Digital Vaccine #9459

Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs.

New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com.

SMS customers can update the Digital Vaccine through the SMS client. From the top-line menu, you can open the "File > Download Digital Vaccine from TMC" menu item to detect and load the latest update.
System Requirements
The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above, all NGFW and all TPS systems. The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance. Please note that vTPS does not currently support pre-disclosed ZDI filters.
The Digital Vaccine can be manually downloaded from the following URLs:
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9459.pkg
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9459.pkg
Update Details

Table of Contents
--------------------------
Filters
New Filters - 14
Modified Filters (logic changes) - 33
Modified Filters (metadata changes only) - 2
Removed Filters - 2

Filters
----------------
New Filters:
    38180: HTTP: Nagios XI command_test.php Command Injection Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a command injection vulnerability in Nagios XI.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: September 29, 2020

    38189: ZDI-CAN-11887: Zero Day Initiative Vulnerability (Microsoft Outlook)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Microsoft Outlook.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: September 29, 2020

    38190: ZDI-CAN-11888: Zero Day Initiative Vulnerability (Microsoft Office Excel)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Office Excel.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: September 29, 2020

    38191: ZDI-CAN-11894: Zero Day Initiative Vulnerability (Microsoft Office PowerPoint)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Office PowerPoint.
      - Deployments:
        - Deployment: Default (Block / Notify / Trace)
        - Deployment: Performance-Optimized (Disabled)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: September 29, 2020

    38192: ZDI-CAN-11980: Zero Day Initiative Vulnerability (Microsoft Windows Media Player)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Windows Media Player.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: September 29, 2020

    38193: ZDI-CAN-11981: Zero Day Initiative Vulnerability (Microsoft Windows Camera Codec)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Microsoft Windows Camera Codec.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: September 29, 2020

    38195: TCP: Apache Log4j Insecure Deserialization Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an insecure deserialization vulnerability in Apache Log4j.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2017-5645
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: TCP (Generic)
      - Platform: Multi-Platform Server Application or Service
      - Release Date: September 29, 2020

    38196: HTTP: WordPress XMLRPC getUsersBlogs and getComments Usage
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Moderate
      - Description: This filter detects usage of of wp.getUsersBlogs and wp.getComments by XMLRPC in WordPress.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: September 29, 2020

    38197: SIP: Microsoft Office Communicator SIP DoS Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: High
      - Description: This filter detects an attempt to exploit a denial-of-service vulnerability in Microsoft Office Communicator SIP.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2008-5180
      - Classification: Vulnerability - Denial of Service (Crash/Reboot)
      - Protocol: SIP (VOIP)
      - Platform: Multi-Platform Server Application or Service
      - Release Date: September 29, 2020

    38204: FTP: Vesta Control Panel Command Injection Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a command injection in Vesta Control Panel.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-10808
      - Classification: Vulnerability - Other
      - Protocol: FTP
      - Platform: UNIX/Linux Server Application or Service
      - Release Date: September 29, 2020

    38205: HTTP: CutePHP CuteNews User Avatar Arbitrary File Upload Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an arbitrary file upload vulnerability in CutePHP CuteNews.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-11447
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: September 29, 2020

    38207: LDAP: Apache Druid Credential Information Disclosure Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: High
      - Description: This filter detects an attempt to exploit an information disclosure vulnerability in Apache Druid.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-1958
      - Classification: Vulnerability - Other
      - Protocol: LDAP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: September 29, 2020

    38209: TCP: Apache HTTP Server mod_uwsgi Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Apache HTTP Server.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-11894
      - Classification: Vulnerability - Buffer/Heap Overflow
      - Protocol: TCP (Generic)
      - Platform: Multi-Platform Server Application or Service
      - Release Date: September 29, 2020

    38235: MS-NRPC: Microsoft Windows NetrServerAuthenticate Request
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects a NetrServerAuthenticate request.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-1472
      - Classification: Security Policy - Other
      - Protocol: MS-RPC
      - Platform: Windows Server Application or Service
      - Release Date: September 29, 2020

