Summary
Digital Vaccine #9483 December 15, 2020
Details
Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs. New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com. SMS customers can update the Digital Vaccine through the SMS client. From the top-line menu, you can open the "File > Download Digital Vaccine from TMC" menu item to detect and load the latest update. |
System Requirements |
The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above, all NGFW, and all TPS systems. The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance. Please note that vTPS does not currently support pre-disclosed ZDI filters. |
The Digital Vaccine can be manually downloaded from the following URLs: https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9483.pkg https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9483.pkg |
Update Details
Table of Contents
--------------------------
Filters
New Filters - 41
Modified Filters (logic changes) - 8
Modified Filters (metadata changes only) - 4
Removed Filters - 0
Filters
----------------
New Filters: 38516: HTTP: Apache Unomi Code Execution Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a code execution vulnerability in Apache Unomi. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2020-13942 - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: December 15, 2020 38542: HTTP: WordPress Ultimate Member Elevated Privilege User Registration - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Moderate - Description: This filter detects the registration of a user with elevated privileges in WordPress Ultimate Member. - Deployment: Not enabled by default in any deployment. - Classification: Security Policy - Other - Protocol: HTTP - Platform: Other Server Application or Service - Release Date: December 15, 2020 38546: HTTP: WordPress Ultimate Member Role Parameter Supply Privilege Escalation Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Moderate - Description: This filter detects an attempt to exploit a privilege escalation vulnerability in the WordPress Ultimate Member plugin. - Deployment: Not enabled by default in any deployment. - Classification: Security Policy - Other - Protocol: HTTP - Platform: Other Server Application or Service - Release Date: December 15, 2020 38552: HTTP: WordPress Ultimate Member Profile Update Privilege Escalation Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Critical - Description: This filter detects an attempt to exploit a privilege escalation vulnerability in the WordPress Ultimate Member plugin. - Deployments: - Deployment: Default (Block / Notify) - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: December 15, 2020 38562: HTTP: Nagios Log Server Create_Snapshot Stored Cross-Site Scripting Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a cross-site scripting vulnerability in Nagios Log Server. - Deployments: - Deployment: Security-Optimized (Block / Notify) - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: December 15, 2020 38567: HTTP: IBM QRadar SIEM RemoteJavaScript Insecure Deserialization Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit an insecure deserialization vulnerability in IBM QRadar. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2020-4280 - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: December 15, 2020 38569: ZDI-CAN-12041: Zero Day Initiative Vulnerability (Siemens JT2Go) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens JT2Go. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: December 15, 2020 38570: ZDI-CAN-12043: Zero Day Initiative Vulnerability (Siemens JT2Go) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens JT2Go. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: December 15, 2020 38571: ZDI-CAN-12064: Zero Day Initiative Vulnerability (Siemens Solid Edge Viewer) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens Solid Edge Viewer. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: December 15, 2020 38572: ZDI-CAN-12084: Zero Day Initiative Vulnerability (Siemens Solid Edge Viewer) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens Solid Edge Viewer. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: December 15, 2020 38573: ZDI-CAN-12114: Zero Day Initiative Vulnerability (Microsoft Excel) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Microsoft Excel. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: December 15, 2020 38574: ZDI-CAN-12158: Zero Day Initiative Vulnerability (Siemens JT2Go) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens JT2Go. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: December 15, 2020 38575: ZDI-CAN-12163: Zero Day Initiative Vulnerability (Siemens JT2Go) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens JT2Go. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: December 15, 2020 38576: ZDI-CAN-12165: Zero Day Initiative Vulnerability (Siemens JT2Go) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens JT2Go. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: December 15, 2020 38577: ZDI-CAN-12168: Zero Day Initiative Vulnerability (Siemens JT2Go) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens JT2Go. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: December 15, 2020 38578: ZDI-CAN-12176: Zero Day Initiative Vulnerability (Siemens JT2Go) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens JT2Go. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: December 15, 2020 38579: ZDI-CAN-12178: Zero Day Initiative Vulnerability (Siemens JT2Go) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens JT2Go. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: December 15, 2020 38580: ZDI-CAN-12182: Zero Day Initiative Vulnerability (Siemens JT2Go) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens JT2Go. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: December 15, 2020 38581: ZDI-CAN-12187: Zero Day Initiative Vulnerability(Hewlett Packard Enterprise Network Orchestrator) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Hewlett Packard Enterprise Network Orchestrator. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: December 15, 2020 38582: ZDI-CAN-12208: Zero Day Initiative Vulnerability (Siemens JT2Go) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens JT2Go. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: December 15, 2020 38584: ZDI-CAN-12276: Zero Day Initiative Vulnerability (Advantech WebAccess/HMI Designer) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against exploitation of a zero-day vulnerability affecting Advantech WebAccess/HMI Designer. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: December 15, 2020 38585: ZDI-CAN-12280: Zero Day Initiative Vulnerability (Advantech WebAccess/HMI Designer) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against exploitation of a zero-day vulnerability affecting Advantech WebAccess/HMI Designer. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: December 15, 2020 38586: ZDI-CAN-12283: Zero Day Initiative Vulnerability (Siemens JT2Go) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens JT2Go. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: December 15, 2020 38587: ZDI-CAN-12343: Zero Day Initiative Vulnerability (Advantech iView) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter protects against exploitation of a zero-day vulnerability affecting Advantech iView. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: December 15, 2020 38588: ZDI-CAN-12344: Zero Day Initiative Vulnerability (Advantech iView) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter protects against exploitation of a zero-day vulnerability affecting Advantech iView. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: December 15, 2020 38593: ZDI-CAN-12440: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Adobe Acrobat Pro DC. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: December 15, 2020 38595: ZDI-CAN-12477: Zero Day Initiative Vulnerability (Advantech WebAccess/HMI Designer) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against exploitation of a zero-day vulnerability affecting Advantech WebAccess/HMI Designer. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: December 15, 2020 38596: ZDI-CAN-12485: Zero Day Initiative Vulnerability (Microsoft Excel) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Microsoft Excel. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: December 15, 2020 38597: ZDI-CAN-12548: Zero Day Initiative Vulnerability (Esri ArcReader) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter protects against exploitation of a zero-day vulnerability affecting Esri ArcReader. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: December 15, 2020 38598: ZDI-CAN-12580: Zero Day Initiative Vulnerability (Esri ArcReader) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against exploitation of a zero-day vulnerability affecting Esri ArcReader. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: December 15, 2020 38599: ZDI-CAN-12581: Zero Day Initiative Vulnerability (Esri ArcReader) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against exploitation of a zero-day vulnerability affecting Esri ArcReader. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: December 15, 2020 38603: HTTP: Nitro Pro PDF ICCBased ColorSpace Buffer Overflow Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Nitro Pro PDF. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2020-6146 - Classification: Vulnerability - Buffer/Heap Overflow - Protocol: HTTP - Platform: Windows Client Application - Release Date: December 15, 2020 38606: HTTP: InfinitumIT DirectAdmin Cross-Site Scripting Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a cross-site scripting vulnerability in InfinitumIT DirectAdmin. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2019-11193 - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: December 15, 2020 38607: HTTP: Zoho ManageEngine ServiceDesk Plus Arbitrary File Upload Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit an arbitrary upload vulnerability in Zoho ManageEngine ServiceDesk Plus. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2019-8394 - Classification: Vulnerability - Other - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: December 15, 2020 38608: HTTP: Trend Micro IWSVA Console CSRF Security Bypass Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: High - Description: This filter detects an attempt to exploit a CSRF vulnerability in Trend Micro IWSVA (InterScan Web Security Virtual Appliance) Console. - Deployments: - Deployment: Security-Optimized (Block / Notify) - Classification: Vulnerability - Other - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: December 15, 2020 38609: HTTP: .jsp Directory Traversal Usage - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Moderate - Description: This filter detects directory traversal via .. in conjunction with a .jsp file. - Deployments: - Deployment: Security-Optimized (Block / Notify) - Classification: Vulnerability - Access Validation - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: December 15, 2020 38614: HTTP: Trend Micro InterScan Web