Summary
Digital Vaccine #9438 August 11, 2020
Details
| Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs. New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com. SMS customers can update the Digital Vaccine through the SMS client. From the top-line menu, you can open the "File > Download Digital Vaccine from TMC" menu item to detect and load the latest update. |
| System Requirements |
| The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above, all NGFW and all TPS systems. The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance. Please note that vTPS does not currently support pre-disclosed ZDI filters. |
| Microsoft Security Bulletins This DV includes coverage for the Microsoft vulnerabilities released on or before August 11, 2020. The following table maps TippingPoint filters to the Microsoft CVEs. | ||
| CVE | Filter | Status |
| CVE-2020-0604 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1046 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1337 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1339 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1377 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1378 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1379 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1380 | 37955 | |
| CVE-2020-1383 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1417 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1455 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1459 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1464 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1466 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1467 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1470 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1472 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1473 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1474 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1475 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1476 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1477 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1478 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1479 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1480 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1483 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1484 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1485 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1486 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1487 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1488 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1489 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1490 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1492 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1493 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1494 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1495 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1496 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1497 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1498 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1499 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1500 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1501 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1502 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1503 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1504 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1505 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1509 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1510 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1511 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1512 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1513 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1514 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1515 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1516 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1517 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1518 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1519 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1520 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1521 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1522 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1524 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1525 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1527 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1528 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1529 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1530 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1531 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1533 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1534 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1535 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1536 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1537 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1538 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1539 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1540 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1541 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1542 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1543 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1544 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1545 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1546 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1547 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1548 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1549 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1550 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1551 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1552 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1553 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1554 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1555 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1556 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1557 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1558 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1560 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1561 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1562 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1563 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1564 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1565 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1566 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1567 | 37954 | |
| CVE-2020-1568 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1569 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1570 | 37953 | |
| CVE-2020-1571 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1573 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1574 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1577 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1578 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1579 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1580 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1581 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1582 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1583 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1584 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1585 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1587 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1591 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-1597 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| Filters marked with * shipped prior to this DV, providing zero-day protection. | ||
| The Digital Vaccine can be manually downloaded from the following URLs: https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9438.pkg https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9438.pkg |
Update Details
Table of Contents
--------------------------
Filters
New Filters - 25
Modified Filters (logic changes) - 16
Modified Filters (metadata changes only) - 3
Removed Filters - 0
Filters
----------------
New Filters:
37928: HTTP: Python User-Agent Usage
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Security Policy
- Severity: Low
- Description: This filter detects an HTTP request from a client using a Python user-agent.
- Deployment: Not enabled by default in any deployment.
- Classification: Security Policy - Other
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: August 11, 2020
