Summary
Digital Vaccine #9472 November 3, 2020
Details
Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs. New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com. SMS customers can update the Digital Vaccine through the SMS client. From the top-line menu, you can open the "File > Download Digital Vaccine from TMC" menu item to detect and load the latest update. |
System Requirements |
The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above, all NGFW, and all TPS systems. The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance. Please note that vTPS does not currently support pre-disclosed ZDI filters. |
The Digital Vaccine can be manually downloaded from the following URLs: https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9472.pkg https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9472.pkg |
Update Details
Table of Contents
--------------------------
Filters
New Filters - 77
Modified Filters (logic changes) - 14
Modified Filters (metadata changes only) - 0
Removed Filters - 1
Filters
----------------
New Filters: 38279: HTTP: Yaws Web Server Command Injection Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a command injection vulnerability in Yaws Web Server. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2020-24916 - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: November 03, 2020 38280: ZDI-CAN-11804: Zero Day Initiative Vulnerability (SolarWinds Network Performance Monitor) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting SolarWinds Network Performance Monitor. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: November 03, 2020 38282: ZDI-CAN-11858: Zero Day Initiative Vulnerability (SolarWinds Network Performance Monitor) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting SolarWinds Network Performance Monitor. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: November 03, 2020 38283: ZDI-CAN-11859: Zero Day Initiative Vulnerability (SolarWinds Network Performance Monitor) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting SolarWinds Network Performance Monitor. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: November 03, 2020 38284: RPC: Advantech WebAccess IOCTL 10001 BwPFile Buffer Overflow Vulnerability (ZDI-20-953) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Advantech WebAccess Node. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2020-16215 - Zero Day Initiative: ZDI-20-953 - Classification: Vulnerability - Buffer/Heap Overflow - Protocol: RPC Services - Platform: Multi-Platform Server Application or Service - Release Date: November 03, 2020 38285: ZDI-CAN-11897: Zero Day Initiative Vulnerability (Siemens JT2Go) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens JT2Go. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: November 03, 2020 38286: ZDI-CAN-11898: Zero Day Initiative Vulnerability (Siemens JT2Go) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens JT2Go. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: November 03, 2020 38287: ZDI-CAN-11899: Zero Day Initiative Vulnerability (Siemens JT2Go) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens JT2Go. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: November 03, 2020 38291: ZDI-CAN-11900: Zero Day Initiative Vulnerability (Siemens JT2Go) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens JT2Go. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: November 03, 2020 38293: ZDI-CAN-11901: Zero Day Initiative Vulnerability (Siemens JT2Go) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens JT2Go. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: November 03, 2020 38294: ZDI-CAN-11902: Zero Day Initiative Vulnerability (SolarWinds Network Performance Monitor) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting SolarWinds Network Performance Monitor. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: November 03, 2020 38300: ZDI-CAN-11913: Zero Day Initiative Vulnerability (Siemens JT2Go) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens JT2Go. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: November 03, 2020 38303: HTTP: Oracle E-Business Suite ozfVendorLov Information Disclosure Vulnerability (ZDI-20-1283) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: High - Description: This filter detects the exploitation of an information disclosure vulnerability in Oracle E-Business. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2020-14876 - Zero Day Initiative: ZDI-20-1283 - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: November 03, 2020 38304: ZDI-CAN-11688: Zero Day Initiative Vulnerability (Cisco Multiple Routers) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting multiple Cisco Routers. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: November 03, 2020 38305: ZDI-CAN-11689: Zero Day Initiative Vulnerability (Cisco Multiple Routers) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting multiple Cisco Routers. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: November 03, 2020 38306: ZDI-CAN-11690: Zero Day Initiative Vulnerability (Cisco Multiple Routers) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting multiple Cisco Routers. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: November 03, 2020 38307: ZDI-CAN-11693: Zero Day Initiative Vulnerability (Cisco Multiple Routers) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting multiple Cisco Routers. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: November 03, 2020 38308: ZDI-CAN-11716: Zero Day Initiative Vulnerability (Cisco Multiple Routers) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting multiple Cisco Routers. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: November 03, 2020 38309: HTTP: Oracle WebLogic Server T3 Protocol Deserialization Vulnerability (ZDI-20-1282) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a deserialization vulnerability in Oracle WebLogic Server. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2020-14825 - Zero Day Initiative: ZDI-20-1282 - Classification: Vulnerability - Other - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: November 03, 2020 38310: ZDI-CAN-11903: Zero Day Initiative Vulnerability (SolarWinds Network Performance Monitor) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting SolarWinds Network Performance Monitor. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: November 03, 2020 38311: ZDI-CAN-11917: Zero Day Initiative Vulnerability (SolarWinds Network Performance Monitor) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting SolarWinds Network Performance Monitor. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: November 03, 2020 38312: ZDI-CAN-11918: Zero Day Initiative Vulnerability (Siemens Solid Edge Viewer) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens Solid Edge Viewer. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: November 03, 2020 38313: ZDI-CAN-11919: Zero Day Initiative Vulnerability (Siemens Solid Edge Viewer) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens Solid Edge Viewer. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: November 03, 2020 38314: ZDI-CAN-11920: Zero Day Initiative Vulnerability (Siemens Solid Edge Viewer) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens Solid Edge Viewer. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: November 03, 2020 38315: ZDI-CAN-11921: Zero Day Initiative Vulnerability (Siemens Solid Edge Viewer) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens Solid Edge Viewer. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: November 03, 2020 38316: ZDI-CAN-11922: Zero Day Initiative Vulnerability (Siemens Solid Edge Viewer) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens Solid Edge Viewer. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: November 03, 2020 38317: ZDI-CAN-11938: Zero Day Initiative Vulnerability (Siemens Solid Edge Viewer) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens Solid Edge Viewer. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: November 03, 2020 38318: ZDI-CAN-11939: Zero Day Initiative Vulnerability (Siemens Solid Edge Viewer) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens Solid Edge Viewer. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: November 03, 2020 38319: ZDI-CAN-11941: Zero Day Initiative Vulnerability (Siemens Solid Edge Viewer) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens Solid Edge Viewer. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: November 03, 2020 38320: ZDI-CAN-11942: Zero Day Initiative Vulnerability (Siemens Solid Edge Viewer) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens Solid Edge Viewer. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: November 03, 2020 38321: ZDI-CAN-11944: Zero Day Initiative Vulnerability (Siemens Solid Edge Viewer) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens Solid Edge Viewer. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: November 03, 2020 38322: ZDI-CAN-11946: Zero Day Initiative Vulnerability (Siemens Solid Edge Viewer) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens Solid Edge Viewer. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: November 03, 2020 38323: ZDI-CAN-11948: Zero Day Initiative Vulnerability (Siemens Solid Edge Viewer) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens Solid Edge Viewer. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: November 03, 2020 38324: ZDI-CAN-11950: Zero Day Initiative Vulnerability (Siemens Solid Edge Viewer) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens Solid Edge Viewer. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: November 03, 2020 38325: ZDI-CAN-11953: Zero Day Initiative Vulnerability (Siemens Solid Edge Viewer) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens Solid Edge Viewer. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: November 03, 2020 38326: ZDI-CAN-11957: Zero Day Initiative Vulnerability (Siemens Solid Edge Viewer) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens Solid Edge Viewer. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: November 03, 2020 38327: ZDI-CAN-11958: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Adobe Acrobat Pro DC. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: November 03, 2020 38328: ZDI-CAN-11962: Zero Day Initiative Vulnerability (Siemens Solid Edge Viewer) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens Solid Edge Viewer. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: November 03, 2020 38329: ZDI-CAN-11972: Zero Day Initiative Vulnerability (Siemens JT2Go) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens JT2Go. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: November 03, 2020 38330: ZDI-CAN-11975: Zero Day Initiative Vulnerability (Microsoft JET Database) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Microsoft JET Database. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: November 03, 2020 38331: ZDI-CAN-11986: Zero Day Initiative Vulnerability (Siemens JT2Go) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens JT2Go. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: November 03, 2020 38332: ZDI-CAN-11994: Zero Day Initiative Vulnerability (Siemens JT2Go) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens JT2Go. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: November 03, 2020 38333: ZDI-CAN-11995: Zero Day Initiative Vulnerability (Fatek Automation FvDesigner) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Fatek Automation FvDesigner. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: November 03, 2020 38334: ZDI-CAN-11996: Zero Day Initiative Vulnerability (Fatek Automation FvDesigner) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Fatek Automation FvDesigner. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: November 03, 2020 38335: ZDI-CAN-11997: Zero Day Initiative Vulnerability (Fatek Automation FvDesigner) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Fatek Automation FvDesigner. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: November 03, 2020 38336: ZDI-CAN-11998: Zero Day Initiative Vulnerability (Fatek Automation FvDesigner) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Fatek Automation FvDesigner. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: November 03, 2020 38337: ZDI-CAN-11999: Zero Day Initiative Vulnerability (Fatek Automation FvDesigner) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Fatek Automation FvDesigner. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: November 03, 2020 38338: ZDI-CAN-12014: Zero Day Initiative Vulnerability (Siemens JT2Go) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens JT2Go. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: November 03, 2020 38339: ZDI-CAN-12015: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Adobe Acrobat Pro DC. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: November 03, 2020 38340: ZDI-CAN-12017: Zero Day Initiative Vulnerability (Siemens JT2Go) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens JT2Go. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: November 03, 2020 38341: ZDI-CAN-12020: Zero Day Initiative Vulnerability (Microsoft Windows) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Microsoft Windows. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: November 03, 2020 38343: ZDI-CAN-12054: Zero Day Initiative Vulnerability (Siemens SINEC NMS) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens SINEC NMS. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: November 03, 2020 38344: ZDI-CAN-12067: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Adobe Acrobat Pro DC. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: November 03, 2020 38345: ZDI-CAN-12071: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Adobe Acrobat Pro DC. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: November 03, 2020 38346: ZDI-CAN-12072: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Adobe Acrobat Pro DC. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: November 03, 2020 38347: ZDI-CAN-12074: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Adobe Acrobat Pro DC. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: November 03, 2020 38348: ZDI-CAN-12076: Zero Day Initiative Vulnerability (Autodesk AutoCAD) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Autodesk AutoCAD. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: November 03, 2020 38349: ZDI-CAN-12077: Zero Day Initiative Vulnerability (Autodesk AutoCAD) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Autodesk AutoCAD. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: November 03, 2020 38350: ZDI-CAN-12094: Zero Day Initiative Vulnerability (Autodesk AutoCAD) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Autodesk AutoCAD. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: November 03, 2020 38351: ZDI-CAN-12101: Zero Day Initiative Vulnerability (Apache Tapestry) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Apache Tapestry. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: November 03, 2020 38352: ZDI-CAN-12117: Zero Day Initiative Vulnerability (Autodesk AutoCAD) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Autodesk AutoCAD. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: November 03, 2020 38353: ZDI-CAN-12118: Zero Day Initiative Vulnerability (Autodesk AutoCAD) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Autodesk AutoCAD. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: November 03, 2020 38354: ZDI-CAN-12119: Zero Day Initiative Vulnerability (Autodesk AutoCAD) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Autodesk AutoCAD. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: November 03, 2020 38355: ZDI-CAN-12122: Zero Day Initiative Vulnerability (NETGEAR ProSAFE NMS) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Multiple NETGEAR ProSAFE NMS. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: November 03, 2020 38356: ZDI-CAN-12150: Zero Day Initiative Vulnerability (Autodesk AutoCAD) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Autodesk AutoCAD. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: November 03, 2020 38357: ZDI-CAN-12162: Zero Day Initiative Vulnerability (Microsoft Windows) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Microsoft Windows. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: November 03, 2020 38358: ZDI-CAN-12169: Zero Day Initiative Vulnerability (Microsoft Windows) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Microsoft Windows. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: November 03, 2020 38359: ZDI-CAN-12181: Zero Day Initiative Vulnerability (Autodesk AutoCAD) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Autodesk AutoCAD. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: November 03, 2020 38360: HTTP: Nmap Escape Character Service Scan Routine (ATT&CK T1046,T1018,T1007) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Moderate - Description: This filter detects the Nmap Escape Character Service Scan Routine. - Deployment: Not enabled by default in any deployment. - Classification: Security Policy - Forbidden Application Access or Service Request - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: November 03, 2020 38361: HTTP: Nagios XI CCM admin_views.inc.php File Overwrite Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: High - Description: This filter detects an attempt to exploit a file overwrite vulnerability in Nagios XI CCM. - Deployments: - Deployment: Security-Optimized (Block / Notify) - Classification: Vulnerability - Other - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: November 03, 2020 38365: HTTP: Nitro Pro PDF Object Stream Parsing Integer Overflow Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit an integer overflow vulnerability in Nitro Pro PDF. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2020-6113 - Classification: Vulnerability - Buffer/Heap Overflow - Protocol: HTTP - Platform: Windows Client Application - Release Date: November 03, 2020 38368: ZDI-CAN-12085: Zero Day Initiative Vulnerability (Apache Struts) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models. - Category: Vulnerabilities - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Apache Struts. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: November 03, 2020 38369: HTTP: Apache SkyWalking GraphQL Protocol SQL Injection Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a SQL injection vulnerability in Apache SkyWalking. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2020-9483 - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: November 03, 2020 38370: HTTP: Apache SkyWalking Alarm WildcardSearch GraphQL SQL Injection Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a SQL injection vulnerability in Apache SkyWalking. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2020-13921 - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: November 03, 2020 38371: HTTP: Yaws Web Server XML External Entity Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit an XML external entity vulnerability in Yaws Web Server. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2020-24379 - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: November 03, 2020 38372: HTTP: Mida eFramework OS Command Injection Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit an OS command injection vulnerability in Mida eFramework. - Deployment: Not enabled by default in any deployment. - References: - Common Vulnerabilities and Exposures: CVE-2020-15920 - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: November 03, 2020 38373: HTTP: Dasan GPON Home Router Command Injection Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a command injection vulnerability in Dasan GPON Home Routers. - Deployments: - Deployment: Security-Optimized (Block / Notify) - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: Networked Hardware Device Application or Service - Release Date: November 03, 2020 Modified Filters (logic changes): * = Enabled in Default deployments * 4910: HTTP: Malicious ASX File Download - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Release Date: December 12, 2006 - Last Modified Date: November 03, 2020 28380: HTTP: Jenkins CI Server Cross-Site Request Forgery Vulnerability - IPS Version: 3.1.3 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Detection logic updated. - Release Date: June 06, 2017 - Last Modified Date: November 03, 2020 37169: HTTP: IBM Spectrum Protect Plus timezone Command Injection Vulnerability (ZDI-20-342) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37169: ZDI-CAN-9753: Zero Day Initiative Vulnerability (IBM Spectrum Protect Plus)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: February 25, 2020 - Last Modified Date: November 03, 2020 37568: HTTP: Delta Industrial Automation TPEditor TPE Out-Of-Bounds Read Vulnerability (ZDI-20-961) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37568: ZDI-CAN-10128: Zero Day Initiative Vulnerability (Delta Industrial Automation TPEditor)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: April 14, 2020 - Last Modified Date: November 03, 2020 37571: HTTP: Delta Industrial Automation TPEditor Buffer Overflow Vulnerability (ZDI-20-962) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37571: ZDI-CAN-10130: Zero Day Initiative Vulnerability (Delta Industrial Automation TPEditor)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: April 14, 2020 - Last Modified Date: November 03, 2020 37576: HTTP: Marvell QConvergeConsole setAppFileBytes Directory Traversal (ZDI-20-971, ZDI-20-972) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37576: ZDI-CAN-10549-50: Zero Day Initiative Vulnerability (Hewlett Packard Enterprise Storage)". - Category changed from "Exploits" to "Vulnerabilities". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: April 14, 2020 - Last Modified Date: November 03, 2020 37577: HTTP: Marvell QConvergeConsole getFileFromURL Unrestricted File Upload Vulnerability (ZDI-20-973) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37577: ZDI-CAN-10553: Zero Day Initiative Vulnerability (Hewlett Packard Enterprise Storage)". - Category changed from "Exploits" to "Vulnerabilities". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: April 14, 2020 - Last Modified Date: November 03, 2020 37578: HTTP: Marvell QConvergeConsole writeObjectToConfigFile Directory Traversal Vulnerability(ZDI-20-974) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37578: ZDI-CAN-10565: Zero Day Initiative Vulnerability (Hewlett Packard Enterprise Storage)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: April 14, 2020 - Last Modified Date: November 03, 2020 37603: HTTP: Fuji Electric Tellus Lite V-Simulator 6 V9 Buffer Overflow Vulnerability (ZDI-20-1115) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37603: ZDI-CAN-10735: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite V-Simulator 6)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: April 14, 2020 - Last Modified Date: November 03, 2020 37606: HTTP: Fuji Electric Tellus Lite V-Simulator 6 V9 Buffer Overflow Vulnerability (ZDI-20-1117) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37606: ZDI-CAN-10737: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite V-Simulator 6)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: April 14, 2020 - Last Modified Date: November 03, 2020 37702: HTTP: Fuji Electric Tellus Lite V-Simulator 5,6 Buffer Overflow Vulnerability (ZDI-20-1188,1184) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37702: ZDI-CAN-10931: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite V-Simulator 6)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: May 05, 2020 - Last Modified Date: November 03, 2020 37735: HTTP: Fuji Electric Tellus Lite V-Simulator 5 V8 File Buffer Overflow Vulnerability (ZDI-20-1189) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37735: ZDI-CAN-10906: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite V-Simulator 5)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: May 12, 2020 - Last Modified Date: November 03, 2020 37738: HTTP: Fuji Electric Tellus Lite V-Simulator 5 V8 File Buffer Overflow Vulnerability (ZDI-20-1191) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37738: ZDI-CAN-10928: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite V-Simulator 5)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: May 12, 2020 - Last Modified Date: November 03, 2020 38302: HTTP: FreeType Library Font File Buffer Overflow Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "38302: HTTP: Google Chrome FreeType Library Font File Buffer Overflow Vulnerability". - Description updated. - Detection logic updated. - Release Date: October 27, 2020 - Last Modified Date: November 03, 2020 Modified Filters (metadata changes only): None Removed Filters: 37580: ZDI-CAN-10610: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite V-Simulator 6) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Release Date: April 14, 2020Top of the Page