Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Digital Vaccine #9481

    • Updated:
    • 9 Dec 2020
    • Product/Version:
    • TippingPoint Digital Vaccine
    • Platform:
Summary
Digital Vaccine #9481      December 8, 2020
Details
Public
Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs.

New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com.

SMS customers can update the Digital Vaccine through the SMS client. From the top-line menu, you can open the "File > Download Digital Vaccine from TMC" menu item to detect and load the latest update.
 
System Requirements
The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above,  all NGFW, and all TPS systems. The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance. Please note that vTPS does not currently support pre-disclosed ZDI filters.
 
Microsoft Security Bulletins
This DV includes coverage for the Microsoft vulnerabilities released on or before December 8, 2020. The following table maps TippingPoint filters to the Microsoft CVEs.
CVEFilterStatus
CVE-2020-16958 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16959 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16960 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16961 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16962 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16963 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16964 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16971 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16996 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17002 Insufficient Information to Reproduce
CVE-2020-17089 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17092 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17094 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17095 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1709638557 
CVE-2020-17097 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17098 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17099 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17103 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17115 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17117 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17118 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17119 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17120 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1712138566 
CVE-2020-17122 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17123 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17124 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17125 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17126 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17127 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17128 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17129 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17130 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17131 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17132 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17133 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17134 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17135 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17136 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17137 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17138 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17139 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1714038564 
CVE-2020-17141 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17142 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17143 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1714438547 
CVE-2020-17145 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17147 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17148 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17150 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1715238568 
CVE-2020-17153 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17156 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17159 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17160 Vendor Deemed Reproducibility or Exploitation Unlikely
Filters marked with * shipped prior to this DV, providing zero-day protection.
 
The Digital Vaccine can be manually downloaded from the following URLs:
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9481.pkg
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9481.pkg

Update Details

Table of Contents
--------------------------

Filters
 New Filters - 29
 Modified Filters (logic changes) - 10
 Modified Filters (metadata changes only) - 2
 Removed Filters - 0

Filters
----------------
  New Filters: 

    38514: HTTP: Huawei HG532 Router Directory Traversal Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter detects an attempt to exploit a directory traversal vulnerability in Huawei HG532 Routers.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2015-7254
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application
      - Release Date: December 08, 2020

    38519: HTTP: Zoho ManageEngine Applications Manager RulesConstructor.jsp SQL Injection Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a SQL injection vulnerability in Zoho ManageEngine Applications Manager.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-16267
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: December 08, 2020

    38526: ZDI-CAN-12001: Zero Day Initiative Vulnerability (Fatek Automation PLC)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Fatek Automation PLC.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: December 08, 2020

    38527: ZDI-CAN-12095: Zero Day Initiative Vulnerability (Advantech iView)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter protects against exploitation of a zero-day vulnerability affecting Advantech iView.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: December 08, 2020

    38528: ZDI-CAN-12096: Zero Day Initiative Vulnerability (Advantech iView)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter protects against exploitation of a zero-day vulnerability affecting Advantech iView.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: December 08, 2020

    38529: ZDI-CAN-12099: Zero Day Initiative Vulnerability (Advantech WebAccess/HMI Designer)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against exploitation of a zero-day vulnerability affecting Advantech WebAccess/HMI Designer.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: December 08, 2020

    38530: ZDI-CAN-12139: Zero Day Initiative Vulnerability (SAP 3D Visual Enterprise Viewer)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against exploitation of a zero-day vulnerability affecting SAP 3D Visual Enterprise Viewer.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: December 08, 2020

    38531: ZDI-CAN-12272: Zero Day Initiative Vulnerability (Advantech WebAccess/HMI Designer)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against exploitation of a zero-day vulnerability affecting Advantech WebAccess/HMI Designer.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: December 08, 2020

    38532: ZDI-CAN-12274: Zero Day Initiative Vulnerability (Advantech WebAccess/HMI Designer)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against exploitation of a zero-day vulnerability affecting Advantech WebAccess/HMI Designer.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: December 08, 2020