37932: ZDI-CAN-11236: Zero Day Initiative Vulnerability (Trend Micro Apex One)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Trend Micro Apex One.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
- Release Date: August 11, 2020
37940: HTTP: NetSupport Manager RAT Request
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Security Policy
- Severity: Moderate
- Description: This filter detects a NetSupport Manager RAT Request.
- Deployment: Not enabled by default in any deployment.
- Classification: Security Policy - Other
- Protocol: HTTP
- Platform: Multi-Platform Client Application
- Release Date: August 11, 2020
37941: HTTP: Apache Kylin REST API DiagnosisService Command Injection Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a command injection vulnerability in Apache Kylin.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2020-13925
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: August 11, 2020
37942: ZDI-CAN-11237: Zero Day Initiative Vulnerability (Trend Micro Apex One)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Trend Micro Apex One.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
- Release Date: August 11, 2020
37943: ZDI-CAN-11352: Zero Day Initiative Vulnerability (D-Link DCS-960L)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting D-Link DCS-960L.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
- Release Date: August 11, 2020
37944: ZDI-CAN-11360: Zero Day Initiative Vulnerability (D-Link DCS-960L)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting D-Link DCS-960L.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
- Release Date: August 11, 2020
37945: ZDI-CAN-11431: Zero Day Initiative Vulnerability (Trend Micro Vulnerability Protection)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Trend Micro Vulnerability Protection.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
- Release Date: August 11, 2020
37946: ZDI-CAN-11446: Zero Day Initiative Vulnerability (Microsoft Office Excel)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Office Excel.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
- Release Date: August 11, 2020
37948: ZDI-CAN-11486: Zero Day Initiative Vulnerability (Microsoft 3D Builder)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft 3D Builder.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
- Release Date: August 11, 2020
37949: ZDI-CAN-11502: Zero Day Initiative Vulnerability (Hewlett Packard Enterprise Universal API)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Hewlett Packard Enterprise Universal API.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
- Release Date: August 11, 2020
37950: ZDI-CAN-11516: Zero Day Initiative Vulnerability (Microsoft Office Excel)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Office Excel.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
- Release Date: August 11, 2020
37951: ZDI-CAN-11524: Zero Day Initiative Vulnerability (Microsoft Office Excel)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Office Excel.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
- Release Date: August 11, 2020
37952: ZDI-CAN-11529: Zero Day Initiative Vulnerability (Microsoft Office Excel)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Office Excel.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
- Release Date: August 11, 2020
37953: HTTP: Microsoft Internet Explorer Remote Code Execution Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a remote code execution vulnerability in Microsoft Internet Explorer.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2020-1570
- Classification: Vulnerability - Other
- Protocol: HTTP
- Platform: Windows Client Application
- Release Date: August 11, 2020
37954: HTTP: Microsoft Internet Explorer Use-After-Free Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a use-after-free vulnerability in Microsoft Internet Explorer.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2020-1567
- Classification: Vulnerability - Other
- Protocol: HTTP
- Platform: Windows Client Application
- Release Date: August 11, 2020
37955: HTTP: Microsoft Internet Explorer Use-After-Free Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a use-after-free vulnerability in Microsoft Internet Explorer.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2020-1380
- Classification: Vulnerability - Other
- Protocol: HTTP
- Platform: Windows Client Application
- Release Date: August 11, 2020
37956: ZDI-CAN-11568: Zero Day Initiative Vulnerability (Trend Micro ServerProtect)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Trend Micro ServerProtect.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
- Release Date: August 11, 2020
37957: ZDI-CAN-11569: Zero Day Initiative Vulnerability (Trend Micro ServerProtect)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Trend Micro ServerProtect.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
- Release Date: August 11, 2020
37958: HTTP: Cisco Adaptive Security Appliance Directory Traversal Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Vulnerabilities
- Severity: High
- Description: This filter detects an attempt to exploit a directory traversal vulnerability in Cisco Adaptive Security Appliance.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2020-3187
- Classification: Vulnerability - Other
- Protocol: HTTP
- Platform: Networked Hardware Device Application or Service
- Release Date: August 11, 2020
37959: NBNS: Nmap Scripting Engine smb2-capabilities Detection (ATT&CK T1016,T1046)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Security Policy
- Severity: Moderate
- Description: This filter detects a smb2-capabilities scan attempt by the Nmap Scripting Engine (NSE).
- Deployment: Not enabled by default in any deployment.
- Classification: Reconnaissance / Suspicious Access - Other
- Protocol: Netbios
- Platform: Multi-Platform Server Application or Service
- Release Date: August 11, 2020
37960: SMB: Nmap Scripting Engine smb2-security-mode Detection (ATT&CK T1016,T1046)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Security Policy
- Severity: Moderate
- Description: This filter detects a smb2-security-mode scan attempt by the Nmap Scripting Engine (NSE).
- Deployment: Not enabled by default in any deployment.
- Classification: Reconnaissance / Suspicious Access - Other
- Protocol: SMB
- Platform: Multi-Platform Server Application or Service
- Release Date: August 11, 2020
37961: SMB: Microsoft Windows SMBv1 Code Execution Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a code execution vulnerability in Microsoft Windows.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2017-0148
- Classification: Vulnerability - Other
- Protocol: SMB
- Platform: Windows Server Application or Service
- Release Date: August 11, 2020
37962: SMB: Nmap Scripting Engine NTLMSSP Negotiation Request (ATT&CK T1033,T1046,T1082,T1087,T1135,T1018)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Security Policy
- Severity: Moderate
- Description: This filter detects an NTLMSSP negotiation request by the Nmap Scripting Engine (NSE).
- Deployment: Not enabled by default in any deployment.
- Classification: Reconnaissance / Suspicious Access - Other
- Protocol: SMB
- Platform: Multi-Platform Server Application or Service
- Release Date: August 11, 2020
37963: HTTP: Pandora FMS Command Injection Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a command injection vulnerability in Pandora FMS.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2020-13851
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: August 11, 2020
Modified Filters (logic changes):
* = Enabled in Default deployments
0352: HTTP: Shell Command Execution (chown command)
- IPS Version: 1.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
- Release Date: December 31, 2005
- Last Modified Date: August 11, 2020
22622: HTTP: ThinkPHP Framework Code Injection Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
- Release Date: February 02, 2016
- Last Modified Date: August 11, 2020
33849: HTTP: HPE Intelligent Management Center sshConfig Code Execution Vulnerability (ZDI-19-301,20-187)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
- Release Date: December 25, 2018
- Last Modified Date: August 11, 2020
34932: ZDI-CAN-11200,11381-9,11390-9,11400-11417: Zero Day Initiative Vulnerability (Micro Focus)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Name changed from "34932: ZDI-CAN-11200,11381-9,11390-8: Zero Day Initiative Vulnerability (Micro Focus)".
- Detection logic updated.
- Vulnerability references updated.
