Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Digital Vaccine #9466

    • Updated:
    • 14 Oct 2020
    • Product/Version:
    • TippingPoint Digital Vaccine
    • Platform:
Summary
Digital Vaccine #9466      October 13, 2020
Details
Public
Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs.

New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com.

SMS customers can update the Digital Vaccine through the SMS client. From the top-line menu, you can open the "File > Download Digital Vaccine from TMC" menu item to detect and load the latest update.
 
System Requirements
The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above,  all NGFW and all TPS systems. The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance. Please note that vTPS does not currently support pre-disclosed ZDI filters.
 
Microsoft Security Bulletins
This DV includes coverage for the Microsoft vulnerabilities released on or before October 13, 2020. The following table maps TippingPoint filters to the Microsoft CVEs.
CVEFilterStatus
CVE-2020-1047 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1080 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1243 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16863 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16876 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16877 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16885 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16886 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16887 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16889 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16890 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16891 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16892 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16894 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16895 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1689638253 
CVE-2020-16897 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1689838090 
CVE-2020-1689938092 
CVE-2020-16900 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16901 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16902 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16904 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16905 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16907 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16908 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16909 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16910 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16911 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16912 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16913 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16914 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1691538251 
CVE-2020-16916 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16918 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16919 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16920 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16921 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1692238247 
CVE-2020-16923 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16924 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16927 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16928 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16929 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16930 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16931 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16932 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16933 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16934 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16935 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16936 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16937 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16938 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16939 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16940 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16941 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16942 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16943 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16944 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16945 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16946 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16947 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16948 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16949 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16950 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16951 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16952 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16953 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16954 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16955 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16956 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16957 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16967 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16968 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16969 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16972 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16973 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16974 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16975 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16976 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16977 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16978 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16980 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16995 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17003 Vendor Deemed Reproducibility or Exploitation Unlikely
Filters marked with * shipped prior to this DV, providing zero-day protection.
 
The Digital Vaccine can be manually downloaded from the following URLs:
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9466.pkg
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9466.pkg

Update Details

Table of Contents
--------------------------

Filters
 New Filters - 15
 Modified Filters (logic changes) - 38
 Modified Filters (metadata changes only) - 3
 Removed Filters - 0

Filters
----------------
 New Filters:
    38090: IPv6: Microsoft Windows Ipv6pUpdateRDNSS Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Microsoft Windows.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-16898
      - Classification: Vulnerability - Buffer/Heap Overflow
      - Protocol: IPV6
      - Platform: Windows Client Application
      - Release Date: October 13, 2020

    38092: IPv6: Microsoft Windows IPv6 Stack Denial-of-Service Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a denial-of-service vulnerability in Microsoft Windows.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-16899
      - Classification: Vulnerability - Denial of Service (Crash/Reboot)
      - Protocol: IPV6
      - Platform: Windows Client Application
      - Release Date: October 13, 2020

    38198: SIP: SIP INVITE Request
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects a SIP INVITE request.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2008-5180
      - Classification: Security Policy - Other
      - Protocol: SIP (VOIP)
      - Platform: Multi-Platform Server Application or Service
      - Release Date: October 13, 2020

    38199: HTTP: Zoho ManageEngine Applications Manager UploadAction File Upload Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an arbitrary file upload vulnerability in Zoho ManageEngine Applications Manager.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-14008
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: October 13, 2020

    38202: HTTP: rConfig Network Device Configuration vendor.crud.php File Upload Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a file upload vulnerability in rConfig Network Device Configuration.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-12255
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: October 13, 2020

    38203: HTTP: NEC ExpressCluster ApplyConfig XML External Entity Injection Vulnerability (ZDI-20-1102)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an external entity injection vulnerability in NEC ExpressCluster.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-17408
        - Zero Day Initiative: ZDI-20-1102
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: October 13, 2020

    38239: HTTP: Apache httpd HTTP2 Cache-Digest Header Parsing Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Apache httpd.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-9490
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: October 13, 2020

    38241: HTTP: ZenTao Pro Command Execution Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a command execution vulnerability in ZenTao Pro.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-7361
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: October 13, 2020

    38243: HTTP: Telmat AccessLog Code Execution Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a remote code execution vulnerability in Telmat AccessLog.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-16147
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: October 13, 2020

    38244: HTTP: Jenkins CVS Plugin Cross-Site Request Forgery Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter detects an attempt to exploit a cross-site request forgery vulnerability in Jenkins CVS Plugin.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-2184
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: October 13, 2020

