Summary
Digital Vaccine #9466 October 13, 2020
Details
Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs. New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com. SMS customers can update the Digital Vaccine through the SMS client. From the top-line menu, you can open the "File > Download Digital Vaccine from TMC" menu item to detect and load the latest update. |
System Requirements |
The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above, all NGFW and all TPS systems. The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance. Please note that vTPS does not currently support pre-disclosed ZDI filters. |
Microsoft Security Bulletins This DV includes coverage for the Microsoft vulnerabilities released on or before October 13, 2020. The following table maps TippingPoint filters to the Microsoft CVEs. | ||
CVE | Filter | Status |
CVE-2020-1047 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1080 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-1243 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-16863 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-16876 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-16877 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-16885 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-16886 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-16887 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-16889 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-16890 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-16891 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-16892 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-16894 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-16895 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-16896 | 38253 | |
CVE-2020-16897 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-16898 | 38090 | |
CVE-2020-16899 | 38092 | |
CVE-2020-16900 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-16901 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-16902 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-16904 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-16905 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-16907 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-16908 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-16909 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-16910 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-16911 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-16912 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-16913 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-16914 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-16915 | 38251 | |
CVE-2020-16916 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-16918 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-16919 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-16920 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-16921 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-16922 | 38247 | |
CVE-2020-16923 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-16924 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-16927 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-16928 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-16929 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-16930 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-16931 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-16932 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-16933 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-16934 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-16935 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-16936 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-16937 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-16938 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-16939 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-16940 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-16941 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-16942 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-16943 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-16944 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-16945 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-16946 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-16947 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-16948 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-16949 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-16950 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-16951 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-16952 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-16953 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-16954 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-16955 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-16956 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-16957 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-16967 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-16968 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-16969 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-16972 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-16973 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-16974 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-16975 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-16976 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-16977 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-16978 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-16980 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-16995 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-17003 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
Filters marked with * shipped prior to this DV, providing zero-day protection. |
The Digital Vaccine can be manually downloaded from the following URLs: https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9466.pkg https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9466.pkg |
Update Details
Table of Contents
--------------------------
Filters
New Filters - 15
Modified Filters (logic changes) - 38
Modified Filters (metadata changes only) - 3
Removed Filters - 0
Filters
----------------
New Filters:
