Summary
Digital Vaccine #9391 March 2, 2020
Details
Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs. New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com. SMS customers can update the Digital Vaccine through the SMS client. From the top-line menu, you can open the "File > Download Digital Vaccine from TMC" menu item to detect and load the latest update. |
System Requirements |
The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above, all NGFW and all TPS systems. The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance. Please note that vTPS does not currently support pre-disclosed ZDI filters. |
The Digital Vaccine can be manually downloaded from the following URLs: https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9391.pkg https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9391.pkg |
Update Details
Table of Contents
--------------------------
Filters
New Filters - 50
Modified Filters (logic changes) - 6
Modified Filters (metadata changes only) - 51
Removed Filters - 0
Filters
----------------
New Filters:
37177: HTTP: Juniper Junos Space downloadGROpenReport Information Disclosure Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: High - Description: This filter detects an attempt to exploit an information disclosure vulnerability in Juniper Junos Space. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2020-1611 - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: UNIX/Linux Server Application or Service 37188: HTTP: Centreon formMibs.php Command Injection Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a command injection vulnerability in Centreon Web Application. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2019-15298 - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: UNIX/Linux Server Application or Service 37199: ZDI-CAN-9259: Zero Day Initiative Vulnerability (CentOS Web Panel) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting CentOS Web Panel. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37200: ZDI-CAN-9882: Zero Day Initiative Vulnerability (Advantech WebAccess/SCADA) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Advantech WebAccess/SCADA. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37204: TCP: SolarWinds DameWare Mini Remote Control Code Execution Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a code execution vulnerability in SolarWinds DameWare Mini Remote Control. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2019-3980 CVSS 10.0 - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: TCP (Generic) - Platform: Windows Client Application 37209: ZDI-CAN-9883: Zero Day Initiative Vulnerability (Advantech WebAccess/SCADA) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Advantech WebAccess/SCADA. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37210: ZDI-CAN-9884: Zero Day Initiative Vulnerability (Advantech WebAccess/SCADA) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Advantech WebAccess/SCADA. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37211: HTTP: Sonatype Nexus Repository Manager Default Credentials Usage - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Moderate - Description: This filter detects a login to Sonatype Nexus Repository Manager using the default username and the default password. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2019-9629 - Classification: Security Policy - Other - Protocol: HTTP - Platform: Multi-Platform Server Application or Service 37214: ZDI-CAN-9897: Zero Day Initiative Vulnerability (Advantech WebAccess/SCADA) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Advantech WebAccess/SCADA. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37215: TCP: Oracle Weblogic IIOP Insecure Deserialization Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit an insecure deserialization vulnerability in Oracle WebLogic Server. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - References: - Common Vulnerabilities and Exposures: CVE-2020-2551 CVSS 7.5 - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: TCP (Generic) - Platform: Multi-Platform Server Application or Service 37221: ZDI-CAN-9935: Zero Day Initiative Vulnerability (Advantech WebAccess/SCADA) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Advantech WebAccess/SCADA. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37222: ZDI-CAN-9936: Zero Day Initiative Vulnerability (Advantech WebAccess/SCADA) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Advantech WebAccess/SCADA. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37223: ZDI-CAN-9938: Zero Day Initiative Vulnerability (Advantech WebAccess/SCADA) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Advantech WebAccess/SCADA. