Summary
Digital Vaccine #9393 March 10, 2020
Details
Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs. New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com. SMS customers can update the Digital Vaccine through the SMS client. From the top-line menu, you can open the "File > Download Digital Vaccine from TMC" menu item to detect and load the latest update. |
System Requirements |
The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above, all NGFW and all TPS systems. The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance. Please note that vTPS does not currently support pre-disclosed ZDI filters. |
Microsoft Security Bulletins This DV includes coverage for the Microsoft vulnerabilities released on or before March 10, 2020. The following table maps TippingPoint filters to the Microsoft CVEs. | ||
CVE | Filter | Status |
CVE-2020-0684 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0690 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0758 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0762 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0763 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0765 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0768 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0769 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0770 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0771 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0772 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0773 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0774 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0775 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0776 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0777 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0778 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0779 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0780 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0781 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0783 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0785 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0786 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0787 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0788 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0789 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0791 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0793 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0795 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0797 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0798 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0799 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0800 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0801 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0802 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0803 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0804 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0806 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0807 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0808 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0809 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0810 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0811 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0812 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0813 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0814 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0815 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0816 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0819 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0820 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0822 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0823 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0824 | 37271 | |
CVE-2020-0825 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0826 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0827 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0828 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0829 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0830 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0831 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0832 | 37270 | |
CVE-2020-0833 | 37269 | |
CVE-2020-0834 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0840 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0841 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0842 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0843 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0844 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0845 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0847 | 37268 | |
CVE-2020-0848 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0849 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0850 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0851 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0852 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0853 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0854 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0855 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0857 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0858 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0859 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0860 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0861 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0863 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0864 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0865 