Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Digital Vaccine #9496

    • Updated:
    • 27 Jan 2021
    • Product/Version:
    • TippingPoint Digital Vaccine
    • Platform:
Summary
Digital Vaccine #9496      January 26, 2021
Details
Public
Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs.

New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com.

SMS customers can update the Digital Vaccine through the SMS client. From the top-line menu, you can open the "File > Download Digital Vaccine from TMC" menu item to detect and load the latest update.
 
System Requirements
The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above,  all NGFW, and all TPS systems. The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance. Please note that vTPS does not currently support pre-disclosed ZDI filters.
 
The Digital Vaccine can be manually downloaded from the following URLs:
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9496.pkg
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9496.pkg

Update Details

Table of Contents
--------------------------

Filters
 New Filters - 16
 Modified Filters (logic changes) - 38
 Modified Filters (metadata changes only) - 2
 Removed Filters - 0

Filters
----------------
  New Filters: 

   38770: ZDI-CAN-12370: Zero Day Initiative Vulnerability (NETGEAR Nighthawk R7800)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Netgear Nighthawk R7800.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: January 26, 2021

    38771: ZDI-CAN-12413: Zero Day Initiative Vulnerability (Delta Industrial Automation DOPSoft)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Delta Industrial Automation DOPSoft.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: January 26, 2021

    38772: ZDI-CAN-12418: Zero Day Initiative Vulnerability (Delta Industrial Automation DOPSoft)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Delta Industrial Automation DOPSoft.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: January 26, 2021

    38773: ZDI-CAN-12529: Zero Day Initiative Vulnerability (Siemens Solid Edge Viewer)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens Solid Edge Viewer.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: January 26, 2021

    38774: ZDI-CAN-12530: Zero Day Initiative Vulnerability (Siemens Solid Edge Viewer)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens Solid Edge Viewer.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: January 26, 2021

    38775: ZDI-CAN-12531: Zero Day Initiative Vulnerability (Siemens Solid Edge Viewer)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens Solid Edge Viewer.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: January 26, 2021

    38776: ZDI-CAN-12532: Zero Day Initiative Vulnerability (Siemens Solid Edge Viewer)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens Solid Edge Viewer.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: January 26, 2021

    38777: ZDI-CAN-12534: Zero Day Initiative Vulnerability (Siemens Solid Edge Viewer)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens Solid Edge Viewer.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: January 26, 2021

    38778: ZDI-CAN-12647: Zero Day Initiative Vulnerability (Delta Industrial Automation DOPSoft)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Delta Industrial Automation DOPSoft.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: January 26, 2021

    38779: ZDI-CAN-12656: Zero Day Initiative Vulnerability (Delta Industrial Automation DOPSoft)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Delta Industrial Automation DOPSoft.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: January 26, 2021

    38780: HTTP: Microsoft SharePoint GetUserCollectionFromSite Request (ATT&CK T1589.002, T1589.003, T1087) 
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects a UserGroup.GetUserCollectionFromSite request to a Microsoft Sharepoint instance.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Other Server Application or Service
      - Release Date: January 26, 2021

    38781: HTTP: Microsoft SharePoint GetUserCollectionFromWeb Request (ATT&CK T1589.002, T1589.003, T1087) 
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects a UserGroup.GetUserCollectionFromWeb request to a Microsoft SharePoint instance.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Other Server Application or Service
      - Release Date: January 26, 2021

    38782: HTTP: Microsoft SharePoint GetUserInfo Request (ATT&CK T1589.002, T1589.003, T1087) 
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects a UserGroup.GetUserInfo request to a Microsoft Sharepoint instance.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Other Server Application or Service
      - Release Date: January 26, 2021

    38783: HTTP: Microsoft SharePoint GetRolesAndPermissionsForSite Request (ATT&CK T1069, T1087)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects a UserGroup.GetRolesAndPermissionsForSite request to a Microsoft SharePoint instance.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Other Server Application or Service
      - Release Date: January 26, 2021

    38784: DNS: dns2tcp Tunneling Request
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects dns2tcp tunneling attempts.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Forbidden Application Access or Service Request
      - Protocol: DNS
      - Platform: Multi-Platform Server Application or Service
      - Release Date: January 26, 2021