  Modified Filters (logic changes):
    * = Enabled in Default deployments

    25916: HTTP: Apple Safari getAnimations Out-Of-Bounds Read Vulnerability (ZDI-20-909)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "25916: ZDI-CAN-10832: Zero Day Initiative Vulnerability (Apple Safari)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: May 19, 2020
      - Last Modified Date: September 29, 2020

    28090: HTTP: Oracle Java Runtime Environment HTML Rendering Out-Of-Bounds Write Vulnerability (ZDI-20-897)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "28090: ZDI-CAN-10965: Zero Day Initiative Vulnerability (Oracle Java Runtime Environment)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: May 26, 2020
      - Last Modified Date: September 29, 2020

    28655: HTTP: NETGEAR Multiple Routers check_ra Stack-based Buffer Overflow Vulnerability (ZDI-20-937)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "28655: ZDI-CAN-9852: Zero Day Initiative Vulnerability (NETGEAR Routers)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: May 26, 2020
      - Last Modified Date: September 29, 2020

    34775: HTTP: Cisco RV340 upload.cgi Command Injection Vulnerability (ZDI-20-1100)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "34775: ZDI-CAN-10640: Zero Day Initiative Vulnerability (Cisco RV340)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: June 16, 2020
      - Last Modified Date: September 29, 2020

    34924: HTTP: Delta Industrial Automation TPEditor TPE File Parsing Buffer Overflow (ZDI-20-966)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "34924: ZDI-CAN-11041: Zero Day Initiative Vulnerability (Delta Industrial Automation TPEditor)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: June 16, 2020
      - Last Modified Date: September 29, 2020

    35673: HTTP: Cisco RV340 upload.cgi Buffer Overflow Vulnerability (ZDI-20-1101)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "35673: ZDI-CAN-10907: Zero Day Initiative Vulnerability (Cisco RV340)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: June 16, 2020
      - Last Modified Date: September 29, 2020

    36917: HTTP: Foxit PhantomPDF Type Confusion Vulnerability (ZDI-20-511,514-520)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "36917: ZDI-CAN-9865,9828.9831,9942-9946: Zero Day Initiative Vulnerability (Foxit PhantomPDF)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: January 21, 2020
      - Last Modified Date: September 29, 2020

    36988: SCADA: Triangle Microworks SCADA Data Gateway DNP3 GET_FILE_INFO Buffer Overflow (ZDI-20-547)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "36988: PWN2OWN ZDI-CAN-10266: Zero Day Initiative Vulnerability (Triangle Microworks SCADA Data Gateway)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: January 28, 2020
      - Last Modified Date: September 29, 2020

    36994: HTTP: Schneider Electric EcoStructure Operator Terminal Expert Arbitrary Library Load (ZDI-20-656)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "36994: PWN2OWN ZDI-CAN-10279: Zero Day Initiative Vulnerability (Schneider Electric EcoStruxure)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: January 28, 2020
      - Last Modified Date: September 29, 2020

    37003: TCP: ICONICS Genesis64 IcoFwxServer Insecure Deserialization Vulnerability (Pwn2Own ZDI-20-780)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37003: PWN2OWN ZDI-CAN-10297: Zero Day Initiative Vulnerability (Iconics GENESIS64)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: January 28, 2020
      - Last Modified Date: September 29, 2020

    37004: TCP: Rockwell Automation FactoryTalk Directory Traversal Vulnerability (Pwn2Own ZDI-20-734)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37004: PWN2OWN ZDI-CAN-10298: Zero Day Initiative Vulnerability (Rockwall Automation Factory View SE)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: January 28, 2020
      - Last Modified Date: September 29, 2020