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37224: HTTP: OpenNetAdmin Ping Command Injection Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a command injection vulnerability in OpenNetAdmin. - Deployments: - Deployment: Security-Optimized (Block / Notify) - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: Multi-Platform Server Application or Service 37225: ZDI-CAN-9939: Zero Day Initiative Vulnerability (Advantech WebAccess/SCADA) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Advantech WebAccess/SCADA. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37226: ZDI-CAN-9940: Zero Day Initiative Vulnerability (Advantech WebAccess/SCADA) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Advantech WebAccess/SCADA. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37227: ZDI-CAN-9941: Zero Day Initiative Vulnerability (Advantech WebAccess/SCADA) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Advantech WebAccess/SCADA. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37228: ZDI-CAN-9947: Zero Day Initiative Vulnerability (Advantech WebAccess/SCADA) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Advantech WebAccess/SCADA. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37229: ZDI-CAN-9948: Zero Day Initiative Vulnerability (Advantech WebAccess/SCADA) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Advantech WebAccess/SCADA. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37230: ZDI-CAN-10421: Zero Day Initiative Vulnerability (Eaton HMiSoft) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Eaton HMiSoft. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37231: ZDI-CAN-10459: Zero Day Initiative Vulnerability (Delta Industrial Automation DOPSoft) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Delta Industrial Automation DOPSoft. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37232: ZDI-CAN-10471: Zero Day Initiative Vulnerability (Delta Industrial Automation DOPSoft) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Delta Industrial Automation DOPSoft. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37233: ZDI-CAN-10472: Zero Day Initiative Vulnerability (Delta Industrial Automation DOPSoft) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Delta Industrial Automation DOPSoft. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37234: ZDI-CAN-10473: Zero Day Initiative Vulnerability (Delta Industrial Automation DOPSoft) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Delta Industrial Automation DOPSoft. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37236: AJP: Apache Tomcat AJP File Request - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Moderate - Description: This filter detects an attempt to request a file via the Apache JServ Protocol (AJP). - Deployment: Not enabled by default in any deployment. - References: - Common Vulnerabilities and Exposures: CVE-2020-1938 CVSS 7.5 - Classification: Vulnerability - Access Validation - Protocol: TCP (Generic) - Platform: Multi-Platform Server Application or Service 37239: ZDI-CAN-10480: Zero Day Initiative Vulnerability (Delta Industrial Automation DOPSoft) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Delta Industrial Automation DOPSoft. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37240: ZDI-CAN-10481: Zero Day Initiative Vulnerability (Delta Industrial Automation DOPSoft) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Delta Industrial Automation DOPSoft. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37241: ZDI-CAN-10483: Zero Day Initiative Vulnerability (Delta Industrial Automation DOPSoft) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Delta Industrial Automation DOPSoft. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37242: HTTP: Nagios XI Command Injection Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a command injection vulnerability in Nagios XI. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2019-20197 - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: Multi-Platform Server Application or Service 37243: ZDI-CAN-10512: Zero Day Initiative Vulnerability (Microsoft Windows Media Player) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Windows Media Player. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37245: ZDI-CAN-10516: Zero Day Initiative Vulnerability (Microsoft Windows Media Player) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Windows Media Player. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37246: ZDI-CAN-10522: Zero Day Initiative Vulnerability (Microsoft Windows Media Player) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Windows Media Player. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37247: ZDI-CAN-10525: Zero Day Initiative Vulnerability (Microsoft Windows Media Player) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Windows Media Player. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37248: ZDI-CAN-10420: Zero Day Initiative Vulnerability (Delta Industrial Automation CNCSoft) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Delta Industrial Automation CNCSoft. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37249: HTTP: Facebook WhatsApp Preview Banners Cross-Site Scripting Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: High - Description: This filter detects an attempt to exploit a cross-site scripting vulnerability in Facebook WhatsApp. - Deployment: Not enabled by default in any deployment. - References: - Common Vulnerabilities and Exposures: CVE-2019-18426 - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: Multi-Platform Client Application 37250: HTTP: Apache Solr VelocityResponseWriter Code Execution Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a remote code execution vulnerability in Apache Solr. - Deployments: - Deployment: Security-Optimized (Block / Notify) - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: Multi-Platform Server Application or Service 37251: ZDI-CAN-10417: Zero Day Initiative Vulnerability (Eaton HMiSoft) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Eaton HMiSoft. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37252: ZDI-CAN-10413: Zero Day Initiative Vulnerability (Delta Industrial Automation CNCSoft) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Delta Industrial Automation CNCSoft. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37253: ZDI-CAN-10411: Zero Day Initiative Vulnerability (Eaton HMiSoft) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Eaton HMiSoft. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37254: ZDI-CAN-10381: Zero Day Initiative Vulnerability (Microsoft Windows PDF Library) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Windows PDF Library. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37255: ZDI-CAN-10340: Zero Day Initiative Vulnerability (Eaton HMiSoft) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Eaton HMiSoft. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37256: ZDI-CAN-10332: Zero Day Initiative Vulnerability (IBM Informix) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting IBM Informix. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37257: ZDI-CAN-10329: Zero Day Initiative Vulnerability (Trend Micro InterScan Web Security) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: High - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Trend Micro InterScan Web Security Virtual Appliance. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37258: ZDI-CAN-10188: Zero Day Initiative Vulnerability (Advantech WebAccess/HMI Designer) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Advantech WebAccess/HMI Designer. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37259: ZDI-CAN-10187: Zero Day Initiative Vulnerability (Advantech WebAccess/HMI Designer) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Advantech WebAccess/HMI Designer. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37264: HTTP: Google Chrome kJSCreate Memory Corruption Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Google Chrome. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - References: - Common Vulnerabilities and Exposures: CVE-2020-6418 - Classification: Vulnerability - Other - Protocol: HTTP - Platform: Multi-Platform Client Application 37265: ZDI-CAN-10184: Zero Day Initiative Vulnerability (Delta Industrial Automation DOPSoft) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Delta Industrial Automation DOPSoft. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37266: ZDI-CAN-10183: Zero Day Initiative Vulnerability (Delta Industrial Automation DOPSoft) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Delta Industrial Automation DOPSoft. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37267: ZDI-CAN-10167: Zero Day Initiative Vulnerability (Eaton HMiSoft) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Eaton HMiSoft. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37276: HTTP: ZyXEL Multiple Products Command Injection Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a command injection vulnerability in ZyXEL Network Storage Devices. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2020-9054 - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: Networked Hardware Device Application or Service Modified Filters (logic changes): * = Enabled in Default deployments 13892: TLS: OpenSSL Suspicious Heartbeat Packet (ATT&CK T1032) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "13892: DTLS: OpenSSL Suspicious Heartbeat Packet". - Detection logic updated. 34588: HTTP: HPE Intelligent Management Center Expression Language Injection (ZDI-19-527, ZDI-20-146) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "34588: ZDI-CAN-6906,8957: Zero Day Initiative Vulnerability (HPE Intelligent Management Center)". - Description updated. - Detection logic updated. - Vulnerability references updated. 34786: ZDI-CAN-8149: Zero Day Initiative Vulnerability (Microsoft Windows) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Detection logic updated. 