Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Digital Vaccine #9488

    • Updated:
    • 6 Jan 2021
    • Product/Version:
    • TippingPoint Digital Vaccine
    • Platform:
Summary
Digital Vaccine #9488      January 5, 2021
Details
Public
Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs.

New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com.

SMS customers can update the Digital Vaccine through the SMS client. From the top-line menu, you can open the "File > Download Digital Vaccine from TMC" menu item to detect and load the latest update.
 
System Requirements
The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above, all NGFW, and all TPS systems. The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance. Please note that vTPS does not currently support pre-disclosed ZDI filters.
 
The Digital Vaccine can be manually downloaded from the following URLs:
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9488.pkg
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9488.pkg

Update Details

Table of Contents
--------------------------

Filters
 New Filters - 7
 Modified Filters (logic changes) - 12
 Modified Filters (metadata changes only) - 1
 Removed Filters - 0

Filters
----------------
  New Filters: 

    38662: HTTP: Fortinet FortiOS Multiple Cross-Site Scripting Vulnerabilities
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter detects an attempt to exploit a cross-site scripting vulnerability in Fortinet FortiOS.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-13380
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: January 05, 2021

    38663: HTTP: Fortinet FortiOS HTML Encoding Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Fortinet FortiOS.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-13381
      - Classification: Vulnerability - Buffer/Heap Overflow
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: January 05, 2021

    38664: HTTP: Fortinet FortiOS Unauthenticated Password Reset Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: 
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-13382
      - Classification: Vulnerability - Access Validation
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: January 05, 2021

    38665: HTTP: Microsoft Windows DirectWrite SplicePixel OTF Parsing Out-Of-Bounds Read Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: High
      - Description: This filter detects an attempt to exploit an out-of-bounds read vulnerability in Microsoft Windows DirectWrite.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-1245
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Windows Client Application
      - Release Date: January 05, 2021

    38666: HTTP: Microsoft Windows DirectWrite GetSbitBitmap TTF Parsing Out-Of-Bounds Read Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: High
      - Description: This filter detects an attempt to exploit an out-of-bounds read vulnerability in Microsoft Windows DirectWrite.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-1244
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Windows Client Application
      - Release Date: January 05, 2021

    38667: ZDI-CAN-12199: Zero Day Initiative Vulnerability (Autodesk FBX)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Autodesk FBX.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: January 05, 2021

    38668: ZDI-CAN-12200: Zero Day Initiative Vulnerability (Autodesk FBX)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Autodesk FBX.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: January 05, 2021

  Modified Filters (logic changes):
    * = Enabled in Default deployments

    * 20439: HTTP: Adobe Flash XML Write Memory Corruption Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Release Date: August 25, 2015
      - Last Modified Date: January 05, 2021

    * 30491: HTTP: Node.js NoSQL Injection Attempt Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Release Date: March 20, 2018
      - Last Modified Date: January 05, 2021

    35469: HTTP: Adobe Flash XML Write Memory Corruption Vulnerability (Upload)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Release Date: June 11, 2019
      - Last Modified Date: January 05, 2021

    38348: ZDI-CAN-12076: Zero Day Initiative Vulnerability (Autodesk AutoCAD)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Detection logic updated.
      - Release Date: November 03, 2020
      - Last Modified Date: January 05, 2021

    38349: ZDI-CAN-12077: Zero Day Initiative Vulnerability (Autodesk AutoCAD)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Detection logic updated.
      - Release Date: November 03, 2020
      - Last Modified Date: January 05, 2021

    38350: ZDI-CAN-12094: Zero Day Initiative Vulnerability (Autodesk AutoCAD)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Detection logic updated.
      - Release Date: November 03, 2020
      - Last Modified Date: January 05, 2021

    38352: ZDI-CAN-12117: Zero Day Initiative Vulnerability (Autodesk AutoCAD)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Detection logic updated.
      - Release Date: November 03, 2020
      - Last Modified Date: January 05, 2021

    38353: ZDI-CAN-12118: Zero Day Initiative Vulnerability (Autodesk AutoCAD)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Detection logic updated.
      - Release Date: November 03, 2020
      - Last Modified Date: January 05, 2021

    38354: ZDI-CAN-12119: Zero Day Initiative Vulnerability (Autodesk AutoCAD)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Detection logic updated.
      - Release Date: November 03, 2020
      - Last Modified Date: January 05, 2021

    38356: ZDI-CAN-12150: Zero Day Initiative Vulnerability (Autodesk AutoCAD)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Detection logic updated.
      - Release Date: November 03, 2020
      - Last Modified Date: January 05, 2021

    38359: ZDI-CAN-12181: Zero Day Initiative Vulnerability (Autodesk AutoCAD)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Detection logic updated.
      - Release Date: November 03, 2020
      - Last Modified Date: January 05, 2021

    38400: ZDI-CAN-12281: Zero Day Initiative Vulnerability (Autodesk AutoCAD)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Detection logic updated.
      - Release Date: November 17, 2020
      - Last Modified Date: January 05, 2021

  Modified Filters (metadata changes only):
    * = Enabled in Default deployments

    31350: DNS: Your-Freedom Configuration DNS Query Usage
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Miscellaneous modification.
      - Release Date: June 09, 2020
      - Last Modified Date: January 05, 2021

  Removed Filters: None
      
Top of the Page
Premium
Internal
Partner
Rating:
Category:
Configure; Troubleshoot; Deploy
Solution Id:
TP000283870
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.