    37053: HTTP: SAP 3D Visual Enterprise Viewer CGM File Parsing Untrusted Pointer Dereference (ZDI-20-1137) 
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37053: ZDI-CAN-11147: Zero Day Initiative Vulnerability (SAP 3D Visual Enterprise Viewer)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: July 07, 2020
      - Last Modified Date: September 29, 2020

    37174: HTTP: NETGEAR R6700 httpd strtblupgrade Integer Overflow Vulnerability (ZDI-20-709)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37174: ZDI-CAN-9768: Zero Day Initiative Vulnerability (NETGEAR R6700)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: February 25, 2020
      - Last Modified Date: September 29, 2020

    37265: HTTP: Delta Industrial Automation DOPSoft DPA Out-Of-Bounds Read Vulnerability (ZDI-20-787)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37265: ZDI-CAN-10184: Zero Day Initiative Vulnerability (Delta Industrial Automation DOPSoft)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: March 03, 2020
      - Last Modified Date: September 29, 2020

    37266: HTTP: Delta Industrial Automation DOPSoft Out-Of-Bounds Read Vulnerability (ZDI-20-797)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37266: ZDI-CAN-10183: Zero Day Initiative Vulnerability (Delta Industrial Automation DOPSoft)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: March 03, 2020
      - Last Modified Date: September 29, 2020

    37321: HTTP: Adobe Acrobat Reader DC XFA Template Use-After-Free Vulnerability (ZDI-20-330)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37321: ZDI-CAN-10126: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: March 10, 2020
      - Last Modified Date: September 29, 2020

    37323: HTTP: Advantech WebAccess/HMI Designer PM3 File Parsing Buffer Overflow Vulnerability (ZDI-20-958)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37323: ZDI-CAN-10133: Zero Day Initiative Vulnerability (Advantech WebAccess/HMI Designer)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: March 10, 2020
      - Last Modified Date: September 29, 2020

    37324: HTTP: Advantech WebAccess/HMI Designer PM3 File Parsing Out-Of-Bounds Read Vulnerability(ZDI-20-957)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37324: ZDI-CAN-10134: Zero Day Initiative Vulnerability (Advantech WebAccess/HMI Designer)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: March 10, 2020
      - Last Modified Date: September 29, 2020

    37325: HTTP: Advantech WebAccess/HMI Designer PM3 File Out-Of-Bounds Write Vulnerability (ZDI-20-956)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37325: ZDI-CAN-10135: Zero Day Initiative Vulnerability (Advantech WebAccess/HMI Designer)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: March 10, 2020
      - Last Modified Date: September 29, 2020

    37477: HTTP: WECON LeviStudioU MultiLink bitaddr Buffer Overflow Vulnerability (ZDI-20-1076)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37477: ZDI-CAN-10545-46: Zero Day Initiative Vulnerability (WECON LeviStudioU)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: April 07, 2020
      - Last Modified Date: September 29, 2020

    37586: HTTP: Fuji Electric Tellus Lite V-Simulator 6 V9 File Parsing Out-Of-Bounds Read (ZDI-20-1104)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37586: ZDI-CAN-10676: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite V-Simulator 6)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: April 14, 2020
      - Last Modified Date: September 29, 2020

    37587: HTTP: Fuji Electric Tellus Lite V-Simulator 6 V9 File Parsing Buffer Overflow (ZDI-20-1105)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37587: ZDI-CAN-10677: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite V-Simulator 6)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: April 14, 2020
      - Last Modified Date: September 29, 2020

    37588: HTTP: Fuji Electric Tellus Lite V-Simulator 6 V9 File Parsing Out-Of-Bounds Write (ZDI-20-1106)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37588: ZDI-CAN-10678: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite V-Simulator 6)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: April 14, 2020
      - Last Modified Date: September 29, 2020

    37589: HTTP: Fuji Electric Tellus Lite V-Simulator 6 V9 File Parsing Buffer Overflow (ZDI-20-1107)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37589: ZDI-CAN-10679: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite V-Simulator 6)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: April 14, 2020
      - Last Modified Date: September 29, 2020