    38536: ZDI-CAN-12490: Zero Day Initiative Vulnerability (Esri ArcReader)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against exploitation of a zero-day vulnerability affecting Esri ArcReader.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: December 08, 2020

    38538: TLS: GitHub Large File Storage Usage
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects an attempt to authenticate to GitHub Large File Storage (LFS).
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-27955
      - Classification: Security Policy - Other
      - Protocol: SSL/TLS
      - Platform: Multi-Platform Client Application
      - Release Date: December 08, 2020

    38539: HTTP: Atlassian Jira Server and Data CenterViewUserHover.jspa Information Disclosure Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter detects an attempt to exploit an information disclosure vulnerability in Atlassian Jira.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-14181
      - Classification: Vulnerability - Access Validation
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: December 08, 2020

    38540: HTTP: ManageEngine Password Manager Pro SQL Injection Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a SQL Injection vulnerability in ManageEngine Password Manager Pro.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2014-8499
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: December 08, 2020

    38547: HTTP: Microsoft Exchange Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Exchange Server.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-17144
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Windows Server Application or Service
      - Release Date: December 08, 2020

    38548: HTTP: Cisco Security Manager SecretService.jsp Insecure Deserialization Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an insecure deserialization vulnerability in Cisco Security Manager.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-27131
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: December 08, 2020

    38549: HTTP: Cisco Security Manager CsJaasServiceServlet Request
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects an HTTP request to the CsJaasServiceServlet endpoint in Cisco Security Manager.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-27131
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: December 08, 2020

    38550: HTTP: Cisco Security Manager JMRI Request
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects a JRMI request to multiple endpoints in Cisco Security Manager.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: December 08, 2020

    38551: HTTP: Cisco Security Manager CTMServlet Insecure Deserialization Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an insecure deserialization vulnerability in Cisco Security Manager.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-27131
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: December 08, 2020

    38553: HTTP: Cisco Security Manager Directory Traversal Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter detects an attempt to exploit a directory traversal vulnerability in Cisco Security Manager.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-27130
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: December 08, 2020

    38554: HTTP: Cisco Security Manager XmpFileUploadServlet Upload Request
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects a file upload request to the XmpFileUploadServlet endpoint in Cisco Security Manager.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-27130
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: December 08, 2020

    38555: HTTP: Cisco Security Manager downloadDirectory Directory Traversal Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter detects an attempt to exploit a directory traversal vulnerability in Cisco Security Manager.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-27130
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: December 08, 2020

    38556: HTTP: Cisco Security Manager resultsFrame.jsp Directory Traversal Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter detects an attempt to exploit a directory traversal vulnerability in Cisco Security Manager.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-27130
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: December 08, 2020

    38557: SMB: Windows SMB NTLMSSP Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Windows SMB.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-17096
      - Classification: Vulnerability - Buffer/Heap Overflow
      - Protocol: SMB
      - Platform: Windows Client Application
      - Release Date: December 08, 2020

    38563: RADMIN: Famtech Remote Administrator (Remote Control Session Setup) (ATT&CK T1219)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects a connection to Famtech's Remote Administrator application, commonly known as Radmin.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Forbidden Application Access or Service Request
      - Protocol: TCP (Generic)
      - Platform: Windows Client Application
      - Release Date: December 08, 2020

    38564: SMB: SMB2 Stream File Rename Usage
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Moderate
      - Description: This filter detects the usage of the SM2_FILE_RENAME_INFO functionality to rename a named data stream associated with a file.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-17140 CVSS 5.9
      - Classification: Security Policy - Other
      - Protocol: SMB
      - Platform: Windows Server Application or Service
      - Release Date: December 08, 2020

    38565: HTTP: Adobe Acrobat and Reader form Field Format Use After Free Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Adobe Acrobat and Reader.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-24437
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application
      - Release Date: December 08, 2020

    38566: HTTP: Microsoft SharePoint importWeb Content Migration Package (CMP) Request
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Moderate
      - Description: This filter detects an attempt to import a Content Migration Package (CMP) file in Microsoft SharePoint.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-17121
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Windows Server Application or Service
      - Release Date: December 08, 2020

