Summary
Digital Vaccine #9407 April 14, 2020
Details
Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs. New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com. SMS customers can update the Digital Vaccine through the SMS client. From the top-line menu, you can open the "File > Download Digital Vaccine from TMC" menu item to detect and load the latest update. |
Note: Customers with TP10 devices should perform a soft reboot of their IPS before installing the new DV to avoid a memory issue during the install.
System Requirements |
The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above, all NGFW and all TPS systems. The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance. Please note that vTPS does not currently support pre-disclosed ZDI filters. |
Microsoft Security Bulletins This DV includes coverage for the Microsoft vulnerabilities released on or before April 14, 2020. The following table maps TippingPoint filters to the Microsoft CVEs. | ||
CVE | Filter | Status |
CVE-2020-0687 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0699 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0760 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0784 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0794 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0821 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0835 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0888 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0889 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0895 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0899 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0900 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0906 | *37331, *37369 | |
CVE-2020-0907 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0910 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0913 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0917 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0918 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0919 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0920 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0923 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0924 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0925 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0926 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0927 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0929 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0930 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0931 | *36978 | |
CVE-2020-0932 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0933 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0934 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0935 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0936 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0937 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0938 | *37431 | |
CVE-2020-0939 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0940 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0942 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0943 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0944 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0945 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0946 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0947 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0948 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0949 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0950 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0952 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0953 | *36982, *37050 | |
CVE-2020-0954 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0955 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0956 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0957 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0958 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0959 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0960 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0961 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0962 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0964 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0965 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0966 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0967 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0968 | 37484 | |
CVE-2020-0969 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0970 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0971 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0972 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0973 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0974 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0975 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0976 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0977 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0978 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0979 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0980 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0981 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0982 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0983 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0984 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0985 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0987 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0988 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0991 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0992 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0993 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0994 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0995 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0996 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0999 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1000 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1001 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1002 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1003 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1004 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1005 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1006 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1007 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1008 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1009 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1011 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1014 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1015 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1016 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1017 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1018 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1019 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1020 | 37500 | |
CVE-2020-1022 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1026 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1027 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
Filters marked with * shipped prior to this DV, providing zero-day protection. |
The Digital Vaccine can be manually downloaded from the following URLs: https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9407.pkg https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9407.pkg |
Update Details
Table of Contents
--------------------------
Filters
New Filters - 46
Modified Filters (logic changes) - 15
Modified Filters (metadata changes only) - 1
Removed Filters - 0
Filters
----------------
New Filters:
