 34605: HTTP: Panasonic Control FPWIN PRO Project File Parsing ctreestd Buffer Overflow (ZDI-19-565) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "34605: ZDI-CAN-7848: Zero Day Initiative Vulnerability (Panasonic Control FPWIN Pro)". - Description updated. - Detection logic updated. - Vulnerability references updated. 34669: HTTP: Panasonic Control FPWIN PRO Project File Parsing us_plcfg Type Confusion (ZDI-19-566) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "34669: ZDI-CAN-7849: Zero Day Initiative Vulnerability (Panasonic Control FPWIN Pro)". - Description updated. - Detection logic updated. - Vulnerability references updated. 34670: HTTP: Panasonic Control FPWIN PRO Project File Parsing sc_obj Type Confusion (ZDI-19-570) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "34670: ZDI-CAN-7850: Zero Day Initiative Vulnerability (Panasonic Control FPWIN Pro)". - Description updated. - Detection logic updated. - Vulnerability references updated. 34671: HTTP: Panasonic Control FPWIN Pro Project File Parsing sc_obj Type Confusion (ZDI-19-568) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "34671: ZDI-CAN-7851: Zero Day Initiative Vulnerability (Panasonic Control FPWIN Pro)". - Description updated. - Detection logic updated. - Vulnerability references updated. 34672: HTTP: Panasonic Control FPWIN PRO Project File Parsing sc_app Buffer Overflow (ZDI-19-567) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "34672: ZDI-CAN-7852: Zero Day Initiative Vulnerability (Panasonic Control FPWIN Pro)". - Description updated. - Detection logic updated. - Vulnerability references updated. 34745: ZMTP: ZeroMQ libzmq v2_decoder Integer Overflow Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. 35160: HTTP: Phoenix Contact Automationworx BCP File Parsing Memory Corruption Vulnerability (ZDI-19-923) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "35160: ZDI-CAN-7783: Zero Day Initiative Vulnerability (Phoenix Contact Automationworx)". - Description updated. - Detection logic updated. - Vulnerability references updated. 35309: HTTP: WECON LeviStudioU ShortMessage_Module SMtext Buffer Overflow Vulnerability (ZDI-19-764) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "35309: ZDI-CAN-8246: Zero Day Initiative Vulnerability (WECON LeviStudioU)". - Description updated. - Detection logic updated. - Vulnerability references updated. 35762: HTTP: Fuji Electric V-Server VPR File Parsing Buffer Overflow Vulnerability (ZDI-19-967) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "35762: ZDI-CAN-8844: Zero Day Initiative Vulnerability (Fuji Electric V-Server)". - Description updated. - Detection logic updated. - Vulnerability references updated. 36251: HTTP: Cisco Data Center Network Manager getVpcHistory SQL Injection Vulnerability (ZDI-20-022) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "36251: ZDI-CAN-9051: Zero Day Initiative Vulnerability (Cisco Data Center Network Manager)". - Description updated. - Detection logic updated. - Vulnerability references updated. 36275: HTTP: Cisco Data Center Network Manager getHostEnclDataLength SQL Injection (ZDI-20-024) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "36275: ZDI-CAN-9069: Zero Day Initiative Vulnerability (Cisco Data Center Network Manager)". - Description updated. - Detection logic updated. - Vulnerability references updated. 36485: HTTP: Cisco Data Center Network Manager getSanSwitchDataLength SQL Injection (ZDI-20-104) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "36485: ZDI-CAN-9342: Zero Day Initiative Vulnerability (Cisco Data Center Network Manager)". - Severity changed from "Critical" to "High". - Description updated. - Detection logic updated. - Vulnerability references updated. 36533: HTTP: Advantech WISE-PaaS/RMM PowerMgmt fuzzySearch SQL Injection (ZDI-19-948, ZDI-19-949) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "36533: ZDI-CAN-9174,9177: Zero Day Initiative Vulnerability (Advantech WISE-PaaS/RMM)". - Severity changed from "Critical" to "High". - Description updated. - Detection logic updated. - Vulnerability references updated. 36693: HTTP: Cisco Data Center Network Manager getLanSwitchDataLength SQL Injection (ZDI-20-115,ZDI-20-121) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "36693: ZDI-CAN-9340,9341: Zero Day Initiative Vulnerability (Cisco Data Center Network Manager)". - Severity changed from "Critical" to "High". - Description updated. - Detection logic updated. - Vulnerability references updated. 36835: HTTP: Microsoft Windows WebDAV Path Parsing Command Injection Vulnerability (ZDI-19-1023) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Detection logic updated. 