Digital Vaccine #9413

Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs.

New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com.

SMS customers can update the Digital Vaccine through the SMS client. From the top-line menu, you can open the "File > Download Digital Vaccine from TMC" menu item to detect and load the latest update.

Note: Customers with TP10 devices should perform a soft reboot of their IPS before installing the new DV to avoid a memory issue during the install.
System Requirements
The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above, all NGFW and all TPS systems. The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance. Please note that vTPS does not currently support pre-disclosed ZDI filters.
The Digital Vaccine can be manually downloaded from the following URLs:
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9413.pkg
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9413.pkg
Update Details

Table of Contents
--------------------------
Filters
New Filters - 19
Modified Filters (logic changes) - 28
Modified Filters (metadata changes only) - 3
Removed Filters - 0

Filters
----------------
New Filters:
    37634: HTTP: Oracle E-Business Suite Human Resources CVE-2020-2956 SQL Injection Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a SQL injection vulnerability in Oracle E-Business Suite.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-2956
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service

    37690: ZDI-CAN-10626: Zero Day Initiative Vulnerability (Advantech iView)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Advantech iView.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service

    37691: ZDI-CAN-10627-29,33-34,55-58,60: Zero Day Initiative Vulnerability (Advantech iView)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Advantech iView.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service

    37692: ZDI-CAN-10630,10636,10976,10988-95: Zero Day Initiative Vulnerability (Advantech iView)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Advantech iView.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service

    37693: ZDI-CAN-10645: Zero Day Initiative Vulnerability (Advantech iView)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Advantech iView.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service

    37694: ZDI-CAN-10883: Zero Day Initiative Vulnerability (Delta Industrial Automation CNCSoft ScreenEditor)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Delta Industrial Automation CNCSoft ScreenEditor.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service

    37696: ZDI-CAN-10885: Zero Day Initiative Vulnerability (Delta Industrial Automation CNCSoft ScreenEditor)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Delta Industrial Automation CNCSoft ScreenEditor.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service

    37697: ZDI-CAN-10887: Zero Day Initiative Vulnerability (Delta Industrial Automation CNCSoft ScreenEditor)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Delta Industrial Automation CNCSoft ScreenEditor.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service

    37699: HTTP: Cisco SD-WAN Solution vManage SQL Injection Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a SQL injection vulnerability in Cisco SD-WAN Solution.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-16012 CVSS 8.5
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service

    37700: ZDI-CAN-10893: Zero Day Initiative Vulnerability (Delta Industrial Automation CNCSoft ScreenEditor)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Delta Industrial Automation CNCSoft ScreenEditor.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service

    37701: ZDI-CAN-10930: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite V-Simulator 6)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Fuji Electric Tellus Lite V-Simulator 6.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service

    37702: ZDI-CAN-10931: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite V-Simulator 6)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Fuji Electric Tellus Lite V-Simulator 6.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service

    37710: HTTP: Google Chrome WebRTC Use-After-Free Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Google Chrome.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-13694
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application

    37711: HTTP: CoDeSys V3 CmpWebServerHandler MemGCGetSize Integer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an integer overflow vulnerability in CoDeSys V3.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-10245 CVSS 10.0
      - Classification: Vulnerability - Buffer/Heap Overflow
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service

    37712: HTTP: dotCMS CMSFilter assets Directory Traversal Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a directory traversal vulnerability in dotCMS.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-6754
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service

    37714: HTTP: Isomorphic SmartClient downloadWSDL Request
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Moderate
      - Description: This filter detects downloadWSDL requests in Isomorphic SmartClient.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-9352
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service

    37717: HTTP: Pandora FMS Command Injection Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a command Injection vulnerability in Pandora FMS.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service

    37719: TCP: Oracle WebLogic Server T3 Protocol Java Deserialization Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a Java deserialization vulnerability in Oracle WebLogic Server.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-2798 CVSS 6.5
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: TCP (Generic)
      - Platform: Multi-Platform Server Application or Service

    37720: TCP: Redis Arbitrary File Upload
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Moderate
      - Description: This filter detects commands used to upload arbitrary files in Redis.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Forbidden Application Access or Service Request
      - Protocol: TCP (Generic)
      - Platform: UNIX/Linux Server Application or Service