    38808: HTTP: Oracle WebLogic Server JNDI Code Execution Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a code execution vulnerability in Oracle WebLogic Server.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-2109
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: January 26, 2021

  Modified Filters (logic changes):
    * = Enabled in Default deployments

    * 29728: HTTP: Apache Tomcat HTTP PUT Windows Code Execution Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Release Date: October 17, 2017
      - Last Modified Date: January 26, 2021

    32163: TCP: Stratum Mining Protocol Usage
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Release Date: June 19, 2018
      - Last Modified Date: January 26, 2021

    36539: HTTP: Cisco Data Center Network Manager getLanIslList SQL Injection Vulnerability (ZDI-20-037)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "36539: ZDI-CAN-9184: Zero Day Initiative Vulnerability (Cisco Data Center Network Manager)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: November 05, 2019
      - Last Modified Date: January 26, 2021

    37433: HTTP: JAWS Remote Code Execution Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Release Date: April 07, 2020
      - Last Modified Date: January 26, 2021

    37474: HTTP: WECON LeviStudioU XYSet WordAddr Buffer Overflow Vulnerability (ZDI-20-1059-63)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: April 07, 2020
      - Last Modified Date: January 26, 2021

    37860: HTTP: D-Link DAP-1860 HNAP Authorization Command Injection Vulnerability (ZDI-20-1428)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37860: ZDI-CAN-10880: Zero Day Initiative Vulnerability (D-Link DAP-1860)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: July 21, 2020
      - Last Modified Date: January 26, 2021

    37861: HTTP: D-Link DAP-1860 uHTTPd Authentication Bypass Vulnerability (ZDI-20-1429)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37861: ZDI-CAN-10894: Zero Day Initiative Vulnerability (D-Link DAP-1860)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: July 21, 2020
      - Last Modified Date: January 26, 2021

    37862: HTTP: NETGEAR Orbi UA_Parser Host Name Command Injection Vulnerability (ZDI-20-1430)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37862: ZDI-CAN-11076: Zero Day Initiative Vulnerability (Netgear Orbi)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: July 21, 2020
      - Last Modified Date: January 26, 2021

    37863: HTTP: NETGEAR Orbi UA_Parser Host Name Command Injection Vulnerability (ZDI-20-1430)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37863: ZDI-CAN-11076: Zero Day Initiative Vulnerability (Netgear Orbi)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: July 21, 2020
      - Last Modified Date: January 26, 2021

    37865: HTTP: Microsoft SharePoint DataFormWebPart Information Disclosure Vulnerability (ZDI-20-1398)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37865: ZDI-CAN-11267: Zero Day Initiative Vulnerability (Microsoft SharePoint)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: July 21, 2020
      - Last Modified Date: January 26, 2021

    37932: HTTP: Trend Micro Multiple Products Improper Access Control Vulnerability (ZDI-20-1374,1387)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37932: ZDI-CAN-11236: Zero Day Initiative Vulnerability (Trend Micro Multiple Products)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: August 11, 2020
      - Last Modified Date: January 26, 2021

    38012: HTTP: Apple Safari TextNode Use-After-Free Vulnerability (ZDI-20-1394)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38012: ZDI-CAN-11498: Zero Day Initiative Vulnerability (Apple Safari)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: August 18, 2020
      - Last Modified Date: January 26, 2021

    38014: HTTP: Adobe Acrobat Reader DC ID Parameter Out-Of-Bounds Read Vulnerability (ZDI-20-1354)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38014: ZDI-CAN-11540: Zero Day Initiative Vulnerability (Adobe Acrobat Reader)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: August 18, 2020
      - Last Modified Date: January 26, 2021

    38015: HTTP: Panasonic Control FPWIN Pro Project File Parsing Out-Of-Bounds Read Vulnerability (ZDI-21-068)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38015: ZDI-CAN-11579: Zero Day Initiative Vulnerability (Panasonic Control FPWIN Pro)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: August 18, 2020
      - Last Modified Date: January 26, 2021