36917: ZDI-CAN-9865,9828.9831,9942-9946: Zero Day Initiative Vulnerability (Foxit PhantomPDF) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Requires: N/NX-Platform, NGFW, or TPS devices - Name changed from "36917: ZDI-CAN-9865,9946,9828.9831: Zero Day Initiative Vulnerability (Foxit PhantomPDF)". - Detection logic updated. - Vulnerability references updated. Modified Filters (metadata changes only): * = Enabled in Default deployments 6197: RDP: Windows Remote Desktop Access on Non-Standard Ports (HTTP) (ATT&CK T1076,T1065) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. 9263: VPN: OpenVPN Connection Negotiation (ATT&CK T1133) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "9263: VPN: OpenVPN Connection Negotiation". 9276: VPN: OpenVPN Connection over TCP (ATT&CK T1133) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "9276: VPN: OpenVPN Connection over TCP". 9350: Backdoor: Buzus Trojan Command and Control Channel Initial Contact (ATT&CK T1094,T1001,T1041) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "9350: Backdoor: Buzus Trojan Command and Control Channel Initial Contact". 9602: VPN: Hotspot Shield Communication Attempt (ATT&CK T1133) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "9602: VPN: Hotspot Shield Communication Attempt". 9730: VPN: Hotspot Shield Communication Attempt (ATT&CK T1133) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "9730: VPN: Hotspot Shield Communication Attempt". 9771: HTTP: Guacamole VNC Client Initialization (ATT&CK T1133,T1219) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "9771: HTTP: Guacamole VNC Client Initialization". 9932: Tunneling: Ozymandns DNS Tunneling Response (ATT&CK T1048) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "9932: Tunneling: Ozymandns DNS Tunneling Response". 9938: Tunneling: Ozymandns DNS Tunneling Request (ATT&CK T1048) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "9938: Tunneling: Ozymandns DNS Tunneling Request". 9944: SSH: SSH Login Attempt On FTP Port (ATT&CK T1043,T1032) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "9944: SSH: SSH Login Attempt On FTP Port". 9945: SSH: SSH Login Attempt On SMTP Port (ATT&CK T1043,T1032) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "9945: SSH: SSH Login Attempt On SMTP Port". 9946: SSH: SSH Login Attempt On DNS Port (ATT&CK T1043,T1032) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "9946: SSH: SSH Login Attempt On DNS Port". 9947: SSH: SSH Login Attempt On POP/IMAP Ports (ATT&CK T1043,T1032) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "9947: SSH: SSH Login Attempt On POP/IMAP Ports". 9948: SSH: SSH Login Attempt On HTTP Ports (ATT&CK T1043,T1032) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "9948: SSH: SSH Login Attempt On HTTP Ports". 9949: SSH: SSH Login Attempt On RDP Port (ATT&CK T1043,T1032) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "9949: SSH: SSH Login Attempt On RDP Port". 9950: SSH: SSH Login Attempt On VNC Port (ATT&CK T1043,T1032) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "9950: SSH: SSH Login Attempt On VNC Port". 9991: HTTPS: Google Gmail Access (ATT&CK T1102) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "9991: HTTPS: Google Gmail Access". 10052: SMB: Microsoft Program Information File Transmission (ATT&CK T1039) - IPS Version: 3.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "10052: SMB: Microsoft Program Information File Transmission". - Description updated. 10128: HTTP: Online Web Proxy (ATT&CK T1090) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "10128: HTTP: Online Web Proxy". - Description updated. 10477: HTTPS: Online Web Proxy Request (ATT&CK T1090) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "10477: HTTPS: Online Web Proxy Request". - Description updated. 10488: HTTPS: Stunnel Proxy Application Access (ATT&CK T1090) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "10488: HTTPS: Stunnel Proxy Application Access". 10493: HTTP: Online Web Proxy (ATT&CK T1090) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "10493: HTTP: Online Web Proxy". - Description updated. 10497: HTTP: Suspicious Obfuscated HTML Script Tags (ATT&CK T1027) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "10497: HTTP: Suspicious Obfuscated HTML Script Tags". * 10502: HTTP: JBoss jmx-console Deployer Command Execution (ATT&CK T1210) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "10502: HTTP: JBoss jmx-console Deployer Command Execution". 10519: HTTP: Online Web Proxy (ATT&CK T1090) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "10519: HTTP: Online Web Proxy". - Description updated. 10565: HTTP: Zip Archive Containing .scr File (ATT&CK T1180) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "10565: HTTP: Zip Archive Containing .scr File". 