- Release Date: July 07, 2020
- Last Modified Date: August 11, 2020
36755: HTTP: Advantech WebAccess/NMS ConfigRestoreAction File Upload Vulnerability (ZDI-20-402)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "36755: ZDI-CAN-9627: Zero Day Initiative Vulnerability (Advantech WebAccess/NMS)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
- Release Date: December 03, 2019
- Last Modified Date: August 11, 2020
36936: HTTP: Cisco UCS Director CopyFileRunnable run Symlink Following Code Execution (ZDI-20-541)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "36936: ZDI-CAN-9593: Zero Day Initiative Vulnerability (Cisco UCS)".
- Severity changed from "High" to "Critical".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
- Release Date: February 04, 2020
- Last Modified Date: August 11, 2020
37127: HTTP: CentOS Web Panel ajax_mod_security Command Injection Vulnerability (ZDI-20-742)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "37127: ZDI-CAN-9742: Zero Day Initiative Vulnerability (CentOS Web Panel)".
- Category changed from "Exploits" to "Vulnerabilities".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
- Release Date: February 18, 2020
- Last Modified Date: August 11, 2020
37128: HTTP: CentOS Web Panel ajax_migration_cpanel filespace Command Injection Vulnerability (ZDI-20-749)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "37128: ZDI-CAN-9743: Zero Day Initiative Vulnerability (CentOS Web Panel)".
- Category changed from "Exploits" to "Vulnerabilities".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
- Release Date: February 18, 2020
- Last Modified Date: August 11, 2020
37129: HTTP: CentOS Web Panel ajax_php_pecl canal Command Injection Vulnerability (ZDI-20-751)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "37129: ZDI-CAN-9745: Zero Day Initiative Vulnerability (CentOS Web Panel)".
- Category changed from "Exploits" to "Vulnerabilities".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
- Release Date: February 18, 2020
- Last Modified Date: August 11, 2020
37130: HTTP: CentOS Web Panel ajax_ftp_manager Command Injection Vulnerability (ZDI-20-762)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "37130: ZDI-CAN-9746: Zero Day Initiative Vulnerability (CentOS Web Panel)".
- Category changed from "Exploits" to "Vulnerabilities".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
- Release Date: February 18, 2020
- Last Modified Date: August 11, 2020
37149: HTTP: CentOS Web Panel ajax_new_account domain SQL Injection Vulnerability (ZDI-20-771)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "37149: ZDI-CAN-9727: Zero Day Initiative Vulnerability (CentOS Web Panel)".
- Category changed from "Exploits" to "Vulnerabilities".
- Severity changed from "Critical" to "High".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
- Release Date: February 25, 2020
- Last Modified Date: August 11, 2020
37150: HTTP: CentOS Web Panel ajax_add_mailbox username SQL Injection Vulnerability (ZDI-20-772)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "37150: ZDI-CAN-9729: Zero Day Initiative Vulnerability (CentOS Web Panel)".
- Category changed from "Exploits" to "Vulnerabilities".
- Severity changed from "Critical" to "High".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
- Release Date: February 25, 2020
- Last Modified Date: August 11, 2020
37152: HTTP: CentOS Web Panel ajax_ftp_manager userLogin Command Injection Vulnerability (ZDI-20-759)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "37152: ZDI-CAN-9737: Zero Day Initiative Vulnerability (CentOS Web Panel)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
- Release Date: February 25, 2020
- Last Modified Date: August 11, 2020
37154: HTTP: CentOS Web Panel ajax_mail_autoreply account SQL Injection Vulnerability (ZDI-20-774)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "37154: ZDI-CAN-9738: Zero Day Initiative Vulnerability (CentOS Web Panel)".
- Severity changed from "Critical" to "High".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
- Release Date: February 25, 2020
- Last Modified Date: August 11, 2020
37601: HTTP: Advantech iView DeviceTreeTable getUpdateDeviceListDetails SQL Injection (ZDI-20-865)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "37601: ZDI-CAN-10717: Zero Day Initiative Vulnerability (Advantech iView)".
- Severity changed from "Critical" to "High".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
- Release Date: April 14, 2020
- Last Modified Date: August 11, 2020
37693: HTTP: Advantech iView NetworkServlet restoreDatabase Command Injection Vulnerability (ZDI-20-831)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "37693: ZDI-CAN-10645: Zero Day Initiative Vulnerability (Advantech iView)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
- Release Date: May 05, 2020
- Last Modified Date: August 11, 2020
Modified Filters (metadata changes only):
* = Enabled in Default deployments
37813: TCP: XMRig Miner - (Login Request)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Miscellaneous modification.
- Release Date: June 30, 2020
- Last Modified Date: August 11, 2020
* 37841: HTTP: F5 BIG-IP TMUI Code Execution Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Release Date: July 07, 2020
- Last Modified Date: August 11, 2020
37896: SMB: Nmap Scripting Engine smb-os-discovery Detection (ATT&CK T1033,T1046,T1082,T1087)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "37896: SMB: Nmap Scripting Engine smb-os-discovery Detection".
- Release Date: July 28, 2020
- Last Modified Date: August 11, 2020
Removed Filters: None
Top of the Page
