Summary
Digital Vaccine #9481 December 8, 2020
Details
Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs. New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com. SMS customers can update the Digital Vaccine through the SMS client. From the top-line menu, you can open the "File > Download Digital Vaccine from TMC" menu item to detect and load the latest update. |
System Requirements |
The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above, all NGFW, and all TPS systems. The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance. Please note that vTPS does not currently support pre-disclosed ZDI filters. |
Microsoft Security Bulletins This DV includes coverage for the Microsoft vulnerabilities released on or before December 8, 2020. The following table maps TippingPoint filters to the Microsoft CVEs. | ||
CVE | Filter | Status |
CVE-2020-16958 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-16959 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-16960 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-16961 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-16962 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-16963 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-16964 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-16971 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-16996 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-17002 | Insufficient Information to Reproduce | |
CVE-2020-17089 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-17092 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-17094 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-17095 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-17096 | 38557 | |
CVE-2020-17097 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-17098 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-17099 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-17103 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-17115 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-17117 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-17118 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-17119 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-17120 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-17121 | 38566 | |
CVE-2020-17122 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-17123 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-17124 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-17125 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-17126 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-17127 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-17128 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-17129 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-17130 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-17131 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-17132 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-17133 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-17134 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-17135 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-17136 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-17137 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-17138 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-17139 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-17140 | 38564 | |
CVE-2020-17141 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-17142 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-17143 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-17144 | 38547 | |
CVE-2020-17145 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-17147 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-17148 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-17150 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-17152 | 38568 | |
CVE-2020-17153 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-17156 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-17159 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2020-17160 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
Filters marked with * shipped prior to this DV, providing zero-day protection. |
The Digital Vaccine can be manually downloaded from the following URLs: https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9481.pkg https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9481.pkg |
Update Details
Table of Contents
--------------------------
Filters
New Filters - 29
Modified Filters (logic changes) - 10
Modified Filters (metadata changes only) - 2
Removed Filters - 0
Filters
----------------
New Filters: 38514: HTTP: Huawei HG532 Router Directory Traversal Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: High - Description: This filter detects an attempt to exploit a directory traversal vulnerability in Huawei HG532 Routers. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2015-7254 - Classification: Vulnerability - Other - Protocol: HTTP - Platform: Multi-Platform Client Application - Release Date: December 08, 2020 38519: HTTP: Zoho ManageEngine Applications Manager RulesConstructor.jsp SQL Injection Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a SQL injection vulnerability in Zoho ManageEngine Applications Manager. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2020-16267 - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: December 08, 2020 38526: ZDI-CAN-12001: Zero Day Initiative Vulnerability (Fatek Automation PLC) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Fatek Automation PLC. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: December 08, 2020 38527: ZDI-CAN-12095: Zero Day Initiative Vulnerability (Advantech iView) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter protects against exploitation of a zero-day vulnerability affecting Advantech iView. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: December 08, 2020 38528: ZDI-CAN-12096: Zero Day Initiative Vulnerability (Advantech iView) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter protects against exploitation of a zero-day vulnerability affecting Advantech iView. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: December 08, 2020 38529: ZDI-CAN-12099: Zero Day Initiative Vulnerability (Advantech WebAccess/HMI Designer) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against exploitation of a zero-day vulnerability affecting Advantech WebAccess/HMI Designer. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: December 08, 2020 38530: ZDI-CAN-12139: Zero Day Initiative Vulnerability (SAP 3D Visual Enterprise Viewer) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against exploitation of a zero-day vulnerability affecting SAP 3D Visual Enterprise Viewer. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: December 08, 2020 38531: ZDI-CAN-12272: Zero Day Initiative Vulnerability (Advantech WebAccess/HMI Designer) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against exploitation of a zero-day vulnerability affecting Advantech WebAccess/HMI Designer. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: December 08, 2020 38532: ZDI-CAN-12274: Zero Day Initiative Vulnerability (Advantech WebAccess/HMI Designer) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against exploitation of a zero-day vulnerability affecting Advantech WebAccess/HMI Designer. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: December 08, 2020 38536: ZDI-CAN-12490: Zero Day Initiative Vulnerability (Esri ArcReader) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against exploitation of a zero-day vulnerability affecting Esri ArcReader. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: December 08, 2020 38538: TLS: GitHub Large File Storage Usage - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Low - Description: This filter detects an attempt to authenticate to GitHub Large File Storage (LFS). - Deployment: Not enabled by default in any deployment. - References: - Common Vulnerabilities and Exposures: CVE-2020-27955 - Classification: Security Policy - Other - Protocol: SSL/TLS - Platform: Multi-Platform Client Application - Release Date: December 08, 2020 38539: HTTP: Atlassian Jira Server and Data CenterViewUserHover.jspa Information Disclosure Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: High - Description: This filter detects an attempt to exploit an information disclosure vulnerability in Atlassian Jira. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2020-14181 - Classification: Vulnerability - Access Validation - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: December 08, 2020 38540: HTTP: ManageEngine Password Manager Pro SQL Injection Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a SQL Injection vulnerability in ManageEngine Password Manager Pro. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2014-8499 - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: December 08, 2020 38547: HTTP: Microsoft Exchange Memory Corruption Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Exchange Server. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2020-17144 - Classification: Vulnerability - Other - Protocol: HTTP - Platform: Windows Server Application or Service - Release Date: December 08, 2020 38548: HTTP: Cisco Security Manager SecretService.jsp Insecure Deserialization Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit an insecure deserialization vulnerability in Cisco Security Manager. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2020-27131 - Classification: Vulnerability - Other - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: December 08, 2020 38549: HTTP: Cisco Security Manager CsJaasServiceServlet Request - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Low - Description: This filter detects an HTTP request to the CsJaasServiceServlet endpoint in Cisco Security Manager. - Deployment: Not enabled by default in any deployment. - References: - Common Vulnerabilities and Exposures: CVE-2020-27131 - Classification: Security Policy - Other - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: December 08, 2020 38550: HTTP: Cisco Security Manager JMRI Request - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Low - Description: This filter detects a JRMI request to multiple endpoints in Cisco Security Manager. - Deployment: Not enabled by default in any deployment. - Classification: Security Policy - Other - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: December 08, 2020 38551: HTTP: Cisco Security Manager CTMServlet Insecure Deserialization Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit an insecure deserialization vulnerability in Cisco Security Manager. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2020-27131 - Classification: Vulnerability - Other - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: December 08, 2020 38553: HTTP: Cisco Security Manager Directory Traversal Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: High - Description: This filter detects an attempt to exploit a directory traversal vulnerability in Cisco Security Manager. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2020-27130 - Classification: Vulnerability - Other - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: December 08, 2020 38554: HTTP: Cisco Security Manager XmpFileUploadServlet Upload Request - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Low - Description: This filter detects a file upload request to the XmpFileUploadServlet endpoint in Cisco Security Manager. - Deployment: Not enabled by default in any deployment. - References: - Common Vulnerabilities and Exposures: CVE-2020-27130 - Classification: Security Policy - Other - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: December 08, 2020 38555: HTTP: Cisco Security Manager downloadDirectory Directory Traversal Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: High - Description: This filter detects an attempt to exploit a directory traversal vulnerability in Cisco Security Manager. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2020-27130 - Classification: Security Policy - Other - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: December 08, 2020 38556: HTTP: Cisco Security Manager resultsFrame.jsp Directory Traversal Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: High - Description: This filter detects an attempt to exploit a directory traversal vulnerability in Cisco Security Manager. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2020-27130 - Classification: Vulnerability - Other - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: December 08, 2020 38557: SMB: Windows SMB NTLMSSP Buffer Overflow Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Windows SMB. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2020-17096 - Classification: Vulnerability - Buffer/Heap Overflow - Protocol: SMB - Platform: Windows Client Application - Release Date: December 08, 2020 38563: RADMIN: Famtech Remote Administrator (Remote Control Session Setup) (ATT&CK T1219) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Low - Description: This filter detects a connection to Famtech's Remote Administrator application, commonly known as Radmin. - Deployment: Not enabled by default in any deployment. - Classification: Security Policy - Forbidden Application Access or Service Request - Protocol: TCP (Generic) - Platform: Windows Client Application - Release Date: December 08, 2020 38564: SMB: SMB2 Stream File Rename Usage - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Moderate - Description: This filter detects the usage of the SM2_FILE_RENAME_INFO functionality to rename a named data stream associated with a file. - Deployment: Not enabled by default in any deployment. - References: - Common Vulnerabilities and Exposures: CVE-2020-17140 CVSS 5.9 - Classification: Security Policy - Other - Protocol: SMB - Platform: Windows Server Application or Service - Release Date: December 08, 2020 38565: HTTP: Adobe Acrobat and Reader form Field Format Use After Free Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Adobe Acrobat and Reader. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2020-24437 - Classification: Vulnerability - Other - Protocol: HTTP - Platform: Multi-Platform Client Application - Release Date: December 08, 2020 38566: HTTP: Microsoft SharePoint importWeb Content Migration Package (CMP) Request - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Moderate - Description: This filter detects an attempt to import a Content Migration Package (CMP) file in Microsoft SharePoint. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2020-17121 - Classification: Security Policy - Other - Protocol: HTTP - Platform: Windows Server Application or Service - Release Date: December 08, 2020 38568: HTTP: Dynamics365 Finance ServiceDataWrapper Insecure Deserialization Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit an insecure deserialization vulnerability in Dynamics365 Finance. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2020-17152 - Classification: Vulnerability - Other - Protocol: HTTP - Platform: Other Server Application or Service - Release Date: December 08, 2020 38602: HTTP: Adobe Acrobat Data Exfiltration Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: High - Description: This filter detects an attempt to exploit a data exfiltration vulnerability in Adobe Acrobat. - Deployments: - Deployment: Security-Optimized (Block / Notify) - Classification: Vulnerability - Other - Protocol: HTTP - Platform: Multi-Platform Client Application - Release Date: December 08, 2020 Modified Filters (logic changes): * = Enabled in Default deployments 4405: RADMIN: Famtech Remote Administrator (Initialization) (ATT&CK T1219) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "4405: RADMIN: Famtech Remote Administrator (ATT&CK T1219)". - Description updated. - Detection logic updated. - Release Date: May 23, 2006 - Last Modified Date: December 08, 2020 37584: HTTP: Advantech iView NetworkServlet Improper Input Validation Vulnerability (ZDI-20-834) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37584: ZDI-CAN-10646: Zero Day Initiative Vulnerability (Advantech iView)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: April 14, 2020 - Last Modified Date: December 08, 2020 37600: HTTP: Advantech iView TaskEditDeviceTable SQL Injection Vulnerability (ZDI-20-864,866,868,869) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37600: ZDI-CAN-10706-07,16: Zero Day Initiative Vulnerability (Advantech iView)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: April 14, 2020 - Last Modified Date: December 08, 2020 37650: HTTP: HPE Pay per use UCS Meter ReceiverServlet doPost Directory Traversal (ZDI-20-1097) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37650: ZDI-CAN-10601: Zero Day Initiative Vulnerability (Hewlett Packard Enterprise UCS Meter)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: April 28, 2020 - Last Modified Date: December 08, 2020 37691: HTTP: Advantech iView LinksTable deleteLinks SQL Injection Vulnerability(ZDI-20-827,833,835-838,857) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37691: ZDI-CAN-10627-29,33-34,55-58,60: Zero Day Initiative Vulnerability (Advantech iView)". - Severity changed from "Critical" to "High". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: May 05, 2020 - Last Modified Date: December 08, 2020 37893: HTTP: WECON PLC Editor WCP File Parsing Buffer Overflow Vulnerability (ZDI-20-1358) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37893: ZDI-CAN-11185: Zero Day Initiative Vulnerability (WECON LeviStudioU)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: July 28, 2020 - Last Modified Date: December 08, 2020 37894: HTTP: WECON PLC Editor WCP File Parsing Buffer Overflow Vulnerability (ZDI-20-1359) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37894: ZDI-CAN-11186: Zero Day Initiative Vulnerability (WECON PLC Editor)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: July 28, 2020 - Last Modified Date: December 08, 2020 37895: HTTP: WECON PLC Editor WCP File Parsing Buffer Overflow Vulnerability (ZDI-20-1360) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37895: ZDI-CAN-11187: Zero Day Initiative Vulnerability (WECON PLC Editor)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: July 28, 2020 - Last Modified Date: December 08, 2020 37949: HTTP: HPE Universal API Framework uaf_token SQL Injection Vulnerability (ZDI-20-1208) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37949: ZDI-CAN-11502: Zero Day Initiative Vulnerability (Hewlett Packard Enterprise Universal API)". - Severity changed from "Critical" to "High". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: August 11, 2020 - Last Modified Date: December 08, 2020 38455: PWN2OWN ZDI-CAN-12216: Zero Day Initiative Vulnerability (Netgear Nighthawk R7800) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Detection logic updated. - Release Date: November 10, 2020 - Last Modified Date: December 08, 2020 Modified Filters (metadata changes only): * = Enabled in Default deployments 24705: TCP: ysoserial Java Deserialization Tool Usage (ZDI-17-953) - IPS Version: 3.1.3 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Vulnerability references updated. - Release Date: July 05, 2016 - Last Modified Date: December 08, 2020 38235: MS-NRPC: Microsoft Windows NetrServerAuthenticate Request - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Release Date: September 29, 2020 - Last Modified Date: December 08, 2020 Removed Filters: NoneTop of the Page