    38247: HTTP: Microsoft Windows File Validation Spoofing Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: High
      - Description: This filter detects an attempt to exploit a spoofing vulnerability in Microsoft Windows.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-16922
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Windows Client Application
      - Release Date: October 13, 2020

    38248: HTTP: MaraCMS PHP File Upload
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects an attempt to upload a file to MaraCMS.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-25042
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: October 13, 2020

    38250: HTTP: WordPress SupportCandy Plugin Arbitrary File Upload Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an arbitrary file upload vulnerability in WordPress SupportCandy Plugin.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-11223
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: October 13, 2020

    38251: HTTP: Microsoft Windows Media Foundation H265 Stream Parsing Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Windows Media Foundation.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-16915 CVSS 3.1
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application
      - Release Date: October 13, 2020

    38253: RDP: Microsoft Remote Desktop Integer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an integer overflow in Microsoft Remote Desktop.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-16896
      - Classification: Vulnerability - Buffer/Heap Overflow
      - Protocol: TCP (Generic)
      - Platform: Windows Client Application
      - Release Date: October 13, 2020

  Modified Filters (logic changes):
    * = Enabled in Default deployments

    26399: HTTP: Fuji Electric Tellus Lite V-Simulator 5 V8 File Buffer Overflow Vulnerability (ZDI-20-1198)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "26399: ZDI-CAN-10929: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite V-Simulator 5)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: May 19, 2020
      - Last Modified Date: October 13, 2020

    26888: HTTP: Fuji Electric Tellus Lite V-Simulator 5 V8 File Buffer Overflow Vulnerability (ZDI-20-1199)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "26888: ZDI-CAN-10983: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite V-Simulator 5)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: May 19, 2020
      - Last Modified Date: October 13, 2020

    26889: HTTP: Fuji Electric Tellus Lite V-Simulator 5 V8 File Buffer Overflow Vulnerability (ZDI-20-1200)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "26889: ZDI-CAN-10984: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite V-Simulator 5)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: May 19, 2020
      - Last Modified Date: October 13, 2020

    27057: HTTP: Fuji Electric Tellus Lite V-Simulator 5 V8 File Buffer Overflow Vulnerability (ZDI-20-1201)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "27057: ZDI-CAN-10985: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite V-Simulator 5)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: May 19, 2020
      - Last Modified Date: October 13, 2020

    27302: HTTP: Fuji Electric Tellus Lite V-Simulator 5 V8 File Buffer Overflow Vulnerability (ZDI-20-1202)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "27302: ZDI-CAN-10986: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite V-Simulator 5)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: May 19, 2020
      - Last Modified Date: October 13, 2020

    27422: HTTP: Fuji Electric Tellus Lite V-Simulator 5 V8 File Buffer Overflow Vulnerability (ZDI-20-1203)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "27422: ZDI-CAN-10987: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite V-Simulator 5)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: May 19, 2020
      - Last Modified Date: October 13, 2020

    27530: HTTP: Fuji Electric Tellus Lite V-Simulator 5 V8 File Buffer Overflow Vulnerability (ZDI-20-1204)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "27530: ZDI-CAN-11010: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite V-Simulator 5)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: May 19, 2020
      - Last Modified Date: October 13, 2020

    * 30147: HTTP: Oracle WebLogic Command Injection Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Release Date: January 02, 2018
      - Last Modified Date: October 13, 2020

    36745: HTTP: Advantech WebAccess/NMS download.jsp Directory Traversal Vulnerability (ZDI-20-384)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: December 03, 2019
      - Last Modified Date: October 13, 2020

    36905: HTTP: IBM Spectrum Protect Plus uploadHttpsCertificate Command Injection Vulnerability (ZDI-20-348)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: January 21, 2020
      - Last Modified Date: October 13, 2020

    37247: HTTP: Microsoft Windows Media Player AVI Parsing Out-Of-Bounds Write Vulnerability (ZDI-20-285)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37247: ZDI-CAN-10525: Zero Day Initiative Vulnerability (Microsoft Windows Media Player)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: March 03, 2020
      - Last Modified Date: October 13, 2020

    37289: HTTP: Advantech WebAccess/HMI Designer PM3 File Parsing Buffer Overflow Vulnerability (ZDI-20-959)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37289: ZDI-CAN-10122: Zero Day Initiative Vulnerability (Advantech WebAccess/HMI Designer)".
      - Severity changed from "High" to "Critical".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: March 10, 2020
      - Last Modified Date: October 13, 2020