    38568: HTTP: Dynamics365 Finance ServiceDataWrapper Insecure Deserialization Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an insecure deserialization vulnerability in Dynamics365 Finance.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-17152
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Other Server Application or Service
      - Release Date: December 08, 2020

    38602: HTTP: Adobe Acrobat Data Exfiltration Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter detects an attempt to exploit a data exfiltration vulnerability in Adobe Acrobat.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application
      - Release Date: December 08, 2020

  Modified Filters (logic changes):
    * = Enabled in Default deployments

    4405: RADMIN: Famtech Remote Administrator (Initialization) (ATT&CK T1219)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "4405: RADMIN: Famtech Remote Administrator (ATT&CK T1219)".
      - Description updated.
      - Detection logic updated.
      - Release Date: May 23, 2006
      - Last Modified Date: December 08, 2020

    37584: HTTP: Advantech iView NetworkServlet Improper Input Validation Vulnerability (ZDI-20-834)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37584: ZDI-CAN-10646: Zero Day Initiative Vulnerability (Advantech iView)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: April 14, 2020
      - Last Modified Date: December 08, 2020

    37600: HTTP: Advantech iView TaskEditDeviceTable SQL Injection Vulnerability (ZDI-20-864,866,868,869)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37600: ZDI-CAN-10706-07,16: Zero Day Initiative Vulnerability (Advantech iView)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: April 14, 2020
      - Last Modified Date: December 08, 2020

    37650: HTTP: HPE Pay per use UCS Meter ReceiverServlet doPost Directory Traversal (ZDI-20-1097)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37650: ZDI-CAN-10601: Zero Day Initiative Vulnerability (Hewlett Packard Enterprise UCS Meter)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: April 28, 2020
      - Last Modified Date: December 08, 2020

    37691: HTTP: Advantech iView LinksTable deleteLinks SQL Injection Vulnerability(ZDI-20-827,833,835-838,857)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37691: ZDI-CAN-10627-29,33-34,55-58,60: Zero Day Initiative Vulnerability (Advantech iView)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: May 05, 2020
      - Last Modified Date: December 08, 2020

    37893: HTTP: WECON PLC Editor WCP File Parsing Buffer Overflow Vulnerability (ZDI-20-1358)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37893: ZDI-CAN-11185: Zero Day Initiative Vulnerability (WECON LeviStudioU)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: July 28, 2020
      - Last Modified Date: December 08, 2020

    37894: HTTP: WECON PLC Editor WCP File Parsing Buffer Overflow Vulnerability (ZDI-20-1359)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37894: ZDI-CAN-11186: Zero Day Initiative Vulnerability (WECON PLC Editor)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: July 28, 2020
      - Last Modified Date: December 08, 2020

    37895: HTTP: WECON PLC Editor WCP File Parsing Buffer Overflow Vulnerability (ZDI-20-1360)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37895: ZDI-CAN-11187: Zero Day Initiative Vulnerability (WECON PLC Editor)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: July 28, 2020
      - Last Modified Date: December 08, 2020

    37949: HTTP: HPE Universal API Framework uaf_token SQL Injection Vulnerability (ZDI-20-1208)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37949: ZDI-CAN-11502: Zero Day Initiative Vulnerability (Hewlett Packard Enterprise Universal API)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: August 11, 2020
      - Last Modified Date: December 08, 2020

    38455: PWN2OWN ZDI-CAN-12216: Zero Day Initiative Vulnerability (Netgear Nighthawk R7800)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Detection logic updated.
      - Release Date: November 10, 2020
      - Last Modified Date: December 08, 2020

  Modified Filters (metadata changes only):
    * = Enabled in Default deployments

    24705: TCP: ysoserial Java Deserialization Tool Usage (ZDI-17-953)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Vulnerability references updated.
      - Release Date: July 05, 2016
      - Last Modified Date: December 08, 2020

    38235: MS-NRPC: Microsoft Windows NetrServerAuthenticate Request
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Release Date: September 29, 2020
      - Last Modified Date: December 08, 2020

  Removed Filters: None
      
Top of the Page
Premium
Internal
Partner
Rating:
Category:
Configure; Troubleshoot; Deploy
Solution Id:
TP000283096
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.