Security VA Arbitrary File Upload - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Low - Description: This filter detects the upload of a patch file to Trend Micro InterScan Web Security Virtual Appliance. - Deployment: Not enabled by default in any deployment. - Classification: Security Policy - Other - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: December 15, 2020 38615: HTTP: Trend Micro IWSVA Console Cross-Site-Scripting Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a cross-site-scripting vulnerability in Trend Micro IWSVA (InterScan Web Security Virtual Appliance) Console. - Deployments: - Deployment: Security-Optimized (Block / Notify) - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: December 15, 2020 38618: HTTP: Trend Micro InterScan Web Security VA Proxy Security Bypass Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: High - Description: This filter detects an attempt to exploit a security bypass vulnerability in Trend Micro InterScan Web Security Virtual Appliance. - Deployments: - Deployment: Security-Optimized (Block / Notify) - Classification: Vulnerability - Other - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: December 15, 2020 38619: HTTP: Trend Micro IWSVA Console Command Injection Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: High - Description: This filter detects an attempt to exploit an command injection vulnerability in Trend Micro IWSVA (InterScan Web Security Virtual Appliance) Console. - Deployments: - Deployment: Security-Optimized (Block / Notify) - Classification: Vulnerability - Access Validation - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: December 15, 2020 38624: HTTP: Apache Struts 2 Attribute Forced OGNL Evaluation Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a forced OGNL evaluation vulnerability in Apache Struts 2. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2020-17530 - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: Windows Server Application or Service - Release Date: December 15, 2020 Modified Filters (logic changes): * = Enabled in Default deployments 30392: HTTP: OMRON CX-One CX-Motion sscanf Buffer Overflow Vulnerability (ZDI-18-281) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Detection logic updated. - Release Date: February 13, 2018 - Last Modified Date: December 15, 2020 37654: HTTP: Delta Industrial Automation TPEditor TPE File Memory Corruption Vulnerability (ZDI-20-965) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37654: ZDI-CAN-10667: Zero Day Initiative Vulnerability (Delta Industrial Automation TPEditor)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: April 28, 2020 - Last Modified Date: December 15, 2020 37655: HTTP: Delta Industrial Automation TPEditor TPE File Parsing Code Execution Vulnerability(ZDI-20-964) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37655: ZDI-CAN-10726: Zero Day Initiative Vulnerability (Delta Industrial Automation TPEditor)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: April 28, 2020 - Last Modified Date: December 15, 2020 38008: HTTP: Fuji Electric V-Server Lite VPR File Parsing Out-Of-Bounds Write Vulnerability (ZDI-20-1384) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "38008: ZDI-CAN-11353: Zero Day Initiative Vulnerability (Fuji Electric V-Server Lite)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: August 18, 2020 - Last Modified Date: December 15, 2020 * 38191: HTTP: Microsoft PowerPoint PPTX File Use-After-Free Vulnerability (ZDI-20-1414) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "38191: ZDI-CAN-11894: Zero Day Initiative Vulnerability (Microsoft Office PowerPoint)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: September 29, 2020 - Last Modified Date: December 15, 2020 38215: HTTP: Microsoft Chakra LinearScan Memory Corruption Vulnerability (ZDI-20-1413) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "38215: ZDI-CAN-11906: Zero Day Initiative Vulnerability (Microsoft Chakra)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: October 06, 2020 - Last Modified Date: December 15, 2020 38368: ZDI-CAN-12085: Zero Day Initiative Vulnerability (Apache Struts) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models. - Detection logic updated. - Release Date: November 03, 2020 - Last Modified Date: December 15, 2020 38455: PWN2OWN ZDI-CAN-12216: Zero Day Initiative Vulnerability (Netgear Nighthawk R7800) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Detection logic updated. - Release Date: November 10, 2020 - Last Modified Date: December 15, 2020 Modified Filters (metadata changes only): * = Enabled in Default deployments 13855: TCP: XML External Entity (XXE) Usage - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Vulnerability references updated. - Release Date: April 28, 2014 - Last Modified Date: December 15, 2020 22622: HTTP: ThinkPHP Framework Code Injection Vulnerability - IPS Version: 3.1.3 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Miscellaneous modification. - Release Date: February 02, 2016 - Last Modified Date: December 15, 2020 38380: HTTP: Oracle WebLogic Server Remote Code Execution Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Vulnerability references updated. - Release Date: October 30, 2020 - Last Modified Date: December 15, 2020 38566: HTTP: Microsoft SharePoint importWeb Content Migration Package (CMP) Request - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Vulnerability references updated. - Release Date: December 08, 2020 - Last Modified Date: December 15, 2020 Removed Filters: NoneTop of the Page