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0866 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0867 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0868 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0869 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0871 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0872 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0874 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0876 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0877 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0879 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0880 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0881 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0882 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0883 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0884 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0885 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0887 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0891 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0892 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0893 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0894 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0896 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0897 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0898 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0903 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0905 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
Filters marked with * shipped prior to this DV, providing zero-day protection. |
Adobe Security Bulletins This DV includes coverage for the Adobe vulnerabilities released on or before March 10, 2020. The following table maps TippingPoint filters to the Adobe CVEs. | ||
Bulletin | CVE | Filter |
APSB20-13 | CVE-2020-3804 | 37319 |
APSB20-13 | CVE-2020-3805 | 37320 |
Filters marked with * shipped prior to this DV, providing zero-day protection. |
The Digital Vaccine can be manually downloaded from the following URLs: https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9393.pkg https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9393.pkg |
Update Details
Table of Contents
--------------------------
Filters
New Filters - 42
Modified Filters (logic changes) - 6
Modified Filters (metadata changes only) - 63
Removed Filters - 0
Filters
----------------
New Filters:
37038: HTTP: D-Link DAP-2610 Router login Authentication Bypass Vulnerability (ZDI-20-266) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: High - Description: This filter detects an attempt to exploit an authentication bypass vulnerability in D-Link DAP-2610 Router. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2020-8862 - Zero Day Initiative: ZDI-20-266 - Classification: Vulnerability - Access Validation - Protocol: HTTP - Platform: Multi-Platform Client Application 37235: HTTP: HPE Intelligent Management Center tvxlanLegend Expression Language Injection (ZDI-20-195) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit an expression language injection vulnerability in HPE Intelligent Management Center. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Zero Day Initiative: ZDI-20-195 - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: Multi-Platform Server Application or Service 37244: HTTP: Oracle E-Business Suite Human Resources CVE-2020-2587 SQL Injection Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a SQL injection vulnerability in Oracle E-Business Suite. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2020-2587 CVSS 6.5 - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: Multi-Platform Server Application or Service 37262: AMI: Sangoma Asterisk Originate Command Execution Request - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Moderate - Description: This filter detects an attempt to execute a system command via the Asterisk Manager Interface (AMI) protocol. - Deployment: Not enabled by default in any deployment. - References: - Common Vulnerabilities and Exposures: CVE-2019-18610 - Classification: Security Policy - Forbidden Application Access or Service Request - Protocol: TCP (Generic) - Platform: Multi-Platform Server Application or Service 37268: HTTP: Microsoft Internet Explorer Remote Code Execution Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Internet Explorer. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - References: - Common Vulnerabilities and Exposures: CVE-2020-0847 - Classification: Vulnerability - Other - Protocol: HTTP - Platform: Windows Client Application 37269: HTTP: Microsoft Scripting Engine Memory Corruption Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Windows. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2020-0833 - Classification: Vulnerability - Other - Protocol: HTTP - Platform: Windows Client Application 37270: HTTP: Microsoft Windows Script Engine Memory Corruption Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Windows. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2020-0832 - Classification: Vulnerability - Other - Protocol: HTTP - Platform: Windows Client Application 37271: HTTP: Microsoft Windows ADO Memory Corruption Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Windows. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2020-0824 - Classification: Vulnerability - Other - Protocol: HTTP - Platform: Windows Client Application 37273: HTTP: Microsoft Windows LNK Code Execution Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a code execution vulnerability in Microsoft Windows. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - References: - Common Vulnerabilities and Exposures: CVE-2020-0729 CVSS 6.8 - Classification: Vulnerability - Other - Protocol: HTTP - Platform: Windows Client Application 37274: HTTP: ICGAutoExploiter Tool Usage - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Moderate - Description: This filter detects usage of the ICGAutoExploiter tool. - Deployment: Not enabled by default in any deployment. - Classification: Security Policy - Other - Protocol: HTTP - Platform: Multi-Platform Client Application 37277: HTTP: ELOG Electronic Logbook drop-count Null Pointer Dereference Vulnerability (ZDI-20-252) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: High - Description: This filter detects an attempt to exploit a null pointer dereference vulnerability in ELOG Electronic Logbook. - Deployment: Not enabled by default in any deployment. - References: - Common Vulnerabilities and Exposures: CVE-2020-8859 - Zero Day Initiative: ZDI-20-252 - Classification: Vulnerability - Other - Protocol: HTTP - Platform: Multi-Platform Server Application or Service 37278: HTTP: Gila CMS media-assets.php Directory Traversal Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: High - Description: This filter detects an attempt to exploit a directory traversal vulnerability in Gila CMS. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2020-5512 CVSS 6.8 - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: Multi-Platform Server Application or Service 37279: ZDI-CAN-9968: Zero Day Initiative Vulnerability (Microsoft JET Database) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft JET Database. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37281: ZDI-CAN-10153: Zero Day Initiative Vulnerability (Eaton HMiSoft) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Eaton HMiSoft. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37283: ZDI-CAN-10157: Zero Day Initiative Vulnerability (Eaton HMiSoft) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Eaton HMiSoft. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37285: ZDI-CAN-10121: Zero Day Initiative Vulnerability (Advantech WebAccess/HMI Designer) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: High - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Advantech WebAccess/HMI Designer. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37287: ZDI-CAN-10158: Zero Day Initiative Vulnerability (Eaton HMiSoft) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Eaton HMiSoft. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37288: ZDI-CAN-10159: Zero Day Initiative Vulnerability (Eaton HMiSoft) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Eaton HMiSoft. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37289: ZDI-CAN-10122: Zero Day Initiative Vulnerability (Advantech WebAccess/HMI Designer) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: High - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Advantech WebAccess/HMI Designer. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37291: ZDI-CAN-10160: Zero Day Initiative Vulnerability (Eaton HMiSoft) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Eaton HMiSoft. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37292: ZDI-CAN-10161: Zero Day Initiative Vulnerability (Eaton HMiSoft) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Eaton HMiSoft. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37293: ZDI-CAN-10162: Zero Day Initiative Vulnerability (Eaton HMiSoft) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Eaton HMiSoft. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37294: ZDI-CAN-10163: Zero Day Initiative Vulnerability (Eaton HMiSoft) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Eaton HMiSoft. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37295: ZDI-CAN-10164: Zero Day Initiative Vulnerability (Eaton HMiSoft) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Eaton HMiSoft. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37296: ZDI-CAN-10165: Zero Day Initiative Vulnerability (Eaton HMiSoft) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Eaton HMiSoft. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37297: ZDI-CAN-10166: Zero Day Initiative Vulnerability (Eaton HMiSoft) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Eaton HMiSoft. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37298: ZDI-CAN-10341: Zero Day Initiative Vulnerability (Oracle WebLogic Server) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Oracle WebLogic Server. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37299: ZDI-CAN-10397: Zero Day Initiative Vulnerability (Microsoft Internet Explorer) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Internet Explorer. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37303: SMTP: OpenBSD OpenSMTPD mta_io Out-of-Bounds Read Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit an out-of-bounds read vulnerability in OpenBSD OpenSMTPD. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - References: - Common Vulnerabilities and Exposures: CVE-2020-8794 - Classification: Vulnerability - Other - Protocol: SMTP - Platform: UNIX/Linux Client Application 37304: HTTP: WordPress GDPR Cookie Consent Plugin Stored Cross-Site Scripting Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a cross-site scripting vulnerability in WordPress GDPR Cookie Consent Plugin. - Deployment: Not enabled by default in any deployment. - Classification: Vulnerability - Access Validation - Protocol: HTTP - Platform: Multi-Platform Server Application or Service 37308: ZDI-CAN-9334: Zero Day Initiative Vulnerability (Oracle Business Intelligence) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Oracle Business Intelligence. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37310: ZDI-CAN-9994: Zero Day Initiative Vulnerability (Advantech WebAccess/SCADA) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Advantech WebAccess/SCADA. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37311: ZDI-CAN-9998: Zero Day Initiative Vulnerability (Advantech WebAccess/SCADA) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Advantech WebAccess/SCADA. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37312: ZDI-CAN-10027: Zero Day Initiative Vulnerability (Microsoft SharePoint) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft SharePoint. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37319: HTTP: Adobe Acrobat Reader Out-of-Bounds Read Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: High - Description: This filter detects an attempt to exploit an out-of-bounds read vulnerability in Adobe Acrobat Reader. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - References: - Common Vulnerabilities and Exposures: CVE-2020-3804 - Classification: Vulnerability - Other - Protocol: HTTP - Platform: Multi-Platform Client Application 37320: HTTP: Adobe Acrobat Reader Use-After-Free Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Adobe Acrobat Reader. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - References: - Common Vulnerabilities and Exposures: CVE-2020-3805 - Classification: Vulnerability - Other - Protocol: HTTP - Platform: Multi-Platform Client Application 37321: ZDI-CAN-10126: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Adobe Acrobat Pro DC. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37322: ZDI-CAN-10132: Zero Day Initiative Vulnerability (Foxit Reader) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Foxit Reader. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37323: ZDI-CAN-10133: Zero Day Initiative Vulnerability (Advantech WebAccess/HMI Designer) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Advantech WebAccess/HMI Designer. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37324: ZDI-CAN-10134: Zero Day Initiative Vulnerability (Advantech WebAccess/HMI Designer) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Advantech WebAccess/HMI Designer. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37325: ZDI-CAN-10135: Zero Day Initiative Vulnerability (Advantech WebAccess/HMI Designer) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Advantech WebAccess/HMI Designer. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37355: HTTP: Zoho ManageEngine Desktop Central mdmLogUploader Directory Traversal Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: High - Description: This filter detects an attempt to exploit a directory traversal vulnerability in Zoho ManageEngine Desktop Central. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: Multi-Platform Server Application or Service Modified Filters (logic changes): * = Enabled in Default deployments 29657: RPC: Advantech WebAccess Malicious IOCTL(ZDI-17-938-940,ZDI-18-009-025,18-029-054,18-058-063,18-483) - IPS Version: 3.2.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Detection logic updated. - Vulnerability references updated. 29916: HTTP: Apple Safari DFG JIT Type Confusion Vulnerability (Pwn2Own, ZDI-18-155) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. 35097: RPC: Advantech WebAccess Node bwscrp Buffer Overflow Vulnerability (ZDI-19-594) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Detection logic updated. 36027: HTTP: Cisco Data Center Network Manager getRestoreLog Directory Traversal Vulnerability (ZDI-20-006) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "36027: ZDI-CAN-9027: Zero Day Initiative Vulnerability (Cisco Data Center Network Manager)". - Severity changed from "Critical" to "High". - Description updated. - Detection logic updated. - Vulnerability references updated. 36475: HTTP: Cisco Data Center Network Manager getSwitchDbIdBySerialNumber SQL Injection (ZDI-20-110) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "36475: ZDI-CAN-9352: Zero Day Initiative Vulnerability (Cisco Data Center Network Manager)". - Description updated. - Detection logic updated. - Vulnerability references updated. 36532: HTTP: Advantech WISE-PaaS/RMM UpgradeMgmt upload_ota Directory Traversal Vulnerability (ZDI-19-950) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "36532: ZDI-CAN-9173: Zero Day Initiative Vulnerability (Advantech WISE-PaaS/RMM)". - Description updated. - Detection logic updated. - Vulnerability references updated. Modified Filters (metadata changes only): * = Enabled in Default deployments 20023: SMB: Mimikatz BinaryTransfer (ATT&CK T1145,T1003) - IPS Version: 3.1.3 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "20023: SMB: Mimikatz BinaryTransfer". 20098: HTTP: Suspicious Obfuscated HTML Script Tags (ATT&CK T1027) - IPS Version: 3.1.3 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "20098: HTTP: Suspicious Obfuscated HTML Script Tags". 22166: RDP: Windows Remote Desktop Access Over UDP (ATT&CK T1076) - IPS Version: 3.2.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "22166: RDP: Windows Remote Desktop Access Over UDP ". 22167: RDP: Windows Remote Desktop Access Over UDP on Non-Standard Ports (ATT&CK T1076,T1065) - IPS Version: 3.2.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "22167: RDP: Windows Remote Desktop Access Over UDP on Non-Standard Ports". 22574: HTTP: TrendMicro Antivirus Password Manager Vulnerable API Usage (ATT&CK T1211) - IPS Version: 3.1.3 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "22574: HTTP: TrendMicro Antivirus Password Manager Vulnerable API Usage". 