  Modified Filters (logic changes):
    * = Enabled in Default deployments

    33860: HTTP: HPE Intelligent Management Center Code Execution Vulnerability (ZDI-19-303,ZDI-20-167)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "33860: HTTP: HPE Intelligent Management Center mediaForAction Code Execution Vulnerability (ZDI-19-303)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    33862: HTTP: HPE Intelligent Management Center Code Execution Vulnerability(ZDI-19-336,ZDI-20-181)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "33862: HTTP: HPE Intelligent Management Center iccSelectDymicParam Code Execution Vulnerability(ZDI-19-336)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    34220: HTTP: Microsoft Windows ADODB Type Confusion Vulnerability (ZDI-19-626)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "34220: ZDI-CAN-7754,7755,7853-7855: Zero Day Initiative Vulnerability (Microsoft Windows)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    35038: HTTP: Phoenix Contact Automationworx BCP File Parsing Out-Of-Bounds Read Vulnerability (ZDI-19-579)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "35038: ZDI-CAN-7781: Zero Day Initiative Vulnerability (Phoenix Contact Automationworx)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    35040: HTTP: Phoenix Contact Automationworx BCP File Parsing Uninitialized Pointer (ZDI-19-575)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "35040: ZDI-CAN-7784: Zero Day Initiative Vulnerability (Phoenix Contact Automationworx)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    35042: HTTP: Phoenix Contact Automationworx BCP File Parsing Use-After-Free Vulnerability (ZDI-19-577)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "35042: ZDI-CAN-7786: Zero Day Initiative Vulnerability (Phoenix Contact Automationworx)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    35297: HTTP: Red Lion Crimson CD3 Parsing Buffer Overflow Vulnerability (ZDI-19-784)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "35297: ZDI-CAN-8167: Zero Day Initiative Vulnerability (Red Lion Crimson)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    35298: HTTP: Red Lion Crimson CD3 File Parsing Uninitialized Pointer Vulnerability (ZDI-19-786)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "35298: ZDI-CAN-8168: Zero Day Initiative Vulnerability (Red Lion Crimson)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    35329: HTTP: Red Lion Crimson CD31 File Parsing Out-Of-Bounds Read Vulnerability (ZDI-19-794)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "35329: ZDI-CAN-8300: Zero Day Initiative Vulnerability (Red Lion Crimson)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    35332: HTTP: Red Lion Crimson CD31 File Parsing Out-Of-Bounds Read Vulnerability (ZDI-19-795)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "35332: ZDI-CAN-8302: Zero Day Initiative Vulnerability (Red Lion Crimson)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    35333: HTTP: Red Lion Crimson CD31 File Parsing Out-Of-Bounds Read Vulnerability (ZDI-19-792)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "35333: ZDI-CAN-8305: Zero Day Initiative Vulnerability (Red Lion Crimson)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    35334: HTTP: Red Lion Crimson CD31 File Parsing Out-Of-Bounds Read Vulnerability (ZDI-19-796)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "35334: ZDI-CAN-8307: Zero Day Initiative Vulnerability (Red Lion Crimson)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    35346: HTTP: Red Lion Crimson CD31 File Parsing Use-After-Free Vulnerability (ZDI-19-797)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "35346: ZDI-CAN-8310: Zero Day Initiative Vulnerability (Red Lion Crimson)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    35396: HTTP: Rockwell Automation Arena Simulation DOE File Parsing Use-After-Free Vulnerability(ZDI-19-692)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "35396: ZDI-CAN-8012: Zero Day Initiative Vulnerability (Rockwell Automation Arena Simulation)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    35397: HTTP: Rockwell Automation Arena Simulation DOE File Parsing Use-After-Free Vulnerability(ZDI-19-694)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "35397: ZDI-CAN-8013: Zero Day Initiative Vulnerability (Rockwell Automation Arena Simulation)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    35399: HTTP: Rockwell Automation Arena Simulation DOE File Parsing Use-After-Free Vulnerability(ZDI-19-695)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "35399: ZDI-CAN-8014: Zero Day Initiative Vulnerability (Rockwell Automation Arena Simulation)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    36143: HTTP: Cisco Data Center Network Manager persistUserInfo SQL Injection Vulnerability (ZDI-20-016)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Vulnerability references updated.