    38023: HTTP: Delta Industrial Automation DOPSoft DPA Out-Of-Bounds Write Vulnerability (ZDI-21-028)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38023: ZDI-CAN-11644: Zero Day Initiative Vulnerability (Delta Industrial Automation DOPSoft)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: August 18, 2020
      - Last Modified Date: January 26, 2021

    38123: HTTP: Delta Industrial Automation CNCSoft-B DOPSoft XLS File Parsing Out-Of-Bounds Write(ZDI-21-031)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38123: ZDI-CAN-11712: Zero Day Initiative Vulnerability (Delta Industrial Automation CNCSoft)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: September 22, 2020
      - Last Modified Date: January 26, 2021

    38124: HTTP: Delta Industrial Automation CNCSoft ScreenEditor DPB File Parsing Buffer Overflow (ZDI-21-039)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38124: ZDI-CAN-11713: Zero Day Initiative Vulnerability (Delta Industrial Automation CNCSoft)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: September 22, 2020
      - Last Modified Date: January 26, 2021

    38193: HTTP: Microsoft Windows Camera Codec Pack Out-Of-Bounds Write Vulnerability (ZDI-20-1258)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38193: ZDI-CAN-11981: Zero Day Initiative Vulnerability (Microsoft Windows Camera Codec)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: September 29, 2020
      - Last Modified Date: January 26, 2021

    38211: HTTP: Siemens JT2Go JT File Parsing Type Confusion Vulnerability (ZDI-21-046)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38211: ZDI-CAN-11881: Zero Day Initiative Vulnerability (Siemens JT2Go)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: October 06, 2020
      - Last Modified Date: January 26, 2021

    38212: HTTP: Siemens JT2Go PAR File Parsing Out-Of-Bounds Write Vulnerability (ZDI-21-047)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38212: ZDI-CAN-11885: Zero Day Initiative Vulnerability (Siemens JT2Go)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: October 06, 2020
      - Last Modified Date: January 26, 2021

    38213: HTTP: Siemens JT2Go PAR File Parsing Out-Of-Bounds Write Vulnerability (ZDI-21-049)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38213: ZDI-CAN-11891: Zero Day Initiative Vulnerability (Siemens JT2Go)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: October 06, 2020
      - Last Modified Date: January 26, 2021

    38214: HTTP: Siemens JT2Go PAR File Parsing Stack-based Buffer Overflow Vulnerability (ZDI-21-050)
      - IPS Version: 3.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38214: ZDI-CAN-11892: Zero Day Initiative Vulnerability (Siemens JT2Go)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: October 06, 2020
      - Last Modified Date: January 26, 2021

    38285: HTTP: Siemens JT2Go ASM File Parsing Type Confusion Vulnerability (ZDI-21-055)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38285: ZDI-CAN-11897: Zero Day Initiative Vulnerability (Siemens JT2Go)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: November 03, 2020
      - Last Modified Date: January 26, 2021

    38286: HTTP: Siemens JT2Go CG4 and CGM File Parsing Out-Of-Bounds Write Vulnerability (ZDI-21-052)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38286: ZDI-CAN-11898: Zero Day Initiative Vulnerability (Siemens JT2Go)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: November 03, 2020
      - Last Modified Date: January 26, 2021

    38287: HTTP: Siemens JT2Go ASM File Parsing Untrusted Pointer Dereference Vulnerability (ZDI-21-053)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38287: ZDI-CAN-11899: Zero Day Initiative Vulnerability (Siemens JT2Go)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: November 03, 2020
      - Last Modified Date: January 26, 2021

    38291: HTTP: Siemens JT2Go PDF File Parsing Out-Of-Bounds Write Vulnerability (ZDI-21-054)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38291: ZDI-CAN-11900: Zero Day Initiative Vulnerability (Siemens JT2Go)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: November 03, 2020
      - Last Modified Date: January 26, 2021

    38327: HTTP: Adobe Acrobat Pro DC PDF Export Out-Of-Bounds Read Vulnerability (ZDI-20-1356)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38327: ZDI-CAN-11958: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: November 03, 2020
      - Last Modified Date: January 26, 2021