22579: TLS: AES-CBC Cipher Suite Usage (ATT&CK T1032) - IPS Version: 3.1.3 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "22579: TLS: AES-CBC Cipher Suite Usage". 22607: HTTP: Jenkins Script Code Execution Attempt (ATT&CK T1210) - IPS Version: 3.1.3 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "22607: HTTP: Jenkins Script Code Execution Attempt". 23809: HTTP: HTTPTunnel Connection Attempt (ATT&CK T1090) - IPS Version: 3.1.3 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "23809: HTTP: HTTPTunnel Connection Attempt". 23810: Tunnel: SoftEther VPN Connection Attempt (ATT&CK T1133) - IPS Version: 3.1.3 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "23810: Tunnel: SoftEther VPN Connection Attempt". 24042: HTTP: Common JavaScript Obfuscation Techniques (ATT&CK T1027) - IPS Version: 3.1.3 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "24042: HTTP: Common JavaScript Obfuscation Techniques". 24492: HTTP: Common JavaScript Obfuscation Techniques (ATT&CK T1027) - IPS Version: 3.1.3 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "24492: HTTP: Common JavaScript Obfuscation Techniques". 24594: HTTP: Zip File Suspicious Uncompressed Size (ATT&CK T1002) - IPS Version: 3.1.3 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "24594: HTTP: Zip File Suspicious Uncompressed Size". 24596: SMTP: GZip File Containing an Archive File (.tar.gz) (ATT&CK T1002) - IPS Version: 3.1.3 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "24596: SMTP: GZip File Containing an Archive File (.tar.gz)". 25846: HTTPS: Telegram Bot API Usage (Used by Telecrypt) (ATT&CK T1102) - IPS Version: 3.1.3 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "25846: HTTPS: Telegram Bot API Usage (Used by Telecrypt)". 27226: Tunneling: DNSCAT2 Tunneling Request (ATT&CK T1048) - IPS Version: 3.1.3 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "27226: Tunneling: DNSCAT2 Tunneling Request". 27819: TCP: PowerShell with Base64 Encoded Script String Transfer (ATT&CK T1132,T1027,T1086) - IPS Version: 3.1.3 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "27819: TCP: PowerShell with Base64 Encoded Script String Transfer". 27940: TCP: MIT Kerberos Suspicious AS-REQ Request (EskimoRoll) (ATT&CK T1212,T1208) - IPS Version: 3.1.3 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "27940: TCP: MIT Kerberos Suspicious AS-REQ Request (EskimoRoll)". - Description updated. 28013: SMB: Request for Domain Administrators to Domain Controller (ATT&CK T1482) - IPS Version: 3.2.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "28013: SMB: Request for Domain Administrators to Domain Controller". 28014: SMB: Response for Domain Administrators from Domain Controller (ATT&CK T1482) - IPS Version: 3.2.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "28014: SMB: Response for Domain Administrators from Domain Controller". 28015: SMB: Request for Domain Users to Domain Controller (ATT&CK T1482) - IPS Version: 3.2.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "28015: SMB: Request for Domain Users to Domain Controller". 28016: SMB: Response for Domain Users from Domain Controller (ATT&CK T1482) - IPS Version: 3.2.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "28016: SMB: Response for Domain Users from Domain Controller". 28017: SMB: Request for Domain Computers to Domain Controller (ATT&CK T1482) - IPS Version: 3.2.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "28017: SMB: Request for Domain Computers to Domain Controller". 28018: SMB: Response for Domain Computers from Domain Controller (ATT&CK T1482) - IPS Version: 3.2.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "28018: SMB: Response for Domain Computers from Domain Controller". 28019: SMB: Request for Exchange Servers to Domain Controller (ATT&CK T1482) - IPS Version: 3.2.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "28019: SMB: Request for Exchange Servers to Domain Controller". 28020: SMB: Request for Domain Exchange Servers to Domain Controller (ATT&CK T1482) - IPS Version: 3.2.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "28020: SMB: Request for Domain Exchange Servers to Domain Controller". 28021: SMB: Request for All Domain Controllers from Domain Controller (ATT&CK T1482) - IPS Version: 3.2.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "28021: SMB: Request for All Domain Controllers from Domain Controller". 28022: SMB: Response for All Domain Controllers from Domain Controller (ATT&CK T1482) - IPS Version: 3.2.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "28022: SMB: Response for All Domain Controllers from Domain Controller". 28609: HTTP: Squid Proxy Usage (ATT&CK T1090) - IPS Version: 3.1.3 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "28609: HTTP: Squid Proxy Usage". 28638: DNS: TeamViewer Remote Access Tool DNS Request (ATT&CK T1133,T1219) - IPS Version: 3.1.3 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "28638: DNS: TeamViewer Remote Access Tool DNS Request". 28639: HTTP: TeamViewer Beacon (ATT&CK T1133,T1219) - IPS Version: 3.1.3 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "28639: HTTP: TeamViewer Beacon". 28640: TLS: TeamViewer Remote Access Tool Certificate Exchange (ATT&CK T1133,T1219) - IPS Version: 3.1.3 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "28640: TLS: TeamViewer Remote Access Tool Certificate Exchange". 28641: Tunneling: TeamViewer Remote Access (UDP) (ATT&CK T1048,T1133,T1219) - IPS Version: 3.1.3 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "28641: Tunneling: TeamViewer Remote Access (UDP)". 28642: Tunneling: TeamViewer Remote Access (ICMP) (ATT&CK T1048,T1133,T1219) - IPS Version: 3.1.3 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "28642: Tunneling: TeamViewer Remote Access (ICMP)". 