Summary
Digital Vaccine #9422 June 9, 2020
Details
Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs. New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com. SMS customers can update the Digital Vaccine through the SMS client. From the top-line menu, you can open the "File > Download Digital Vaccine from TMC" menu item to detect and load the latest update. Note: Customers with TP10 devices should perform a soft reboot of their IPS before installing the new DV to avoid a memory issue during the install. |
System Requirements |
The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above, all NGFW and all TPS systems. The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance. Please note that vTPS does not currently support pre-disclosed ZDI filters. |
Microsoft Security Bulletins This DV includes coverage for the Microsoft vulnerabilities released on or before June 09, 2020. The following table maps TippingPoint filters to the Microsoft CVEs. | ||
CVE | Filter | Status |
CVE-2020-0915 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0916 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-0986 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1073 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1120 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1148 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1160 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1162 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1163 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1170 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1177 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1178 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1181 | 33325 | |
CVE-2020-1183 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1194 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1196 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1197 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1199 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1201 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1202 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1203 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1204 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1206 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1207 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1208 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1209 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1211 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1212 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1213 | 32939 | |
CVE-2020-1214 | 32907 | |
CVE-2020-1215 | 32901 | |
CVE-2020-1216 | 32894 | |
CVE-2020-1217 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1219 | 32738, *37604 | |
CVE-2020-1220 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1222 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1223 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1225 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1226 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1229 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1230 | 32851 | |
CVE-2020-1231 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1232 | *37243 | |
CVE-2020-1233 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1234 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1235 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1236 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1237 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1238 | *37335, *37368 | |
CVE-2020-1239 | *37367 | |
CVE-2020-1241 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1242 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1244 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1246 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1247 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1248 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1251 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1253 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1254 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1255 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1257 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1258 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1259 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1260 | 32913 | |
CVE-2020-1261 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1262 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1263 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1264 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1265 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1266 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1268 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1269 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1270 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1271 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1272 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1273 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1274 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1275 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1276 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1277 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1278 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1279 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1280 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1281 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1282 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1283 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1284 | 33432 | |
CVE-2020-1286 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1287 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1289 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1290 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1291 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1292 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1293 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1294 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1295 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1296 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1297 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1298 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1299 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1300 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1301 | 34458 | |
CVE-2020-1302 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1304 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1305 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1306 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1307 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1309 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1310 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1311 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1312 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1313 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1314 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1315 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1316 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1317 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1318 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1320 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1321 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1322 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1323 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1324 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1327 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1329 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1331 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1334 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1340 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1343 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1348 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
