Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Digital Vaccine #9438

    • Updated:
    • 12 Aug 2020
    • Product/Version:
    • TippingPoint Digital Vaccine
    • Platform:
Summary
Digital Vaccine #9438      August 11, 2020
Details
Public
Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs.

New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com.

SMS customers can update the Digital Vaccine through the SMS client. From the top-line menu, you can open the "File > Download Digital Vaccine from TMC" menu item to detect and load the latest update.
 
System Requirements
The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above,  all NGFW and all TPS systems. The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance. Please note that vTPS does not currently support pre-disclosed ZDI filters.
 
Microsoft Security Bulletins
This DV includes coverage for the Microsoft vulnerabilities released on or before August 11, 2020. The following table maps TippingPoint filters to the Microsoft CVEs.
CVEFilterStatus
CVE-2020-0604 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1046 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1337 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1339 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1377 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1378 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1379 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-138037955 
CVE-2020-1383 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1417 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1455 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1459 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1464 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1466 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1467 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1470 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1472 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1473 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1474 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1475 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1476 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1477 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1478 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1479 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1480 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1483 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1484 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1485 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1486 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1487 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1488 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1489 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1490 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1492 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1493 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1494 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1495 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1496 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1497 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1498 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1499 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1500 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1501 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1502 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1503 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1504 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1505 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1509 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1510 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1511 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1512 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1513 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1514 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1515 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1516 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1517 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1518 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1519 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1520 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1521 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1522 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1524 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1525 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1527 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1528 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1529 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1530 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1531 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1533 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1534 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1535 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1536 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1537 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1538 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1539 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1540 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1541 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1542 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1543 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1544 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1545 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1546 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1547 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1548 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1549 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1550 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1551 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1552 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1553 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1554 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1555 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1556 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1557 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1558 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1560 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1561 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1562 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1563 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1564 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1565 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1566 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-156737954 
CVE-2020-1568 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1569 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-157037953 
CVE-2020-1571 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1573 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1574 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1577 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1578 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1579 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1580 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1581 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1582 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1583 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1584 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1585 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1587 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1591 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1597 Vendor Deemed Reproducibility or Exploitation Unlikely
Filters marked with * shipped prior to this DV, providing zero-day protection.
 
The Digital Vaccine can be manually downloaded from the following URLs:
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9438.pkg
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9438.pkg

Update Details

Table of Contents
--------------------------

Filters
 New Filters - 25
 Modified Filters (logic changes) - 16
 Modified Filters (metadata changes only) - 3
 Removed Filters - 0

Filters
----------------
 New Filters:
    37928: HTTP: Python User-Agent Usage
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects an HTTP request from a client using a Python user-agent.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: August 11, 2020

    37932: ZDI-CAN-11236: Zero Day Initiative Vulnerability (Trend Micro Apex One)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Trend Micro Apex One.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: August 11, 2020

    37940: HTTP: NetSupport Manager RAT Request
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Moderate
      - Description: This filter detects a NetSupport Manager RAT Request.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application
      - Release Date: August 11, 2020

    37941: HTTP: Apache Kylin REST API DiagnosisService Command Injection Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a command injection vulnerability in Apache Kylin.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-13925
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: August 11, 2020

    37942: ZDI-CAN-11237: Zero Day Initiative Vulnerability (Trend Micro Apex One)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Trend Micro Apex One.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: August 11, 2020

    37943: ZDI-CAN-11352: Zero Day Initiative Vulnerability (D-Link DCS-960L)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting D-Link DCS-960L.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: August 11, 2020

    37944: ZDI-CAN-11360: Zero Day Initiative Vulnerability (D-Link DCS-960L)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting D-Link DCS-960L.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: August 11, 2020

    37945: ZDI-CAN-11431: Zero Day Initiative Vulnerability (Trend Micro Vulnerability Protection)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Trend Micro Vulnerability Protection.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: August 11, 2020

    37946: ZDI-CAN-11446: Zero Day Initiative Vulnerability (Microsoft Office Excel)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Office Excel.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: August 11, 2020

    37948: ZDI-CAN-11486: Zero Day Initiative Vulnerability (Microsoft 3D Builder)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft 3D Builder.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: August 11, 2020

    37949: ZDI-CAN-11502: Zero Day Initiative Vulnerability (Hewlett Packard Enterprise Universal API)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Hewlett Packard Enterprise Universal API.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: August 11, 2020

    37950: ZDI-CAN-11516: Zero Day Initiative Vulnerability (Microsoft Office Excel)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Office Excel.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: August 11, 2020