    38329: HTTP: Siemens JT2Go JT File Parsing Out-Of-Bounds Write Vulnerability (ZDI-21-051)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38329: ZDI-CAN-11972: Zero Day Initiative Vulnerability (Siemens JT2Go)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: November 03, 2020
      - Last Modified Date: January 26, 2021

    38331: HTTP: Siemens JT2Go RGB and SGI File Parsing Heap-based Buffer Overflow Vulnerability (ZDI-21-058)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38331: ZDI-CAN-11986: Zero Day Initiative Vulnerability (Siemens JT2Go)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: November 03, 2020
      - Last Modified Date: January 26, 2021

    38332: HTTP: Siemens JT2Go RGB and SGI File Parsing Heap-based Buffer Overflow Vulnerability (ZDI-21-056)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38332: ZDI-CAN-11994: Zero Day Initiative Vulnerability (Siemens JT2Go)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: November 03, 2020
      - Last Modified Date: January 26, 2021

    38338: HTTP: Siemens JT2Go JT File Parsing Heap-based Buffer Overflow Vulnerability (ZDI-21-057)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38338: ZDI-CAN-12014: Zero Day Initiative Vulnerability (Siemens JT2Go)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: November 03, 2020
      - Last Modified Date: January 26, 2021

    38339: HTTP: Adobe Acrobat Reader DC AVDocumentLocal Use-After-Free Vulnerability (ZDI-20-1357)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38339: ZDI-CAN-12015: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: November 03, 2020
      - Last Modified Date: January 26, 2021

    38340: HTTP: Siemens JT2Go TGA File Parsing Heap-based Buffer Overflow Vulnerability (ZDI-21-059)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38340: ZDI-CAN-12017: Zero Day Initiative Vulnerability (Siemens JT2Go)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: November 03, 2020
      - Last Modified Date: January 26, 2021

    38341: HTTP: Microsoft Windows WebM Video Parsing Uninitialized Pointer Vulnerability (ZDI-20-1373)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38341: ZDI-CAN-12020: Zero Day Initiative Vulnerability (Microsoft Windows)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: November 03, 2020
      - Last Modified Date: January 26, 2021

    38383: HTTP: Hewlett Packard Enterprise Systems Insight Manager Deserialization Vulnerability (ZDI-20-1449)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38383: ZDI-CAN-11847: Zero Day Initiative Vulnerability(Hewlett Packard Enterprise Systems Insight Manager)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: November 17, 2020
      - Last Modified Date: January 26, 2021

    38390: HTTP: Siemens JT2Go TGA File Parsing Buffer Overflow Vulnerability (ZDI-21-061)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38390: ZDI-CAN-12016: Zero Day Initiative Vulnerability (Siemens JT2Go)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: November 17, 2020
      - Last Modified Date: January 26, 2021

    38483: HTTP: Siemens JT2Go CG4 File Parsing Out-Of-Bounds Read Vulnerability (ZDI-21-062)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38483: ZDI-CAN-12027: Zero Day Initiative Vulnerability (Siemens JT2Go)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: November 24, 2020
      - Last Modified Date: January 26, 2021

    38676: UPnP: UPnP AddPortMapping() SOAP Request
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Release Date: January 12, 2021
      - Last Modified Date: January 26, 2021

  Modified Filters (metadata changes only):
    * = Enabled in Default deployments

    38391: HTTP: Microsoft Excel XLS File Memory Corruption Vulnerability (ZDI-21-023)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38391: HTTP: Microsoft Excel XLS File Memory Corruption Vulnerability".
      - Description updated.
      - Vulnerability references updated.
      - Release Date: November 17, 2020
      - Last Modified Date: January 26, 2021

    38491: HTTP: Microsoft Word DOC File Parsing Out-Of-Bounds Write Vulnerability (ZDI-21-026)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38491: HTTP: Microsoft Word DOC File Parsing Out-Of-Bounds Write Vulnerability".
      - Description updated.
      - Vulnerability references updated.
      - Release Date: November 24, 2020
      - Last Modified Date: January 26, 2021

  Removed Filters: None

      
Top of the Page
Premium
Internal
Partner
Rating:
Category:
Configure; Troubleshoot; Deploy
Solution Id:
TP000284509
Feedback
Did this article help you?

Thank you for your feedback!


*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.