38090: IPv6: Microsoft Windows Ipv6pUpdateRDNSS Buffer Overflow Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Microsoft Windows. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2020-16898 - Classification: Vulnerability - Buffer/Heap Overflow - Protocol: IPV6 - Platform: Windows Client Application - Release Date: October 13, 2020 38092: IPv6: Microsoft Windows IPv6 Stack Denial-of-Service Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a denial-of-service vulnerability in Microsoft Windows. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2020-16899 - Classification: Vulnerability - Denial of Service (Crash/Reboot) - Protocol: IPV6 - Platform: Windows Client Application - Release Date: October 13, 2020 38198: SIP: SIP INVITE Request - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Low - Description: This filter detects a SIP INVITE request. - Deployment: Not enabled by default in any deployment. - References: - Common Vulnerabilities and Exposures: CVE-2008-5180 - Classification: Security Policy - Other - Protocol: SIP (VOIP) - Platform: Multi-Platform Server Application or Service - Release Date: October 13, 2020 38199: HTTP: Zoho ManageEngine Applications Manager UploadAction File Upload Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit an arbitrary file upload vulnerability in Zoho ManageEngine Applications Manager. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2020-14008 - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: October 13, 2020 38202: HTTP: rConfig Network Device Configuration vendor.crud.php File Upload Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a file upload vulnerability in rConfig Network Device Configuration. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2020-12255 - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: October 13, 2020 38203: HTTP: NEC ExpressCluster ApplyConfig XML External Entity Injection Vulnerability (ZDI-20-1102) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit an external entity injection vulnerability in NEC ExpressCluster. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2020-17408 - Zero Day Initiative: ZDI-20-1102 - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: October 13, 2020 38239: HTTP: Apache httpd HTTP2 Cache-Digest Header Parsing Memory Corruption Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Apache httpd. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2020-9490 - Classification: Vulnerability - Other - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: October 13, 2020 38241: HTTP: ZenTao Pro Command Execution Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a command execution vulnerability in ZenTao Pro. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2020-7361 - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: October 13, 2020 38243: HTTP: Telmat AccessLog Code Execution Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a remote code execution vulnerability in Telmat AccessLog. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2020-16147 - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: October 13, 2020 38244: HTTP: Jenkins CVS Plugin Cross-Site Request Forgery Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: High - Description: This filter detects an attempt to exploit a cross-site request forgery vulnerability in Jenkins CVS Plugin. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - References: - Common Vulnerabilities and Exposures: CVE-2020-2184 - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: October 13, 2020 38247: HTTP: Microsoft Windows File Validation Spoofing Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: High - Description: This filter detects an attempt to exploit a spoofing vulnerability in Microsoft Windows. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - References: - Common Vulnerabilities and Exposures: CVE-2020-16922 - Classification: Vulnerability - Other - Protocol: HTTP - Platform: Windows Client Application - Release Date: October 13, 2020 38248: HTTP: MaraCMS PHP File Upload - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Low - Description: This filter detects an attempt to upload a file to MaraCMS. - Deployment: Not enabled by default in any deployment. - References: - Common Vulnerabilities and Exposures: CVE-2020-25042 - Classification: Security Policy - Other - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: October 13, 2020 38250: HTTP: WordPress SupportCandy Plugin Arbitrary File Upload Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit an arbitrary file upload vulnerability in WordPress SupportCandy Plugin. - Deployment: Not enabled by default in any deployment. - References: - Common Vulnerabilities and Exposures: CVE-2019-11223 - Classification: Vulnerability - Other - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: October 13, 2020 38251: HTTP: Microsoft Windows Media Foundation H265 Stream Parsing Memory Corruption Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Windows Media Foundation. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - References: - Common Vulnerabilities and Exposures: CVE-2020-16915 CVSS 3.1 - Classification: Vulnerability - Other - Protocol: HTTP - Platform: Multi-Platform Client Application - Release Date: October 13, 2020 38253: RDP: Microsoft Remote Desktop Integer Overflow Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit an integer overflow in Microsoft Remote Desktop. - Deployment: Not enabled by default in any deployment. - References: - Common Vulnerabilities and Exposures: CVE-2020-16896 - Classification: Vulnerability - Buffer/Heap Overflow - Protocol: TCP (Generic) - Platform: Windows Client Application - Release Date: October 13, 2020 Modified Filters (logic changes): * = Enabled in Default deployments 26399: HTTP: Fuji Electric Tellus Lite V-Simulator 5 V8 File Buffer Overflow Vulnerability (ZDI-20-1198) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "26399: ZDI-CAN-10929: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite V-Simulator 5)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: May 19, 2020 - Last Modified Date: October 13, 2020 26888: HTTP: Fuji Electric Tellus Lite V-Simulator 5 V8 File Buffer Overflow Vulnerability (ZDI-20-1199) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "26888: ZDI-CAN-10983: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite V-Simulator 5)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: May 19, 2020 - Last Modified Date: October 13, 2020 26889: HTTP: Fuji Electric Tellus Lite V-Simulator 5 V8 File Buffer Overflow Vulnerability (ZDI-20-1200) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "26889: ZDI-CAN-10984: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite V-Simulator 5)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: May 19, 2020 - Last Modified Date: October 13, 2020 27057: HTTP: Fuji Electric Tellus Lite V-Simulator 5 V8 File Buffer Overflow Vulnerability (ZDI-20-1201) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "27057: ZDI-CAN-10985: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite V-Simulator 5)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: May 19, 2020 - Last Modified Date: October 13, 2020 27302: HTTP: Fuji Electric Tellus Lite V-Simulator 5 V8 File Buffer Overflow Vulnerability (ZDI-20-1202) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "27302: ZDI-CAN-10986: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite V-Simulator 5)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: May 19, 2020 - Last Modified Date: October 13, 2020 27422: HTTP: Fuji Electric Tellus Lite V-Simulator 5 V8 File Buffer Overflow Vulnerability (ZDI-20-1203) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "27422: ZDI-CAN-10987: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite V-Simulator 5)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: May 19, 2020 - Last Modified Date: October 13, 2020 27530: HTTP: Fuji Electric Tellus Lite V-Simulator 5 V8 File Buffer Overflow Vulnerability (ZDI-20-1204) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "27530: ZDI-CAN-11010: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite V-Simulator 5)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: May 19, 2020 - Last Modified Date: October 13, 2020 * 30147: HTTP: Oracle WebLogic Command Injection Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Detection logic updated. - Release Date: January 02, 2018 - Last Modified Date: October 13, 2020 36745: HTTP: Advantech WebAccess/NMS download.jsp Directory Traversal Vulnerability (ZDI-20-384) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: December 03, 2019 - Last Modified Date: October 13, 2020 36905: HTTP: IBM Spectrum Protect Plus uploadHttpsCertificate Command Injection Vulnerability (ZDI-20-348) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Detection logic updated. - Vulnerability references updated. - Release Date: January 21, 2020 - Last Modified Date: October 13, 2020 37247: HTTP: Microsoft Windows Media Player AVI Parsing Out-Of-Bounds Write Vulnerability (ZDI-20-285) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37247: ZDI-CAN-10525: Zero Day Initiative Vulnerability (Microsoft Windows Media Player)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: March 03, 2020 - Last Modified Date: October 13, 2020 37289: HTTP: Advantech WebAccess/HMI Designer PM3 File Parsing Buffer Overflow Vulnerability (ZDI-20-959) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37289: ZDI-CAN-10122: Zero Day Initiative Vulnerability (Advantech WebAccess/HMI Designer)". - Severity changed from "High" to "Critical". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: March 10, 2020 - Last Modified Date: October 13, 2020 37299: HTTP: Microsoft Internet Explorer JScript Use-After-Free Vulnerability (ZDI-20-645) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37299: ZDI-CAN-10397: Zero Day Initiative Vulnerability (Microsoft Internet Explorer)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: March 10, 2020 - Last Modified Date: October 13, 2020 37327: HTTP: Advantech WebAccess/HMI Designer PM3 File Parsing Buffer Overflow Vulnerability (ZDI-20-955) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37327: ZDI-CAN-10136: Zero Day Initiative Vulnerability (Advantech WebAccess/HMI Designer)". - Severity changed from "High" to "Critical". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: March 17, 2020 - Last Modified Date: October 13, 2020 37336: HTTP: Microsoft Windows hevcdecoder_store File Parsing Out-Of-Bounds Write Vulnerability(ZDI-20-818) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37336: ZDI-CAN-10692: Zero Day Initiative Vulnerability (Microsoft Windows)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: March 17, 2020 - Last Modified Date: October 13, 2020 37338: HTTP: Microsoft Windows hevcdecoder_store File Parsing Out-Of-Bounds Read Vulnerability (ZDI-20-804) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37338: ZDI-CAN-10690: Zero Day Initiative Vulnerability (Microsoft Windows)". - Severity changed from "Critical" to "High". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: March 17, 2020 - Last Modified Date: October 13, 2020 37342: HTTP: Microsoft Windows hevcdecoder_store File Parsing Out-Of-Bounds Read Vulnerability (ZDI-20-906) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37342: ZDI-CAN-10686: Zero Day Initiative Vulnerability (Microsoft Windows)". - Severity changed from "Critical" to "High". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: March 17, 2020 - Last Modified Date: October 13, 2020 37343: HTTP: Microsoft Windows hevcdecoder_store File Parsing Out-Of-Bounds Read Vulnerability (ZDI-20-817) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37343: ZDI-CAN-10685: Zero Day Initiative Vulnerability (Microsoft Windows)". - Severity changed from "Critical" to "High". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: March 17, 2020 - Last Modified Date: October 13, 2020 37344: HTTP: Microsoft Windows hevcdecoder_store File Parsing Out-Of-Bounds Write Vulnerability(ZDI-20-816) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37344: ZDI-CAN-10684: Zero Day Initiative Vulnerability (Microsoft Windows)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: March 17, 2020 - Last Modified Date: October 13, 2020 37370: HTTP: Delta Industrial Automation DOPSoft File Parsing Out-Of-Bounds Read Vulnerability (ZDI-20-788) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37370: ZDI-CAN-10572: Zero Day Initiative Vulnerability (Delta Industrial Automation DOPSoft)". - Severity changed from "Critical" to "High". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: March 17, 2020 - Last Modified Date: October 13, 2020 37376: HTTP: Delta Industrial Automation DOPSoft File Parsing Buffer Overflow Vulnerability (ZDI-20-789) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37376: ZDI-CAN-10571: Zero Day Initiative Vulnerability (Delta Industrial Automation DOPSoft)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: March 24, 2020 - Last Modified Date: October 13, 2020 37379: HTTP: Delta Industrial Automation DOPSoft File Parsing Out-Of-Bounds Read Vulnerability (ZDI-20-790) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37379: ZDI-CAN-10509: Zero Day Initiative Vulnerability (Delta Industrial Automation DOPSoft)". - Severity changed from "Critical" to "High". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: March 24, 2020 - Last Modified Date: October 13, 2020 37382: HTTP: Advantech WebAccess/SCADA SyntecUA Buffer Overflow Vulnerability (ZDI-20-625) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37382: ZDI-CAN-10339: Zero Day Initiative Vulnerability (Advantech WebAccess/SCADA)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: March 24, 2020 - Last Modified Date: October 13, 2020 37398: HTTP: Apple Safari HasIndexedProperty Type Confusion Vulnerability (ZDI-20-682) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37398: ZDI-CAN-10504,10773: Zero Day Initiative Vulnerability (Apple Safari)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: March 24, 2020 - Last Modified Date: October 13, 2020 37399: HTTP: Delta Industrial Automation DOPSoft Out-Of-Bounds Read Vulnerability (ZDI-20-792) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37399: ZDI-CAN-10494: Zero Day Initiative Vulnerability (Delta Industrial Automation DOPSoft)". - Severity changed from "Critical" to "High". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: March 24, 2020 - Last Modified Date: October 13, 2020 37400: HTTP: Horde Groupware Webmail Edition edit Page Directory Traversal Vulnerability (ZDI-20-276) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37400: ZDI-CAN-10469: Zero Day Initiative Vulnerability (Horde Groupware Webmail Edition)". - Category changed from "Exploits" to "Vulnerabilities". - Severity changed from "Critical" to "High". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: March 24, 2020 - Last Modified Date: October 13, 2020 37406: HTTP: Micro Focus Secure Messaging Gateway SaveData Command Injection Vulnerability (ZDI-20-977) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37406: ZDI-CAN-10333: Zero Day Initiative Vulnerability (Micro Focus Secure Messaging Gateway)". - Category changed from "Exploits" to "Vulnerabilities". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: March 24, 2020 - Last Modified Date: October 13, 2020 37581: HTTP: Fuji Electric Tellus Lite V-Simulator 6 V9 Out-Of-Bounds Write Vulnerability (ZDI-20-1186) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37581: ZDI-CAN-10611: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite V-Simulator 6)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: April 14, 2020 - Last Modified Date: October 13, 2020 37585: HTTP: Fuji Electric Tellus Lite V-Simulator 6 V9 Buffer Overflow Vulnerability (ZDI-20-1103) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37585: ZDI-CAN-10675: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite V-Simulator 6)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: April 14, 2020 - Last Modified Date: October 13, 2020 37741: HTTP: Fuji Electric Tellus Lite V-Simulator 5 V8 Out-Of-Bounds Write Vulnerability (ZDI-20-1197) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37741: ZDI-CAN-10961: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite V-Simulator 5)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: May 12, 2020 - Last Modified Date: October 13, 2020 37742: HTTP: Fuji Electric Tellus Lite V-Simulator 5 V8 Buffer Overflow Vulnerability (ZDI-20-1196) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37742: ZDI-CAN-10960: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite V-Simulator 5)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: May 12, 2020 - Last Modified Date: October 13, 2020 37743: HTTP: Fuji Electric Tellus Lite V-Simulator 5 V8 Buffer Overflow Vulnerability (ZDI-20-1195) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37743: ZDI-CAN-10959: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite V-Simulator 5)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: May 12, 2020 - Last Modified Date: October 13, 2020 37745: HTTP: Fuji Electric Tellus Lite V-Simulator 5 V8 Out-Of-Bounds Read Vulnerability (ZDI-20-1192) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37745: ZDI-CAN-10956: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite V-Simulator 5)". - Severity changed from "Critical" to "High". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: May 12, 2020 - Last Modified Date: October 13, 2020 37746: HTTP: Fuji Electric Tellus Lite V-Simulator 5 V8 Buffer Overflow Vulnerability (ZDI-20-1193) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37746: ZDI-CAN-10957: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite V-Simulator 5)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: May 12, 2020 - Last Modified Date: October 13, 2020 37747: HTTP: Fuji Electric Tellus Lite V-Simulator 5 V8 Out-Of-Bounds Read Vulnerability (ZDI-20-1194) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37747: ZDI-CAN-10958: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite V-Simulator 5)". - Severity changed from "Critical" to "High". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: May 12, 2020 - Last Modified Date: October 13, 2020 * 37841: HTTP: F5 BIG-IP TMUI Code Execution Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Detection logic updated. - Release Date: July 07, 2020 - Last Modified Date: October 13, 2020 38068: HTTP: Foxit Reader AcroForm Annotation Use-After-Free Vulnerability (ZDI-20-1234) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "38068: ZDI-CAN-11657: Zero Day Initiative Vulnerability (Foxit Reader)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: September 01, 2020 - Last Modified Date: October 13, 2020 38142: HTTP: Studio-42 elFinder Command Injection Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Detection logic updated. - Release Date: September 22, 2020 - Last Modified Date: October 13, 2020 Modified Filters (metadata changes only): * = Enabled in Default deployments 24705: TCP: ysoserial Java Deserialization Tool Usage (ZDI-17-953) - IPS Version: 3.1.3 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Vulnerability references updated. - Release Date: July 05, 2016 - Last Modified Date: October 13, 2020 38100: HTTP: WordPress File Manager File Upload Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Vulnerability references updated. - Release Date: September 03, 2020 - Last Modified Date: October 13, 2020 38167: HTTP: FasterXML jackson-databind Remote Code Execution Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Vulnerability references updated. - Release Date: September 22, 2020 - Last Modified Date: October 13, 2020 Removed Filters: NoneTop of the Page