    37951: ZDI-CAN-11524: Zero Day Initiative Vulnerability (Microsoft Office Excel)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Office Excel.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: August 11, 2020

    37952: ZDI-CAN-11529: Zero Day Initiative Vulnerability (Microsoft Office Excel)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Office Excel.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: August 11, 2020

    37953: HTTP: Microsoft Internet Explorer Remote Code Execution Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a remote code execution vulnerability in Microsoft Internet Explorer.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-1570
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Windows Client Application
      - Release Date: August 11, 2020

    37954: HTTP: Microsoft Internet Explorer Use-After-Free Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Microsoft Internet Explorer.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-1567
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Windows Client Application
      - Release Date: August 11, 2020

    37955: HTTP: Microsoft Internet Explorer Use-After-Free Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Microsoft Internet Explorer.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-1380
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Windows Client Application
      - Release Date: August 11, 2020

    37956: ZDI-CAN-11568: Zero Day Initiative Vulnerability (Trend Micro ServerProtect)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Trend Micro ServerProtect.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: August 11, 2020

    37957: ZDI-CAN-11569: Zero Day Initiative Vulnerability (Trend Micro ServerProtect)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Trend Micro ServerProtect.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: August 11, 2020

    37958: HTTP: Cisco Adaptive Security Appliance Directory Traversal Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter detects an attempt to exploit a directory traversal vulnerability in Cisco Adaptive Security Appliance.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-3187
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Networked Hardware Device Application or Service
      - Release Date: August 11, 2020

    37959: NBNS: Nmap Scripting Engine smb2-capabilities Detection (ATT&CK T1016,T1046)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Moderate
      - Description: This filter detects a smb2-capabilities scan attempt by the Nmap Scripting Engine (NSE).
      - Deployment: Not enabled by default in any deployment.
      - Classification: Reconnaissance / Suspicious Access - Other
      - Protocol: Netbios
      - Platform: Multi-Platform Server Application or Service
      - Release Date: August 11, 2020

    37960: SMB: Nmap Scripting Engine smb2-security-mode Detection (ATT&CK T1016,T1046)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Moderate
      - Description: This filter detects a smb2-security-mode scan attempt by the Nmap Scripting Engine (NSE).
      - Deployment: Not enabled by default in any deployment.
      - Classification: Reconnaissance / Suspicious Access - Other
      - Protocol: SMB
      - Platform: Multi-Platform Server Application or Service
      - Release Date: August 11, 2020

    37961: SMB: Microsoft Windows SMBv1 Code Execution Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a code execution vulnerability in Microsoft Windows.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2017-0148
      - Classification: Vulnerability - Other
      - Protocol: SMB
      - Platform: Windows Server Application or Service
      - Release Date: August 11, 2020

    37962: SMB: Nmap Scripting Engine NTLMSSP Negotiation Request (ATT&CK T1033,T1046,T1082,T1087,T1135,T1018)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Moderate
      - Description: This filter detects an NTLMSSP negotiation request by the Nmap Scripting Engine (NSE).
      - Deployment: Not enabled by default in any deployment.
      - Classification: Reconnaissance / Suspicious Access - Other
      - Protocol: SMB
      - Platform: Multi-Platform Server Application or Service
      - Release Date: August 11, 2020

    37963: HTTP: Pandora FMS Command Injection Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a command injection vulnerability in Pandora FMS.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-13851
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: August 11, 2020

  Modified Filters (logic changes):
    * = Enabled in Default deployments

    0352: HTTP: Shell Command Execution (chown command)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Release Date: December 31, 2005
      - Last Modified Date: August 11, 2020

    22622: HTTP: ThinkPHP Framework Code Injection Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Release Date: February 02, 2016
      - Last Modified Date: August 11, 2020

    33849: HTTP: HPE Intelligent Management Center sshConfig Code Execution Vulnerability (ZDI-19-301,20-187)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: December 25, 2018
      - Last Modified Date: August 11, 2020

    34932: ZDI-CAN-11200,11381-9,11390-9,11400-11417: Zero Day Initiative Vulnerability (Micro Focus)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Name changed from "34932: ZDI-CAN-11200,11381-9,11390-8: Zero Day Initiative Vulnerability (Micro Focus)".
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: July 07, 2020
      - Last Modified Date: August 11, 2020

    36755: HTTP: Advantech WebAccess/NMS ConfigRestoreAction File Upload Vulnerability (ZDI-20-402)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "36755: ZDI-CAN-9627: Zero Day Initiative Vulnerability (Advantech WebAccess/NMS)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: December 03, 2019
      - Last Modified Date: August 11, 2020