37481: HTTP: rConfig commands.inc.php SQL Injection Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: High - Description: This filter detects an attempt to exploit a SQL injection vulnerability in rConfig Network Device Configuration Tool. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - References: - Common Vulnerabilities and Exposures: CVE-2020-10220 CVSS 7.5 - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: UNIX/Linux Server Application or Service 37484: HTTP: Microsoft Internet Explorer CScriptRuntime Use-After-Free Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Microsoft Internet Explorer. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - References: - Common Vulnerabilities and Exposures: CVE-2020-0968 - Classification: Vulnerability - Other - Protocol: HTTP - Platform: Windows Client Application 37491: HTTP: FCKEditor filemanager Connector Usage - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Moderate - Description: This filter detects usage of the FCKEditor file manager connector. - Deployment: Not enabled by default in any deployment. - Classification: Security Policy - Other - Protocol: HTTP - Platform: Multi-Platform Client Application 37492: HTTP: Nagios Log Server User Profile Stored Cross-Site Scripting Vulnerability - IPS Version: 3.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a cross-site scripting vulnerability in Nagios Log Server. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2020-6586 CVSS 3.5 - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: Multi-Platform Server Application or Service 37500: HTTP: Microsoft Windows ATMFD Code Execution Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a code execution vulnerability in Microsoft Windows. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2020-1020 - Classification: Vulnerability - Other - Protocol: HTTP - Platform: Windows Client Application 37501: HTTP: Apache ShardingSphere SnakeYAML Insecure Deserialization Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit an insecure deserialization vulnerability in Apache ShardingSphere. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2020-1947 CVSS 7.5 - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: UNIX/Linux Server Application or Service 37506: HTTP: Horde Groupware Webmail Edition CSV Import Code Injection Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a code injection vulnerability in Horde Groupware Webmail Edition. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - References: - Common Vulnerabilities and Exposures: CVE-2020-8518 CVSS 7.5 - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: Multi-Platform Server Application or Service 37568: ZDI-CAN-10128: Zero Day Initiative Vulnerability (Delta Industrial Automation TPEditor) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Delta Industrial Automation TPEditor. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37571: ZDI-CAN-10130: Zero Day Initiative Vulnerability (Delta Industrial Automation TPEditor) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Delta Industrial Automation TPEditor. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37572: ZDI-CAN-10147: Zero Day Initiative Vulnerability (Phoenix Contact Automationworx) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Phoenix Contact Automationworx. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37573: ZDI-CAN-10496: Zero Day Initiative Vulnerability (Hewlett Packard Enterprise Storage) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Hewlett Packard Enterprise Storage. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37574: ZDI-CAN-10497-99: Zero Day Initiative Vulnerability (Hewlett Packard Enterprise Storage) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Hewlett Packard Enterprise Storage. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37575: ZDI-CAN-10501: Zero Day Initiative Vulnerability (Hewlett Packard Enterprise Storage) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Hewlett Packard Enterprise Storage. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37576: ZDI-CAN-10549-50: Zero Day Initiative Vulnerability (Hewlett Packard Enterprise Storage) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Hewlett Packard Enterprise Storage. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37577: ZDI-CAN-10553: Zero Day Initiative Vulnerability (Hewlett Packard Enterprise Storage) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Hewlett Packard Enterprise Storage. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37578: ZDI-CAN-10565: Zero Day Initiative Vulnerability (Hewlett Packard Enterprise Storage) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Hewlett Packard Enterprise Storage. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37579: ZDI-CAN-10588: Zero Day Initiative Vulnerability (Microsoft Word) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Word. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37580: ZDI-CAN-10610: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite V-Simulator 6) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Fuji Electric Tellus Lite V-Simulator 6. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37581: ZDI-CAN-10611: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite V-Simulator 6) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Fuji Electric Tellus Lite V-Simulator 6. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37582: ZDI-CAN-10632: Zero Day Initiative Vulnerability (Advantech iView) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Advantech iView. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37583: ZDI-CAN-10635: Zero Day Initiative Vulnerability (Advantech iView) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Advantech iView. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37584: ZDI-CAN-10646: Zero Day Initiative Vulnerability (Advantech iView) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Advantech iView. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37585: ZDI-CAN-10675: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite V-Simulator 6) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Fuji Electric Tellus Lite V-Simulator 6. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37586: ZDI-CAN-10676: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite V-Simulator 6) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Fuji Electric Tellus Lite V-Simulator 6. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37587: ZDI-CAN-10677: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite V-Simulator 6) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Fuji Electric Tellus Lite V-Simulator 6. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37588: ZDI-CAN-10678: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite V-Simulator 6) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Fuji Electric Tellus Lite V-Simulator 6. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37589: ZDI-CAN-10679: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite V-Simulator 6) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Fuji Electric Tellus Lite V-Simulator 6. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37590: ZDI-CAN-10680: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite V-Simulator 6) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Fuji Electric Tellus Lite V-Simulator 6. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37591: ZDI-CAN-10695: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite V-Simulator 6) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Fuji Electric Tellus Lite V-Simulator 6. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37592: ZDI-CAN-10696: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite V-Simulator 6) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Fuji Electric Tellus Lite V-Simulator 6. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37593: ZDI-CAN-10697: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite V-Simulator 6) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Fuji Electric Tellus Lite V-Simulator 6. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37594: ZDI-CAN-10698: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite V-Simulator 6) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Fuji Electric Tellus Lite V-Simulator 6. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37595: ZDI-CAN-10822: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Adobe Acrobat Pro DC. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37596: ZDI-CAN-10702: Zero Day Initiative Vulnerability (Advantech iView) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Advantech iView. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37597: ZDI-CAN-10703: Zero Day Initiative Vulnerability (Advantech iView) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Advantech iView. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37598: ZDI-CAN-10704: Zero Day Initiative Vulnerability (Advantech iView) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Advantech iView. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37599: ZDI-CAN-10705: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite V-Simulator 6) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Fuji Electric Tellus Lite V-Simulator 6. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37600: ZDI-CAN-10706-07,16: Zero Day Initiative Vulnerability (Advantech iView) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Advantech iView. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37601: ZDI-CAN-10717: Zero Day Initiative Vulnerability (Advantech iView) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Advantech iView. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37602: ZDI-CAN-10734: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite V-Simulator 6) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Fuji Electric Tellus Lite V-Simulator 6. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37603: ZDI-CAN-10735: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite V-Simulator 6) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Fuji Electric Tellus Lite V-Simulator 6. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37604: ZDI-CAN-10788: Zero Day Initiative Vulnerability (Microsoft Chakra) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Chakra. - Deployments: - Deployment: Default (Block / Notify / Trace) - Deployment: Performance-Optimized (Disabled) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37605: ZDI-CAN-10736: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite V-Simulator 6) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Fuji Electric Tellus Lite V-Simulator 6. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37606: ZDI-CAN-10737: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite V-Simulator 6) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Fuji Electric Tellus Lite V-Simulator 6. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37608: HTTP: HPE System Management Denial-of-Service Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a denial-of-service vulnerability in Hewlett-Packard Enterprise System management. - Deployment: Not enabled by default in any deployment. - References: - Common Vulnerabilities and Exposures: CVE-2017-12545 - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: Multi-Platform Server Application or Service 37612: ZDI-CAN-10743: Zero Day Initiative Vulnerability (Microsoft Windows) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Windows. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service Modified Filters (logic changes): * = Enabled in Default deployments 22622: HTTP: ThinkPHP Framework Code Injection Vulnerability - IPS Version: 3.1.3 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Detection logic updated. 35775: HTTP: Fuji Electric Alpha5 PLD File Parsing Buffer Overflow Vulnerability (ZDI-19-761) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "35775: ZDI-CAN-8568: Zero Day Initiative Vulnerability (Fuji Electric Alpha5)". - Description updated. - Detection logic updated. - Vulnerability references updated. 35816: HTTP: Delta Industrial Automation TPEditor TPE File Parsing Buffer Overflow (ZDI-19-823) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "35816: ZDI-CAN-8770: Zero Day Initiative Vulnerability (Delta Industrial Automation TPEditor)". - Description updated. - Detection logic updated. - Vulnerability references updated. 36511: HTTP: WECON LeviStudioU MulStatus szFilename Buffer Overflow Vulnerability (ZDI-20-264) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "36511: ZDI-CAN-9280,9290,9304: Zero Day Initiative Vulnerability (WECON LeviStudioU)". - Description updated. - Detection logic updated. - Vulnerability references updated. 36661: HTTP: FasterXML jackson-databind Malicious JSON Objects - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 36695: HTTP: Cisco Data Center Network Manager XML External Entity Processing (ZDI-20-117) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "36695: ZDI-CAN-9425: Zero Day Initiative Vulnerability (Cisco Data Center Network Manager)". - Severity changed from "Critical" to "High". - Description updated. - Detection logic updated. - Vulnerability references updated. 36978: HTTP: Microsoft SharePoint Scorecards Deserialization of Untrusted Data Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "36978: ZDI-CAN-10089: Zero Day Initiative Vulnerability (Microsoft SharePoint)". - Description updated. - Detection logic updated. - Vulnerability references updated. 36982: HTTP: Microsoft Windows JET Database Engine Out-Of-Bounds Write Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "36982: ZDI-CAN-10058: Zero Day Initiative Vulnerability (Microsoft JET Database)". - Description updated. - Detection logic updated. - Vulnerability references updated. 37050: HTTP: Microsoft Windows JET Database Engine Memory Corruption Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37050: ZDI-CAN-10054: Zero Day Initiative Vulnerability (Microsoft JET Database)". - Description updated. - Detection logic updated. - Vulnerability references updated. 37331: HTTP: Microsoft Excel XLSM File Information Disclosure Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37331: ZDI-CAN-10140: Zero Day Initiative Vulnerability (Microsoft Excel)". - Severity changed from "Critical" to "High". - Description updated. - Detection logic updated. - Vulnerability references updated. 37369: HTTP: Microsoft Excel XLS File Use-After-Free Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37369: ZDI-CAN-10638: Zero Day Initiative Vulnerability (Microsoft Office Excel)". - Description updated. - Detection logic updated. - Vulnerability references updated. 37420: HTTP: Centreon ServerConnectionConfigurationService.php Command Injection Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Detection logic updated. 37475: ZDI-CAN-10538-42: Zero Day Initiative Vulnerability (WECON LeviStudioU) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Requires: N/NX-Platform, NGFW, or TPS devices - Name changed from "37475: ZDI-CAN-10538-39: Zero Day Initiative Vulnerability (WECON LeviStudioU)". - Detection logic updated. - Vulnerability references updated. 37476: ZDI-CAN-10543-44: Zero Day Initiative Vulnerability (WECON LeviStudioU) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Requires: N/NX-Platform, NGFW, or TPS devices - Name changed from "37476: ZDI-CAN-10544: Zero Day Initiative Vulnerability (WECON LeviStudioU)". - Detection logic updated. - Vulnerability references updated. 37477: ZDI-CAN-10545-46: Zero Day Initiative Vulnerability (WECON LeviStudioU) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Requires: N/NX-Platform, NGFW, or TPS devices - Name changed from "37477: ZDI-CAN-10545: Zero Day Initiative Vulnerability (WECON LeviStudioU)". - Detection logic updated. - Vulnerability references updated. Modified Filters (metadata changes only): * = Enabled in Default deployments 37431: HTTP: Microsoft Windows Type 1 PostScript Parsing Memory Corruption Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Vulnerability references updated. Removed Filters: NoneTop of the Page