Summary
Digital Vaccine #9488 January 5, 2021
Details
Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs. New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com. SMS customers can update the Digital Vaccine through the SMS client. From the top-line menu, you can open the "File > Download Digital Vaccine from TMC" menu item to detect and load the latest update. |
System Requirements |
The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above, all NGFW, and all TPS systems. The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance. Please note that vTPS does not currently support pre-disclosed ZDI filters. |
The Digital Vaccine can be manually downloaded from the following URLs: https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9488.pkg https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9488.pkg |
Update Details
Table of Contents
--------------------------
Filters
New Filters - 7
Modified Filters (logic changes) - 12
Modified Filters (metadata changes only) - 1
Removed Filters - 0
Filters
----------------
New Filters: 38662: HTTP: Fortinet FortiOS Multiple Cross-Site Scripting Vulnerabilities - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: High - Description: This filter detects an attempt to exploit a cross-site scripting vulnerability in Fortinet FortiOS. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2018-13380 - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: January 05, 2021 38663: HTTP: Fortinet FortiOS HTML Encoding Buffer Overflow Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Fortinet FortiOS. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2018-13381 - Classification: Vulnerability - Buffer/Heap Overflow - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: January 05, 2021 38664: HTTP: Fortinet FortiOS Unauthenticated Password Reset Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2018-13382 - Classification: Vulnerability - Access Validation - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: January 05, 2021 38665: HTTP: Microsoft Windows DirectWrite SplicePixel OTF Parsing Out-Of-Bounds Read Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: High - Description: This filter detects an attempt to exploit an out-of-bounds read vulnerability in Microsoft Windows DirectWrite. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2019-1245 - Classification: Vulnerability - Other - Protocol: HTTP - Platform: Windows Client Application - Release Date: January 05, 2021 38666: HTTP: Microsoft Windows DirectWrite GetSbitBitmap TTF Parsing Out-Of-Bounds Read Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: High - Description: This filter detects an attempt to exploit an out-of-bounds read vulnerability in Microsoft Windows DirectWrite. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2019-1244 - Classification: Vulnerability - Other - Protocol: HTTP - Platform: Windows Client Application - Release Date: January 05, 2021 38667: ZDI-CAN-12199: Zero Day Initiative Vulnerability (Autodesk FBX) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Autodesk FBX. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: January 05, 2021 38668: ZDI-CAN-12200: Zero Day Initiative Vulnerability (Autodesk FBX) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Autodesk FBX. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: January 05, 2021 Modified Filters (logic changes): * = Enabled in Default deployments * 20439: HTTP: Adobe Flash XML Write Memory Corruption Vulnerability - IPS Version: 3.1.3 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Detection logic updated. - Release Date: August 25, 2015 - Last Modified Date: January 05, 2021 * 30491: HTTP: Node.js NoSQL Injection Attempt Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Detection logic updated. - Release Date: March 20, 2018 - Last Modified Date: January 05, 2021 35469: HTTP: Adobe Flash XML Write Memory Corruption Vulnerability (Upload) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Detection logic updated. - Release Date: June 11, 2019 - Last Modified Date: January 05, 2021 38348: ZDI-CAN-12076: Zero Day Initiative Vulnerability (Autodesk AutoCAD) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Detection logic updated. - Release Date: November 03, 2020 - Last Modified Date: January 05, 2021 38349: ZDI-CAN-12077: Zero Day Initiative Vulnerability (Autodesk AutoCAD) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Detection logic updated. - Release Date: November 03, 2020 - Last Modified Date: January 05, 2021 38350: ZDI-CAN-12094: Zero Day Initiative Vulnerability (Autodesk AutoCAD) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Detection logic updated. - Release Date: November 03, 2020 - Last Modified Date: January 05, 2021 38352: ZDI-CAN-12117: Zero Day Initiative Vulnerability (Autodesk AutoCAD) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Detection logic updated. - Release Date: November 03, 2020 - Last Modified Date: January 05, 2021 38353: ZDI-CAN-12118: Zero Day Initiative Vulnerability (Autodesk AutoCAD) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Detection logic updated. - Release Date: November 03, 2020 - Last Modified Date: January 05, 2021 38354: ZDI-CAN-12119: Zero Day Initiative Vulnerability (Autodesk AutoCAD) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Detection logic updated. - Release Date: November 03, 2020 - Last Modified Date: January 05, 2021 38356: ZDI-CAN-12150: Zero Day Initiative Vulnerability (Autodesk AutoCAD) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Detection logic updated. - Release Date: November 03, 2020 - Last Modified Date: January 05, 2021 38359: ZDI-CAN-12181: Zero Day Initiative Vulnerability (Autodesk AutoCAD) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Detection logic updated. - Release Date: November 03, 2020 - Last Modified Date: January 05, 2021 38400: ZDI-CAN-12281: Zero Day Initiative Vulnerability (Autodesk AutoCAD) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Detection logic updated. - Release Date: November 17, 2020 - Last Modified Date: January 05, 2021 Modified Filters (metadata changes only): * = Enabled in Default deployments 31350: DNS: Your-Freedom Configuration DNS Query Usage - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Miscellaneous modification. - Release Date: June 09, 2020 - Last Modified Date: January 05, 2021 Removed Filters: NoneTop of the Page