Summary
Digital Vaccine #9449 September 15, 2020
Details
Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs. New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com. SMS customers can update the Digital Vaccine through the SMS client. From the top-line menu, you can open the "File > Download Digital Vaccine from TMC" menu item to detect and load the latest update. |
System Requirements |
The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above, all NGFW and all TPS systems. The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance. Please note that vTPS does not currently support pre-disclosed ZDI filters. |
The Digital Vaccine can be manually downloaded from the following URLs: https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9449.pkg https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9449.pkg |
Update Details
Table of Contents
--------------------------
Filters
New Filters - 13
Modified Filters (logic changes) - 18
Modified Filters (metadata changes only) - 2
Removed Filters - 0
Filters
----------------
New Filters:
38104: HTTP: rConfig Network Device Configuration Tool configDevice.php Cross-Site Scripting Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a cross-site scripting vulnerability in rConfig Network Device Configuration Tool. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2020-12259 - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: UNIX/Linux Server Application or Service - Release Date: September 15, 2020 38107: XMPP: Cisco Jabber Message Handling Code Execution Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a code execution vulnerability in Cisco Jabber Message. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2020-3495 - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: Other Protocol - Platform: Windows Client Application - Release Date: September 15, 2020 38108: HTTP: Apache Struts2 File Upload Denial-of-Service Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: High - Description: This filter detects an attempt to exploit a denial-of-service vulnerability in Apache Struts2. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2019-0233 - Classification: Vulnerability - Denial of Service (Crash/Reboot) - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: September 15, 2020 38125: HTTP: Cacti Group Cacti color.php SQL Injection Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a SQL injection vulnerability in Cacti. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2020-14295 - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: September 15, 2020 38130: HTTP: Trend Micro ServerProtect Linux Command Injection Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a command injection vulnerability in Trend Micro ServerProtect for Linux. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: UNIX/Linux Server Application or Service - Release Date: September 15, 2020 38131: HTTP: Google Chrome WebGL Memory Corruption Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Google Chrome. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - References: - Common Vulnerabilities and Exposures: CVE-2020-6492 - Classification: Vulnerability - Other - Protocol: HTTP - Platform: Multi-Platform Client Application - Release Date: September 15, 2020 38133: HTTP: VirusTotal File Upload (Browser Extension) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Low - Description: This filter detects an attempt to upload a file to the VirusTotal website via the browser extension. - Deployment: Not enabled by default in any deployment. - Classification: Security Policy - Forbidden Application Access or Service Request - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: September 15, 2020 38134: HTTP: VirusTotal File Upload (Browser Main UI) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Low - Description: This filter detects an attempt to upload a file to the VirusTotal website via the browser main user interface. - Deployment: Not enabled by default in any deployment. - Classification: Security Policy - Forbidden Application Access or Service Request - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: September 15, 2020 38135: HTTP: VirusTotal File Upload (API) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Low - Description: This filter detects an attempt to upload a file to the VirusTotal website via the API interface. - Deployment: Not enabled by default in any deployment. - Classification: Security Policy - Forbidden Application Access or Service Request - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: September 15, 2020 38136: HTTP: Richfaces Framework Deserialization Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a deserialization vulnerability in the Richfaces framework. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2013-2165 - Classification: Vulnerability - Other - Protocol: HTTP - Platform: UNIX/Linux Server Application or Service - Release Date: September 15, 2020 38139: HTTP: Wibu-Systems CodeMeter Origin Validation Error Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: High - Description: This filter detects an attempt to exploit an improper origin validation vulnerability in Wibu-Systems CodeMeter. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2020-14519 - Classification: Vulnerability - Access Validation - Protocol: HTTP - Platform: Multi-Platform Client Application - Release Date: September 15, 2020 38141: HTTP: Microsoft Exchange Server New-DlpPolicy Remote Code Execution Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a remote code vulnerability in Microsoft Exchange Server. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2020-16875 - Classification: Vulnerability - Other - Protocol: HTTP - Platform: Windows Server Application or Service - Release Date: September 15, 2020 38166: MS-NRPC: Microsoft Windows Netlogon Zerologon Authentication Bypass Attempt - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: High - Description: This filter detects an attempt to exploit an authentication bypass vulnerability affecting Microsoft Windows Servers. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2020-1472 - Classification: Vulnerability - Access Validation - Protocol: RPC Services - Platform: Windows Server Application or Service - Release Date: September 15, 2020 Modified Filters (logic changes): * = Enabled in Default deployments 13135: HTTPS: Box.com Site Access (ATT&CK T1102) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Detection logic updated. - Release Date: September 03, 2013 - Last Modified Date: September 15, 2020 35158: HTTP: Microsoft Windows JET Database Engine Out-Of-Bounds Write Vulnerability (ZDI-20-1127) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "35158: ZDI-CAN-11128: Zero Day Initiative Vulnerability (Microsoft JET Database)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: June 16, 2020 - Last Modified Date: September 15, 2020 35440: HTTP: Microsoft Windows JET Database Engine Out-Of-Bounds Write Vulnerability (ZDI-20-1128) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "35440: ZDI-CAN-11153: Zero Day Initiative Vulnerability (Microsoft JET Database)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: June 16, 2020 - Last Modified Date: September 15, 2020 36255: HTTP: Cisco Data Center Network Manager getSwitches SQL Injection (ZDI-20-051, ZDI-20-052) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "36255: ZDI-CAN-9060,9068: Zero Day Initiative Vulnerability (Cisco Data Center Network Manager)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: October 08, 2019 - Last Modified Date: September 15, 2020 36647: HTTP: Cisco Data Center Network Manager getSanSwitchBandwidthStatList SQL Injection (ZDI-20-082) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "36647: ZDI-CAN-9202: Zero Day Initiative Vulnerability (Cisco Data Center Network Manager)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: November 19, 2019 - Last Modified Date: September 15, 2020 36907: HTTP: IBM Spectrum Protect Plus hostname Command Injection Vulnerability (ZDI-20-273) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Detection logic updated. - Vulnerability references updated. - Release Date: January 21, 2020 - Last Modified Date: September 15, 2020 * 37043: HTTP: Microsoft Internet Explorer Use-After-Free Vulnerability (ZDI-20-1123) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37043: ZDI-CAN-10834: Zero Day Initiative Vulnerability (Microsoft Internet Explorer)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: June 23, 2020 - Last Modified Date: September 15, 2020 37047: HTTP: Microsoft Visual Studio DDS File Parsing Integer Overflow Vulnerability (ZDI-20-1120) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37047: ZDI-CAN-11095: Zero Day Initiative Vulnerability (Microsoft Visual Studio)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: June 23, 2020 - Last Modified Date: September 15, 2020 37055: HTTP: Microsoft Visual Studio DDS File Parsing Integer Overflow Vulnerability (ZDI-20-1121) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37055: ZDI-CAN-11156: Zero Day Initiative Vulnerability (Microsoft Visual Studio)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: June 23, 2020 - Last Modified Date: September 15, 2020 37231: HTTP: Delta Industrial Automation DOPSoft DPA File Parsing Out-Of-Bounds Read (ZDI-20-798) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37231: ZDI-CAN-10459: Zero Day Initiative Vulnerability (Delta Industrial Automation DOPSoft)". - Severity changed from "Critical" to "High". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: March 03, 2020 - Last Modified Date: September 15, 2020 37458: HTTP: WECON LeviStudioU AlarmSet bitaddr Buffer Overflow Vulnerability (ZDI-20-1070) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37458: ZDI-CAN-10489: Zero Day Initiative Vulnerability (WECON LeviStudioU)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: April 07, 2020 - Last Modified Date: September 15, 2020 37479: HTTP: WECON LeviStudioU AlarmSet WordAddr9 Buffer Overflow Vulnerability (ZDI-20-1069) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37479: ZDI-CAN-10548: Zero Day Initiative Vulnerability (WECON LeviStudioU)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: April 07, 2020 - Last Modified Date: September 15, 2020 37660: HTTP: Delta Industrial Automation CNCSoft ScreenEditor DPB Out-Of-Bounds Read (ZDI-20-942) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37660: ZDI-CAN-10882: Zero Day Initiative Vulnerability (Delta Industrial Automation CNCSoft ScreenEditor)". - Severity changed from "Critical" to "High". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: April 28, 2020 - Last Modified Date: September 15, 2020 37696: HTTP: Delta Industrial Automation CNCSoft ScreenEditor DPB Out-Of-Bounds Read (ZDI-20-945) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37696: ZDI-CAN-10885: Zero Day Initiative Vulnerability (Delta Industrial Automation CNCSoft ScreenEditor)". - Severity changed from "Critical" to "High". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: May 05, 2020 - Last Modified Date: September 15, 2020 37793: HTTP: Microsoft Visual Studio DDS File Parsing Out-Of-Bounds Read Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37793: ZDI-CAN-11212: Zero Day Initiative Vulnerability (Microsoft Visual Studio)". - Severity changed from "Critical" to "High". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: June 30, 2020 - Last Modified Date: September 15, 2020 37795: HTTP: Microsoft Visual Studio DDS File Parsing Integer Overflow Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37795: ZDI-CAN-11213: Zero Day Initiative Vulnerability (Microsoft Visual Studio)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: June 30, 2020 - Last Modified Date: September 15, 2020 37796: HTTP: Microsoft Windows Media Player HEVC Stream Parsing Buffer Overflow Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37796: ZDI-CAN-11215: Zero Day Initiative Vulnerability (Microsoft Windows Media Player)". - Category changed from "Vulnerabilities" to "Exploits". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: June 30, 2020 - Last Modified Date: September 15, 2020 37798: HTTP: Microsoft Windows Camera Codec Pack Out-Of-Bounds Write Vulnerability (ZDI-20-1122) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37798: ZDI-CAN-11240: Zero Day Initiative Vulnerability (Microsoft Windows Camera Codec)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: June 30, 2020 - Last Modified Date: September 15, 2020 Modified Filters (metadata changes only): * = Enabled in Default deployments 13855: TCP: XML External Entity (XXE) Usage - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Vulnerability references updated. - Release Date: April 28, 2014 - Last Modified Date: September 15, 2020 38080: HTTP: Apache OFBiz XMLRPC Insecure Deserialization Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Release Date: September 01, 2020 - Last Modified Date: September 15, 2020 Removed Filters: None
Top of the Page