    37299: HTTP: Microsoft Internet Explorer JScript Use-After-Free Vulnerability (ZDI-20-645)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37299: ZDI-CAN-10397: Zero Day Initiative Vulnerability (Microsoft Internet Explorer)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: March 10, 2020
      - Last Modified Date: October 13, 2020

    37327: HTTP: Advantech WebAccess/HMI Designer PM3 File Parsing Buffer Overflow Vulnerability (ZDI-20-955)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37327: ZDI-CAN-10136: Zero Day Initiative Vulnerability (Advantech WebAccess/HMI Designer)".
      - Severity changed from "High" to "Critical".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: March 17, 2020
      - Last Modified Date: October 13, 2020

    37336: HTTP: Microsoft Windows hevcdecoder_store File Parsing Out-Of-Bounds Write Vulnerability(ZDI-20-818)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37336: ZDI-CAN-10692: Zero Day Initiative Vulnerability (Microsoft Windows)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: March 17, 2020
      - Last Modified Date: October 13, 2020

    37338: HTTP: Microsoft Windows hevcdecoder_store File Parsing Out-Of-Bounds Read Vulnerability (ZDI-20-804)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37338: ZDI-CAN-10690: Zero Day Initiative Vulnerability (Microsoft Windows)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: March 17, 2020
      - Last Modified Date: October 13, 2020

    37342: HTTP: Microsoft Windows hevcdecoder_store File Parsing Out-Of-Bounds Read Vulnerability (ZDI-20-906)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37342: ZDI-CAN-10686: Zero Day Initiative Vulnerability (Microsoft Windows)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: March 17, 2020
      - Last Modified Date: October 13, 2020

    37343: HTTP: Microsoft Windows hevcdecoder_store File Parsing Out-Of-Bounds Read Vulnerability (ZDI-20-817)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37343: ZDI-CAN-10685: Zero Day Initiative Vulnerability (Microsoft Windows)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: March 17, 2020
      - Last Modified Date: October 13, 2020

    37344: HTTP: Microsoft Windows hevcdecoder_store File Parsing Out-Of-Bounds Write Vulnerability(ZDI-20-816)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37344: ZDI-CAN-10684: Zero Day Initiative Vulnerability (Microsoft Windows)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: March 17, 2020
      - Last Modified Date: October 13, 2020

    37370: HTTP: Delta Industrial Automation DOPSoft File Parsing Out-Of-Bounds Read Vulnerability (ZDI-20-788)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37370: ZDI-CAN-10572: Zero Day Initiative Vulnerability (Delta Industrial Automation DOPSoft)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: March 17, 2020
      - Last Modified Date: October 13, 2020

    37376: HTTP: Delta Industrial Automation DOPSoft File Parsing Buffer Overflow Vulnerability (ZDI-20-789)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37376: ZDI-CAN-10571: Zero Day Initiative Vulnerability (Delta Industrial Automation DOPSoft)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: March 24, 2020
      - Last Modified Date: October 13, 2020

    37379: HTTP: Delta Industrial Automation DOPSoft File Parsing Out-Of-Bounds Read Vulnerability (ZDI-20-790)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37379: ZDI-CAN-10509: Zero Day Initiative Vulnerability (Delta Industrial Automation DOPSoft)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: March 24, 2020
      - Last Modified Date: October 13, 2020

    37382: HTTP: Advantech WebAccess/SCADA SyntecUA Buffer Overflow Vulnerability (ZDI-20-625)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37382: ZDI-CAN-10339: Zero Day Initiative Vulnerability (Advantech WebAccess/SCADA)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: March 24, 2020
      - Last Modified Date: October 13, 2020

    37398: HTTP: Apple Safari HasIndexedProperty Type Confusion Vulnerability (ZDI-20-682)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37398: ZDI-CAN-10504,10773: Zero Day Initiative Vulnerability (Apple Safari)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: March 24, 2020
      - Last Modified Date: October 13, 2020

    37399: HTTP: Delta Industrial Automation DOPSoft Out-Of-Bounds Read Vulnerability (ZDI-20-792)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37399: ZDI-CAN-10494: Zero Day Initiative Vulnerability (Delta Industrial Automation DOPSoft)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: March 24, 2020
      - Last Modified Date: October 13, 2020