36197: HTTP: HPE Intelligent Management Center Expression Language Injection Vulnerability (ZDI-20-188) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "36197: ZDI-CAN-8997: Zero Day Initiative Vulnerability (HPE Intelligent Management Center)". - Description updated. - Detection logic updated. - Vulnerability references updated. 36478: HTTP: Cisco Data Center Network Manager getAllGroups SQL Injection Vulnerability (ZDI-20-056) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "36478: ZDI-CAN-9163: Zero Day Initiative Vulnerability (Cisco Data Center Network Manager)". - Description updated. - Detection logic updated. - Vulnerability references updated. 36516: HTTP: Cisco Data Center Network Manager createLanFabric Command Injection Vulnerability (ZDI-20-102) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "36516: ZDI-CAN-9286: Zero Day Initiative Vulnerability (Cisco Data Center Network Manager)". - Description updated. - Detection logic updated. - Vulnerability references updated. Modified Filters (metadata changes only): * = Enabled in Default deployments 12466: TNS: Oracle Database TNS Listener Service Registration Authentication Bypass (ATT&CK T1212) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "12466: TNS: Oracle Database TNS Listener Service Registration Authentication Bypass". 12542: HTTPS: Megaproxy Connection Establishment (ATT&CK T1090) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "12542: HTTPS: Megaproxy Connection Establishment". 12666: HTTP: Novell ZENworks Asset Management Web Console Default Credentials (ATT&CK T1212) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "12666: HTTP: Novell ZENworks Asset Management Web Console Default Credentials". 13060: HTTPS: Github User Authentication (ATT&CK T1102) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "13060: HTTPS: Github User Authentication". 13099: HTTPS: Microsoft OneDrive User Authentication (ATT&CK T1102) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "13099: HTTPS: Microsoft OneDrive User Authentication". 13130: HTTPS: Tumblr Site Access (ATT&CK T1102) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "13130: HTTPS: Tumblr Site Access". 13135: HTTPS: Box.com Site Access (ATT&CK T1102) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "13135: HTTPS: Box.com Site Access". 13150: HTTPS: Citrix Sharefile User Authentication (ATT&CK T1133) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "13150: HTTPS: Citrix Sharefile User Authentication". 13446: HTTP: Suspicious JavaScript Obfuscation (ATT&CK T1027) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "13446: HTTP: Suspicious JavaScript Obfuscation". * 13459: HTTP: Suspicious JJEncode Obfuscated String (ATT&CK T1027) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "13459: HTTP: Suspicious JJEncode Obfuscated String". 13616: TCP: SolarWinds Log and Event Manager Default Credentials (ZDI-14-303) (ATT&CK T1212) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "13616: TCP: SolarWinds Log and Event Manager Default Credentials (ZDI-14-303)". 13617: HTTP: ZipCloud Site Access (ATT&CK T1102) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "13617: HTTP: ZipCloud Site Access". 13618: HTTPS: ZipCloud User Authentication (ATT&CK T1102) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "13618: HTTPS: ZipCloud User Authentication". 13667: Tunneling: tcp-over-dns DNS Tunneling Request (ATT&CK T1048) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "13667: Tunneling: tcp-over-dns DNS Tunneling Request". 13678: HTTP: Hewlett-Packard Universal CMDB Default Credentials Usage (ZDI-14-230) (ATT&CK T1212) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "13678: HTTP: Hewlett-Packard Universal CMDB Default Credentials Usage (ZDI-14-230)". - Description updated. 13679: HTTP: Citrix GoToMyPC Connection (ATT&CK T1219) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "13679: HTTP: Citrix GoToMyPC Connection". 13710: HTTP: Fiddler HTTP Proxy Request (ATT&CK T1090) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "13710: HTTP: Fiddler HTTP Proxy Request". 13711: HTTP: LiveJournal Account Login With Third Party Credentials (ATT&CK T1212) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "13711: HTTP: LiveJournal Account Login With Third Party Credentials". 13800: HTTP: Pastebin User Authentication (ATT&CK T1102) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "13800: HTTP: Pastebin User Authentication". 13804: HTTP: Pastebin Create New Paste (ATT&CK T1102) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "13804: HTTP: Pastebin Create New Paste". 13806: HTTP: Pastebin Access To Trending Pastes, Tools and Archives (ATT&CK T1102) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "13806: HTTP: Pastebin Access To Trending Pastes, Tools and Archives". 13807: HTTP: Pastebin Access to Public Pastes (ATT&CK T1102) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "13807: HTTP: Pastebin Access to Public Pastes". 