28728: SMTP: Social Engineer Toolkit Spear Phishing Email Attachment (ATT&CK T1193) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "28728: SMTP: Social Engineer Toolkit Spear Phishing Email Attachment". 28775: HTTP: HTTP_PROXY Traffic Redirection (ATT&CK T1090,T1071) - IPS Version: 3.1.3 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "28775: HTTP: HTTP_PROXY Traffic Redirection". 28811: SMB: Inbound Write Andx Request (ATT&CK T1039) - IPS Version: 3.8.3 and after. - NGFW Version: Not available. - TPS Version: Not available. - vTPS Version: Not available. - Name changed from "28811: SMB: Inbound Write Andx Request". 28983: SMB: PsExec Tool Usage (ATT&CK T1035) - IPS Version: 3.1.3 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "28983: SMB: PsExec Tool Usage". 29079: FTP: FTP Service on Non-Standard Ports (ATT&CK T1065) - IPS Version: 3.1.3 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "29079: FTP: FTP Service on Non-Standard Ports". 29476: HTTP: HTTP on Non-Standard Ports (ATT&CK T1065) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "29476: HTTP: HTTP on Non-Standard Ports". 29686: SMTP: Social Engineer Toolkit Spear Phishing Email Attachment (ATT&CK T1193) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "29686: SMTP: Social Engineer Toolkit Spear Phishing Email Attachment". 29717: SMB: NTLMv1 Authentication Request (ATT&CK T1187) - IPS Version: 3.1.3 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "29717: SMB: NTLMv1 Authentication Request". 29718: SMB: NTLMv2 Authentication Request (ATT&CK T1187) - IPS Version: 3.1.3 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "29718: SMB: NTLMv2 Authentication Request". 29774: SMTP: Social Engineer Toolkit Spear Phishing Email Attachment (ATT&CK T1193) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "29774: SMTP: Social Engineer Toolkit Spear Phishing Email Attachment". 29775: SMTP: Social Engineer Toolkit Spear Phishing Email Attachment (ATT&CK T1193) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "29775: SMTP: Social Engineer Toolkit Spear Phishing Email Attachment". 29777: SMTP: Social Engineer Toolkit Spear Phishing Email Attachment (ATT&CK T1193) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "29777: SMTP: Social Engineer Toolkit Spear Phishing Email Attachment". 30103: DNS: Sensepost Data Exfiltration Toolkit DNS Query (ATT&CK T1020) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "30103: DNS: Sensepost Data Exfiltration Toolkit DNS Query". 31570: TCP: PDF Reader Possible NTLM Credentials Leakage (ATT&CK T1212) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "31570: TCP: PDF Reader Possible NTLM Credentials Leakage". 32069: HTTP: Code Obfuscation (Script Encoder Plus) (ATT&CK T1027) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "32069: HTTP: Code Obfuscation (Script Encoder Plus)". 32070: HTTP: MinerGate Google-Analytics Request Detected (ATT&CK T1102) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "32070: HTTP: MinerGate Google-Analytics Request Detected". 32071: HTTP: JavaScript Obfuscation (jjencode) (ATT&CK T1027) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "32071: HTTP: JavaScript Obfuscation (jjencode) ". 32147: HTTP: JavaScript Code Obfuscation (aaencode) (ATT&CK T1027) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "32147: HTTP: JavaScript Code Obfuscation (aaencode)". 32726: HTTP: Tor Traffic Through Format Transforming Encryption (FTE) Bridge (ATT&CK T1079) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "32726: HTTP: Tor Traffic Through Format Transforming Encryption (FTE) Bridge". 32904: HTTP: Jenkins Java Deserialization Usage (ATT&CK T1210) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "32904: HTTP: Jenkins Java Deserialization Usage". 33147: HTTP: Microsoft PowerShell XML/XSL COM Instantiation and Transformation Usage (ATT&CK T1086) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "33147: HTTP: Microsoft PowerShell XML/XSL COM Instantiation and Transformation Usage". 33540: HTTP: HPE Intelligent Management Center ictExpertCSVDownload EL Injection Vulnerability (ZDI-19-264) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Miscellaneous modification. 33559: HTTP: HPE Intelligent Management Center iccSelectCommand Expression Language Injection (ZDI-19-162) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Miscellaneous modification. 33560: HTTP: HPE Intelligent Management Center deviceSelect Expression Language Injection (ZDI-19-238) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Miscellaneous modification. 33876: IRC: Connect and Register Request Over a Non-Standard Port (ATT&CK T1065) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "33876: IRC: Connect and Register Request Over a Non-Standard Port". 35086: HTTP: Suspicious Proxy Access (ATT&CK T1090) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "35086: HTTP: Suspicious Proxy Access". 35096: HTTP: JavaScript Obfuscation (ATT&CK T1027) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "35096: HTTP: JavaScript Obfuscation". 35120: HTTP: JavaScript Obfuscation (jfogs) (ATT&CK T1027) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "35120: HTTP: JavaScript Obfuscation (jfogs) ". 35296: RDP: Microsoft Remote Desktop Services Negotiation Request Without CredSSP (ATT&CK T1076) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "35296: RDP: Microsoft Remote Desktop Services Negotiation Request Without CredSSP". 36025: HTTP: Cisco Data Center Network Manager saveLicenseFileToServer Directory Traversal (ZDI-20-004) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Vulnerability references updated. Removed Filters: NoneTop of the Page