10585: HTTP: Soft Hyphen Obfuscated URL (ATT&CK T1027) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "10585: HTTP: Soft Hyphen Obfuscated URL". - Description updated. 10803: SMB: Microsoft Service Control Create Service (ATT&CK T1035) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "10803: SMB: Microsoft Service Control Create Service". 10880: SMB: .dll File Access via SMB (ATT&CK T1073) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "10880: SMB: .dll File Access via SMB". 10881: HTTP: .dll File Access from WebDAV (ATT&CK T1073) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "10881: HTTP: .dll File Access from WebDAV ". 11055: HTTP: Google Translate Proxy Avoidance (ATT&CK T1090,T1102) - IPS Version: 3.1.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "11055: HTTP: Google Translate Proxy Avoidance". 11058: HTTP: IBM Rational Quality Manager and Test Lab Manager Default Admin Credentials (ATT&CK T1212) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "11058: HTTP: IBM Rational Quality Manager and Test Lab Manager Default Admin Credentials". 11073: HTTPS: Peacefire.org Web Proxy Access (ATT&CK T1090) - IPS Version: 3.1.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "11073: HTTPS: Peacefire.org Web Proxy Access". 11084: HTTP: Peacefire.org Web Proxy Access (ATT&CK T1090) - IPS Version: 3.1.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "11084: HTTP: Peacefire.org Web Proxy Access". 11182: SSL: SSLv2 Negotiation on Non-Standard Ports (ATT&CK T1065) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "11182: SSL: SSLv2 Negotiation on Non-Standard Ports". 11183: SSL: SSLv2 Negotiation on Non-Standard Ports (ATT&CK T1065) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "11183: SSL: SSLv2 Negotiation on Non-Standard Ports". 11204: SSL: SSLv2 Negotiation on Non-Standard Ports (ATT&CK T1065) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "11204: SSL: SSLv2 Negotiation on Non-Standard Ports". 11694: Tunneling: Ammyy Remote Administration Tool (ATT&CK T1094,T1048,T1219) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "11694: Tunneling: Ammyy Remote Administration Tool". 11788: Telnet: Attempted Login to Telnet Service (ATT&CK T1021) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "11788: Telnet: Attempted Login to Telnet Service". 11888: VPN: Hotspot Shield Communication Attempt (ATT&CK T1133) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "11888: VPN: Hotspot Shield Communication Attempt". 11979: WSMan: Windows Command Shell via WinRM (ATT&CK T1028) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "11979: WSMan: Windows Command Shell via WinRM". 12004: HTTPS: Google+ Application Access Client Request (ATT&CK T1102) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "12004: HTTPS: Google+ Application Access Client Request". 12006: HTTP: Twitter Post New Tweet (ATT&CK T1102) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "12006: HTTP: Twitter Post New Tweet". 12008: HTTP: Twitter Search for Tweets (ATT&CK T1102) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "12008: HTTP: Twitter Search for Tweets". 12009: HTTP: Twitter Search for Users (ATT&CK T1102) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "12009: HTTP: Twitter Search for Users". 12010: HTTP: Twitter Add Mobile Device (ATT&CK T1102) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "12010: HTTP: Twitter Add Mobile Device". 12013: HTTP: Google+ Application Access Client Request (ATT&CK T1102) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "12013: HTTP: Google+ Application Access Client Request". 12105: HTTP: HP SiteScope integrationViewer Default Credentials (ATT&CK T1212) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "12105: HTTP: HP SiteScope integrationViewer Default Credentials". 12144: TOR: Certificate Exchange (ATT&CK T1188,T1079) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "12144: TOR: Certificate Exchange". 12243: CA: CA ARCserve D2D GWT RPC Request Credentials Disclosure (ATT&CK T1212) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "12243: CA: CA ARCserve D2D GWT RPC Request Credentials Disclosure". 12356: HTTP: Twitter Follow User (ATT&CK T1102) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "12356: HTTP: Twitter Follow User". 12357: HTTP: Twitter Direct Message (ATT&CK T1102) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "12357: HTTP: Twitter Direct Message". 36642: TCP: Oracle WebLogic Server T3 Protocol Deserialization of Untrusted Data Vulnerability (ZDI-20-128) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "36642: ZDI-CAN-9020: Zero Day Initiative Vulnerability (Oracle WebLogic)". - Description updated. - Vulnerability references updated. Removed Filters: NoneTop of the Page