    36337: HTTP: Cisco Data Center Network Manager getRpmJobLength SQL Injection Vulnerability (ZDI-20-112)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "36337: ZDI-CAN-9360: Zero Day Initiative Vulnerability (Cisco Data Center Network Manager)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    36352: HTTP: Cisco Data Center Network Manager getSanZoneList SQL Injection Vulnerability (ZDI-20-064)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "36352: ZDI-CAN-9169: Zero Day Initiative Vulnerability (Cisco Data Center Network Manager)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    36353: HTTP: Cisco Data Center Network Manager getVsanList SQL Injection Vulnerability (ZDI-20-063)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "36353: ZDI-CAN-9168: Zero Day Initiative Vulnerability (Cisco Data Center Network Manager)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    36733: HTTP: Advantech WebAccess/NMS saveBackground Unrestricted File Upload Vulnerability (ZDI-20-373)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "36733: ZDI-CAN-9566: Zero Day Initiative Vulnerability (Advantech WebAccess/NMS)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    36735: HTTP: Advantech WebAccess/NMS searchDevice SQL Injection Vulnerability (ZDI-20-375)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "36735: ZDI-CAN-9568: Zero Day Initiative Vulnerability (Advantech WebAccess/NMS)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    36736: HTTP: Advantech WebAccess/NMS mibBrowserSetAction SQL Injection Vulnerability (ZDI-20-376)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "36736: ZDI-CAN-9569: Zero Day Initiative Vulnerability (Advantech WebAccess/NMS)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    36737: HTTP: Advantech WebAccess/NMS EMSgroupAction SQL Injection Vulnerability (ZDI-20-377)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "36737: ZDI-CAN-9570: Zero Day Initiative Vulnerability (Advantech WebAccess/NMS)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    36738: HTTP: Advantech WebAccess/NMS saveBackground SQL Injection Vulnerability (ZDI-20-378)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "36738: ZDI-CAN-9571: Zero Day Initiative Vulnerability (Advantech WebAccess/NMS)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    36739: HTTP: Advantech WebAccess/NMS saveBackgroundAction Directory Traversal Vulnerability (ZDI-20-379)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "36739: ZDI-CAN-9572: Zero Day Initiative Vulnerability (Advantech WebAccess/NMS)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    36746: HTTP: Advantech WebAccess/NMS LicenseImportAction Unrestricted File Upload (ZDI-20-385)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "36746: ZDI-CAN-9578: Zero Day Initiative Vulnerability (Advantech WebAccess/NMS)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    36751: HTTP: Advantech WebAccess/NMS SupportDeviceaddAction Arbitrary File Upload (ZDI-20-397)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "36751: ZDI-CAN-9602: Zero Day Initiative Vulnerability (Advantech WebAccess/NMS)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

  Modified Filters (metadata changes only):
    * = Enabled in Default deployments

    33861: HTTP: HPE Intelligent Management Center Code Execution Vulnerability (ZDI-19-295,ZDI-20-156)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "33861: HTTP: HPE Intelligent Management Center iccSelectRules Code Execution Vulnerability (ZDI-19-295)".
      - Description updated.
      - Vulnerability references updated.

    34461: HTTP: HPE IMC Expression Language Injection Vulnerability (ZDI-19-518,ZDI-20-171)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "34461: HTTP: HPE Intelligent Management Center Expression Language Injection Vulnerability (ZDI-19-518)".
      - Description updated.
      - Vulnerability references updated.

    34583: HTTP: HPE IMC Expression Language Injection Vulnerability (ZDI-19-519,ZDI-20-191)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "34583: HTTP: HPE Intelligent Management Center Expression Language Injection Vulnerability (ZDI-19-519)".
      - Description updated.
      - Vulnerability references updated.

  Removed Filters: None
Top of the Page
Need More Help?

Digital Vaccine #9413