    36936: HTTP: Cisco UCS Director CopyFileRunnable run Symlink Following Code Execution (ZDI-20-541)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "36936: ZDI-CAN-9593: Zero Day Initiative Vulnerability (Cisco UCS)".
      - Severity changed from "High" to "Critical".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: February 04, 2020
      - Last Modified Date: August 11, 2020

    37127: HTTP: CentOS Web Panel ajax_mod_security Command Injection Vulnerability (ZDI-20-742)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37127: ZDI-CAN-9742: Zero Day Initiative Vulnerability (CentOS Web Panel)".
      - Category changed from "Exploits" to "Vulnerabilities".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: February 18, 2020
      - Last Modified Date: August 11, 2020

    37128: HTTP: CentOS Web Panel ajax_migration_cpanel filespace Command Injection Vulnerability (ZDI-20-749)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37128: ZDI-CAN-9743: Zero Day Initiative Vulnerability (CentOS Web Panel)".
      - Category changed from "Exploits" to "Vulnerabilities".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: February 18, 2020
      - Last Modified Date: August 11, 2020

    37129: HTTP: CentOS Web Panel ajax_php_pecl canal Command Injection Vulnerability (ZDI-20-751)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37129: ZDI-CAN-9745: Zero Day Initiative Vulnerability (CentOS Web Panel)".
      - Category changed from "Exploits" to "Vulnerabilities".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: February 18, 2020
      - Last Modified Date: August 11, 2020

    37130: HTTP: CentOS Web Panel ajax_ftp_manager Command Injection Vulnerability (ZDI-20-762)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37130: ZDI-CAN-9746: Zero Day Initiative Vulnerability (CentOS Web Panel)".
      - Category changed from "Exploits" to "Vulnerabilities".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: February 18, 2020
      - Last Modified Date: August 11, 2020

    37149: HTTP: CentOS Web Panel ajax_new_account domain SQL Injection Vulnerability (ZDI-20-771)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37149: ZDI-CAN-9727: Zero Day Initiative Vulnerability (CentOS Web Panel)".
      - Category changed from "Exploits" to "Vulnerabilities".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: February 25, 2020
      - Last Modified Date: August 11, 2020

    37150: HTTP: CentOS Web Panel ajax_add_mailbox username SQL Injection Vulnerability (ZDI-20-772)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37150: ZDI-CAN-9729: Zero Day Initiative Vulnerability (CentOS Web Panel)".
      - Category changed from "Exploits" to "Vulnerabilities".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: February 25, 2020
      - Last Modified Date: August 11, 2020

    37152: HTTP: CentOS Web Panel ajax_ftp_manager userLogin Command Injection Vulnerability (ZDI-20-759)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37152: ZDI-CAN-9737: Zero Day Initiative Vulnerability (CentOS Web Panel)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: February 25, 2020
      - Last Modified Date: August 11, 2020

    37154: HTTP: CentOS Web Panel ajax_mail_autoreply account SQL Injection Vulnerability (ZDI-20-774)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37154: ZDI-CAN-9738: Zero Day Initiative Vulnerability (CentOS Web Panel)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: February 25, 2020
      - Last Modified Date: August 11, 2020

    37601: HTTP: Advantech iView DeviceTreeTable getUpdateDeviceListDetails SQL Injection (ZDI-20-865)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37601: ZDI-CAN-10717: Zero Day Initiative Vulnerability (Advantech iView)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: April 14, 2020
      - Last Modified Date: August 11, 2020

    37693: HTTP: Advantech iView NetworkServlet restoreDatabase Command Injection Vulnerability (ZDI-20-831)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37693: ZDI-CAN-10645: Zero Day Initiative Vulnerability (Advantech iView)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: May 05, 2020
      - Last Modified Date: August 11, 2020

  Modified Filters (metadata changes only):
    * = Enabled in Default deployments

    37813: TCP: XMRig Miner - (Login Request)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Miscellaneous modification.
      - Release Date: June 30, 2020
      - Last Modified Date: August 11, 2020

    * 37841: HTTP: F5 BIG-IP TMUI Code Execution Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Release Date: July 07, 2020
      - Last Modified Date: August 11, 2020

    37896: SMB: Nmap Scripting Engine smb-os-discovery Detection (ATT&CK T1033,T1046,T1082,T1087)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37896: SMB: Nmap Scripting Engine smb-os-discovery Detection".
      - Release Date: July 28, 2020
      - Last Modified Date: August 11, 2020

  Removed Filters: None

  
Top of the Page
Premium
Internal
Partner
Rating:
Category:
Configure; Troubleshoot; Deploy
Solution Id:
TP000261714
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.