Filters marked with * shipped prior to this DV, providing zero-day protection. |
Adobe Security Bulletins This DV includes coverage for the Adobe vulnerabilities released on or before June 9, 2020. The following table maps TippingPoint filters to the Adobe CVEs. | ||
Bulletin | CVE | Status |
APSB20-30 | CVE-2020-9633 | Vendor Deemed Reproducibility or Exploitation Unlikely |
Filters marked with * shipped prior to this DV, providing zero-day protection. |
The Digital Vaccine can be manually downloaded from the following URLs: https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9422.pkg https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9422.pkg |
Update Details
Table of Contents
--------------------------
Filters
New Filters - 13
Modified Filters (logic changes) - 5
Modified Filters (metadata changes only) - 0
Removed Filters - 0
Filters
----------------
New Filters:
31350: DNS: Your-Freedom Configuration DNS Query Usage - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Moderate - Description: This filter detects DNS queries sent from Your-Freedom client. - Deployment: Not enabled by default in any deployment. - Classification: Security Policy - Other - Protocol: DNS - Platform: Multi-Platform Client Application 31391: HTTP: Zoho ManageEngine OpManager fluidicv2 UI Directory Traversal Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: High - Description: This filter detects an attempt to exploit a directory traversal vulnerability in Zoho ManageEngine. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2020-12116 - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: Multi-Platform Server Application or Service 31742: HTTP: Gila CMS Image Upload Code Execution Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a code execution vulnerability in Gila CMS. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2020-5514 CVSS 9.0 - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: Windows Client Application 32851: HTTP: Microsoft Internet Explorer Type Confusion Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a type confusion vulnerability in Microsoft Internet Explorer. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2020-1230 - Classification: Vulnerability - Other - Protocol: HTTP - Platform: Windows Client Application 32901: HTTP: Microsoft Internet Explorer Use-After-Free Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Microsoft Internet Explorer. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2020-1215 - Classification: Vulnerability - Other - Protocol: HTTP - Platform: Windows Client Application 32907: HTTP: Microsoft Internet Explorer Use-After-Free Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Microsoft Internet Explorer. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2020-1214 - Classification: Vulnerability - Other - Protocol: HTTP - Platform: Windows Client Application 32939: HTTP: Microsoft Internet Explorer Use-After-Free Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Microsoft Internet Explorer. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2020-1213 - Classification: Vulnerability - Other - Protocol: HTTP - Platform: Windows Client Application 32945: HTTP: OpenMRS Reference Application sessionLocation Cross-Site Scripting Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: High - Description: This filter detects an attempt to exploit a cross-site scripting vulnerability in OpenMRS Reference Application. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2020-5730 CVSS 4.3 - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: Multi-Platform Client Application 33185: HTTP: Rockwell Automation FactoryTalk RNADiagnosticsSrv Insecure Deserialization (ZDI-20-261) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit an insecure deserialization vulnerability in Rockwell Automation FactoryTalk. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - References: - Common Vulnerabilities and Exposures: CVE-2020-6967 CVSS 10.0 - Zero Day Initiative: ZDI-20-261 - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: Windows Server Application or Service 33325: HTTP: Microsoft SharePoint Web Part Arbitrary File Upload - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Moderate - Description: This filter detects the usage of an insecure file upload in Microsoft SharePoint. - Deployment: Not enabled by default in any deployment. - References: - Common Vulnerabilities and Exposures: CVE-2020-1181 - Classification: Vulnerability - Other - Protocol: HTTP - Platform: Windows Server Application or Service 33432: SMB: Microsoft Windows SMB Denial-of-Service Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: High - Description: This filter detects an attempt to exploit a denial-of-service vulnerability in Microsoft Windows SMB. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2020-1284 - Classification: Vulnerability - Denial of Service (Crash/Reboot) - Protocol: HTTP - Platform: Windows Server Application or Service 34458: SMB: Microsoft Windows SMBv1 Integer Underflow Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: High - Description: This filter detects an attempt to exploit an integer underflow vulnerability in Microsoft Windows. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2020-1301 - Classification: Vulnerability - Buffer/Heap Overflow - Protocol: SMB - Platform: Windows Server Application or Service 34925: HTTP: Squid Certificate Cross-Site Scripting Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a cross-site scripting vulnerability in Squid. - Deployment: Not enabled by default in any deployment. - References: - Common Vulnerabilities and Exposures: CVE-2018-19131 - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: Multi-Platform Server Application or Service Modified Filters (logic changes): * = Enabled in Default deployments * 31269: TCP: Zoho ManageEngine DataSecurity Plus Xnode Server Directory Traversal Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "31269: TCP: Zoho ManageEngine DataSecurity Xnode Server Directory Traversal Vulnerability". - Description updated. - Detection logic updated. - Vulnerability references updated. 36252: HTTP: Cisco Data Center Network Manager getVpcPeerHistory SQL Injection Vulnerability (ZDI-20-023) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "36252: ZDI-CAN-9052: Zero Day Initiative Vulnerability (Cisco Data Center Network Manager)". - Description updated. - Detection logic updated. - Vulnerability references updated. 36256: HTTP: Cisco Data Center Network Manager getDeviceModulesupport SQL Injection (ZDI-20-027) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "36256: ZDI-CAN-9062: Zero Day Initiative Vulnerability (Cisco Data Center Network Manager)". - Description updated. - Detection logic updated. - Vulnerability references updated. 36286: HTTP: Cisco Data Center Network Manager getSyslogEventList SQL Injection Vulnerability (ZDI-20-026) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "36286: ZDI-CAN-9070: Zero Day Initiative Vulnerability (Cisco Data Center Network Manager)". - Description updated. - Detection logic updated. - Vulnerability references updated. 37136: HTTP: Eaton Intelligent Power Manager mc2 Command Injection Vulnerability (ZDI-20-649) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Detection logic updated. - Vulnerability references updated. Modified Filters (metadata changes only): None Removed Filters: NoneTop of the Page