13814: TLS: OpenSSL Suspicious Heartbeat Packet (ATT&CK T1032) - IPS Version: 3.2.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "13814: TLS: OpenSSL Suspicious Heartbeat Packet". 13840: TLS: OpenSSL Heartbeat Packet (ATT&CK T1032) - IPS Version: 3.2.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "13840: TLS: OpenSSL Heartbeat Packet". 13895: SSL: SSLv3 Negotiation (ATT&CK T1032) - IPS Version: 3.1.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "13895: SSL: SSLv3 Negotiation". 13896: TLS: TLS 1.0 Negotiation (ATT&CK T1032) - IPS Version: 3.1.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "13896: TLS: TLS 1.0 Negotiation". 13897: TLS: TLS 1.1 Negotiation (ATT&CK T1032) - IPS Version: 3.1.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "13897: TLS: TLS 1.1 Negotiation". 13898: TLS: TLS 1.2 Negotiation (ATT&CK T1032) - IPS Version: 3.1.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "13898: TLS: TLS 1.2 Negotiation". 16471: HTTP: TeamViewer Communication Attempt (ATT&CK T1133,T1219) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "16471: HTTP: TeamViewer Communication Attempt ". 16527: TCP: Evaluated Base64 PHP Code (ATT&CK T1027) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "16527: TCP: Evaluated Base64 PHP Code". 16528: UDP: Evaluated Base64 PHP Code (ATT&CK T1027) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "16528: UDP: Evaluated Base64 PHP Code". 16580: HTTPS: TeamViewer Site Access (ATT&CK T1133,T1219) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "16580: HTTPS: TeamViewer Site Access". 16714: HTTPS: WhatsApp Registration (ATT&CK T1102) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "16714: HTTPS: WhatsApp Registration". 16870: TCP: WhatsApp Communication Attempt (ATT&CK T1102) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "16870: TCP: WhatsApp Communication Attempt". 16881: HTTPS: Dropbox Shared Link File Download (ATT&CK T1102) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "16881: HTTPS: Dropbox Shared Link File Download". 16910: HTTP: Suspicious JavaScript Obfuscation (ATT&CK T1027) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "16910: HTTP: Suspicious JavaScript Obfuscation". 16967: HTTP: 51.com Login Attempt With Third Party Credentials (ATT&CK T1212) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "16967: HTTP: 51.com Login Attempt With Third Party Credentials". 16972: HTTPS: AOL Mail Site Access (ATT&CK T1102) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "16972: HTTPS: AOL Mail Site Access". 17060: HTTP: Vkontakte Site Access (ATT&CK T1102) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "17060: HTTP: Vkontakte Site Access". 17165: Tunneling: DNS Tunneling Request (ATT&CK T1048) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "17165: Tunneling: DNS Tunneling Request". 17187: TCP: MIT Kerberos Suspicious TGS-REQ Request (ATT&CK T1212,T1208) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "17187: TCP: MIT Kerberos Suspicious TGS-REQ Request". 17195: HTTP: Default Credentials Login Attempt (ATT&CK T1212) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "17195: HTTP: Default Credentials Login Attempt". 19289: TLS: RC4 Cipher Suite Usage (ATT&CK T1032) - IPS Version: 3.1.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "19289: TLS: RC4 Cipher Suite Usage". 19428: HTTP: Cabinet (.cab) File Containing .scr Download (ATT&CK T1180) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "19428: HTTP: Cabinet (.cab) File Containing .scr Download". 19431: SMTP: Cabinet (.cab) File Containing .scr File Transfer (ATT&CK T1180) - IPS Version: 3.1.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "19431: SMTP: Cabinet (.cab) File Containing .scr File Transfer". 19558: TCP: RSA_EXPORT Cipher Suite Negotiation (ATT&CK T1032) - IPS Version: 3.1.3 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "19558: TCP: RSA_EXPORT Cipher Suite Negotiation". 19585: HTTPS: MediaFire Site Access (ATT&CK T1102) - IPS Version: 3.1.3 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "19585: HTTPS: MediaFire Site Access". 19790: HTTP: Arris Surfboard SBG6580 Web Management Portal Default Credentials (ATT&CK T1212) - IPS Version: 3.1.3 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "19790: HTTP: Arris Surfboard SBG6580 Web Management Portal Default Credentials". 19826: HTTP: Tumblr Hosted Website Access (ATT&CK T1102) - IPS Version: 3.1.3 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "19826: HTTP: Tumblr Hosted Website Access". 19887: TCP: Diffie-Hellman DHE Weak Cipher Suite Negotiation (ATT&CK T1032) - IPS Version: 3.1.3 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "19887: TCP: Diffie-Hellman DHE Weak Cipher Suite Negotiation". * 35085: HTTP: Oracle WebLogic Server Remote Code Execution Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Deployments updated and are now: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) Removed Filters: NoneTop of the Page