    37590: HTTP: Fuji Electric Tellus Lite V-Simulator 6 V9 File Parsing Buffer Overflow (ZDI-20-1108)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37590: ZDI-CAN-10680: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite V-Simulator 6)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: April 14, 2020
      - Last Modified Date: September 29, 2020

    37602: HTTP: Fuji Electric Tellus Lite V-Simulator 6 V9 File Parsing Buffer Overflow (ZDI-20-1114)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37602: ZDI-CAN-10734: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite V-Simulator 6)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: April 14, 2020
      - Last Modified Date: September 29, 2020

    37700: HTTP: Delta Industrial Automation CNCSoft ScreenEditor Code Execution Vulnerability (ZDI-20-948)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37700: ZDI-CAN-10893: Zero Day Initiative Vulnerability (Delta Industrial Automation CNCSoft ScreenEditor)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: May 05, 2020
      - Last Modified Date: September 29, 2020

    37799: HTTP: Microsoft Camera Codec Image Processing Out-Of-Bounds Write Vulnerability (ZDI-20-1175)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37799: ZDI-CAN-11263: Zero Day Initiative Vulnerability (Microsoft Windows Camera Codec)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: June 30, 2020
      - Last Modified Date: September 29, 2020

    37866: HTTP: Microsoft Excel XLS File Parsing Use-After-Free Vulnerability (ZDI-20-1132)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37866: ZDI-CAN-11276: Zero Day Initiative Vulnerability (Microsoft Excel)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: July 21, 2020
      - Last Modified Date: September 29, 2020

    37868: HTTP: Trend Micro Deep Security Manager Authentication Bypass Vulnerability (ZDI-20-1077)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37868: ZDI-CAN-11368: Zero Day Initiative Vulnerability (Trend Micro Deep Security Manager)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: July 21, 2020
      - Last Modified Date: September 29, 2020

    37945: HTTP: Trend Micro Vulnerability Protection Authentication Bypass Vulnerability (ZDI-20-1083)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37945: ZDI-CAN-11431: Zero Day Initiative Vulnerability (Trend Micro Vulnerability Protection)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: August 11, 2020
      - Last Modified Date: September 29, 2020

    37946: HTTP: Microsoft Excel XLS File SST Record Out-Of-Bounds Write Vulnerability (ZDI-20-1133)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37946: ZDI-CAN-11446: Zero Day Initiative Vulnerability (Microsoft Office Excel)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: August 11, 2020
      - Last Modified Date: September 29, 2020

    * 38166: MS-NRPC: Microsoft Windows Netlogon Authentication Bypass Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: September 15, 2020
      - Last Modified Date: September 29, 2020

  Modified Filters (metadata changes only):
    * = Enabled in Default deployments

    * 34976: HTTP: Adobe Flash Player Filter Out-Of-Bounds Read Vulnerability (ZDI-19-357)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "34976: HTTP: Adobe Flash Player Out-of-Bounds Read Vulnerability".
      - Description updated.
      - Vulnerability references updated.
      - Release Date: April 16, 2019
      - Last Modified Date: September 29, 2020

    36620: HTTP: Xiaomi Mi9 Browser manualUpgradeInfo Cross-Site Scripting Vulnerability (Pwn2Own ZDI-20-289)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "36620: HTTP: Xiaomi Mi9 Browser manualUpgradeInfo Coss-Site Scripting Vulnerability (Pwn2Own ZDI-20-289)".
      - Release Date: November 12, 2019
      - Last Modified Date: September 29, 2020

  Removed Filters:

    34828: ZDI-CAN-8280: Zero Day Initiative Vulnerability (Adobe Flash)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Release Date: April 02, 2019

    37452: HTTP: Adobe Acrobat Reader Use-After-Free Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Release Date: March 31, 2020
Top of the Page
Need More Help?

Digital Vaccine #9459