    37400: HTTP: Horde Groupware Webmail Edition edit Page Directory Traversal Vulnerability (ZDI-20-276)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37400: ZDI-CAN-10469: Zero Day Initiative Vulnerability (Horde Groupware Webmail Edition)".
      - Category changed from "Exploits" to "Vulnerabilities".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: March 24, 2020
      - Last Modified Date: October 13, 2020

    37406: HTTP: Micro Focus Secure Messaging Gateway SaveData Command Injection Vulnerability (ZDI-20-977)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37406: ZDI-CAN-10333: Zero Day Initiative Vulnerability (Micro Focus Secure Messaging Gateway)".
      - Category changed from "Exploits" to "Vulnerabilities".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: March 24, 2020
      - Last Modified Date: October 13, 2020

    37581: HTTP: Fuji Electric Tellus Lite V-Simulator 6 V9 Out-Of-Bounds Write Vulnerability (ZDI-20-1186)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37581: ZDI-CAN-10611: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite V-Simulator 6)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: April 14, 2020
      - Last Modified Date: October 13, 2020

    37585: HTTP: Fuji Electric Tellus Lite V-Simulator 6 V9 Buffer Overflow Vulnerability (ZDI-20-1103)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37585: ZDI-CAN-10675: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite V-Simulator 6)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: April 14, 2020
      - Last Modified Date: October 13, 2020

    37741: HTTP: Fuji Electric Tellus Lite V-Simulator 5 V8 Out-Of-Bounds Write Vulnerability (ZDI-20-1197)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37741: ZDI-CAN-10961: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite V-Simulator 5)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: May 12, 2020
      - Last Modified Date: October 13, 2020

    37742: HTTP: Fuji Electric Tellus Lite V-Simulator 5 V8 Buffer Overflow Vulnerability (ZDI-20-1196)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37742: ZDI-CAN-10960: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite V-Simulator 5)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: May 12, 2020
      - Last Modified Date: October 13, 2020

    37743: HTTP: Fuji Electric Tellus Lite V-Simulator 5 V8 Buffer Overflow Vulnerability (ZDI-20-1195)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37743: ZDI-CAN-10959: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite V-Simulator 5)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: May 12, 2020
      - Last Modified Date: October 13, 2020

    37745: HTTP: Fuji Electric Tellus Lite V-Simulator 5 V8 Out-Of-Bounds Read Vulnerability (ZDI-20-1192)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37745: ZDI-CAN-10956: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite V-Simulator 5)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: May 12, 2020
      - Last Modified Date: October 13, 2020

    37746: HTTP: Fuji Electric Tellus Lite V-Simulator 5 V8 Buffer Overflow Vulnerability (ZDI-20-1193)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37746: ZDI-CAN-10957: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite V-Simulator 5)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: May 12, 2020
      - Last Modified Date: October 13, 2020

    37747: HTTP: Fuji Electric Tellus Lite V-Simulator 5 V8 Out-Of-Bounds Read Vulnerability (ZDI-20-1194)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37747: ZDI-CAN-10958: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite V-Simulator 5)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: May 12, 2020
      - Last Modified Date: October 13, 2020

    * 37841: HTTP: F5 BIG-IP TMUI Code Execution Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Release Date: July 07, 2020
      - Last Modified Date: October 13, 2020

    38068: HTTP: Foxit Reader AcroForm Annotation Use-After-Free Vulnerability (ZDI-20-1234)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38068: ZDI-CAN-11657: Zero Day Initiative Vulnerability (Foxit Reader)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: September 01, 2020
      - Last Modified Date: October 13, 2020

    38142: HTTP: Studio-42 elFinder Command Injection Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Release Date: September 22, 2020
      - Last Modified Date: October 13, 2020

  Modified Filters (metadata changes only):
    * = Enabled in Default deployments

    24705: TCP: ysoserial Java Deserialization Tool Usage (ZDI-17-953)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Vulnerability references updated.
      - Release Date: July 05, 2016
      - Last Modified Date: October 13, 2020

    38100: HTTP: WordPress File Manager File Upload Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Vulnerability references updated.
      - Release Date: September 03, 2020
      - Last Modified Date: October 13, 2020

    38167: HTTP: FasterXML jackson-databind Remote Code Execution Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Vulnerability references updated.
      - Release Date: September 22, 2020
      - Last Modified Date: October 13, 2020

  Removed Filters: None
    
Top of the Page
Premium
Internal
Partner
Rating:
Category:
Configure; Troubleshoot; Deploy
Solution Id:
TP000277828
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.