Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs. New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com. SMS customers can update the Digital Vaccine through the SMS client. From the top-line menu, you can open the "File > Download Digital Vaccine from TMC" menu item to detect and load the latest update. |
System Requirements |
The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above, all NGFW, and all TPS systems. The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance. Please note that vTPS does not currently support pre-disclosed ZDI filters. |
Microsoft Security Bulletins This DV includes coverage for the Microsoft vulnerabilities released on or before March 9, 2021. The following table maps TippingPoint filters to the Microsoft CVEs. | ||
CVE | Filter | Status |
CVE-2021-1640 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2021-1729 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2021-21300 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2021-24089 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2021-24090 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2021-24095 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2021-24104 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2021-24107 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2021-24108 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2021-24110 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2021-26411 | 39214 | |
CVE-2021-26859 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2021-26860 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2021-26861 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2021-26862 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2021-26863 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2021-26864 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2021-26865 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2021-26866 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2021-26867 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2021-26868 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2021-26869 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2021-26870 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2021-26871 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2021-26872 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2021-26873 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2021-26874 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2021-26875 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2021-26876 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2021-26877 | 39213 | |
CVE-2021-26878 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2021-26879 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2021-26880 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2021-26881 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2021-26882 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2021-26884 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2021-26885 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2021-26886 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2021-26887 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2021-26889 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2021-26890 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2021-26891 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2021-26892 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2021-26893 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2021-26894 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2021-26895 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2021-26896 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2021-26897 | 39218, 39221 | |
CVE-2021-26898 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2021-26899 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2021-26900 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2021-26901 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2021-26902 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2021-27047 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2021-27048 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2021-27049 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2021-27050 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2021-27051 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2021-27052 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2021-27053 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2021-27054 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2021-27055 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2021-27056 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2021-27057 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2021-27058 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2021-27059 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2021-27060 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2021-27061 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2021-27062 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2021-27063 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2021-27066 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2021-27070 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2021-27074 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2021-27075 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2021-27076 | 39219 | |
CVE-2021-27077 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2021-27080 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2021-27081 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2021-27082 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2021-27083 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2021-27084 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2021-27085 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
Filters marked with * shipped prior to this DV, providing zero-day protection. |
The Digital Vaccine can be manually downloaded from the following URLs: https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9511.pkg https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9511.pkg |
Update Details
Table of Contents
--------------------------
Filters
New Filters - 20
Modified Filters (logic changes) - 31
Modified Filters (metadata changes only) - 1
Removed Filters - 0
Filters
----------------
New Filters: 38941: ZDI-CAN-13049: Zero Day Initiative Vulnerability (Microsoft Windows 3D Builder) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against exploitation of a zero-day vulnerability affecting Microsoft Windows 3D Builder. - Deployments: - Deployment: Default (Block / Notify / Trace) - Deployment: Performance-Optimized (Disabled) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: March 09, 2021 38958: HTTP: Apache ActiveMQ Web Console message.jsp Cross-Site Scripting Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a cross-site scripting vulnerability in Apache ActiveMQ. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2020-13947 CVSS 4.3 - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: March 09, 2021 38975: HTTP: Zoho ManageEngine Applications Manager UriCollector SQL Injection Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a SQL injection vulnerability in Zoho ManageEngine Applications Manager. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2020-35765 CVSS 6.5 - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: March 09, 2021 39073: HTTP: SolarWinds Orion Platform MSMQ Insecure Deserialization Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit an insecure deserialization vulnerability in SolarWinds Orion Platform. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2021-25274 CVSS 9.8 - Classification: Vulnerability - Other - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: March 09, 2021 39076: HTTP: Nagios XI Users.php Username Stored Cross-Site Scripting Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a cross-site scripting vulnerability in Nagios XI. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2020-27988 CVSS 3.5 - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: March 09, 2021 39079: ZDI-CAN-12935: Zero Day Initiative Vulnerability (Microsoft Excel) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Microsoft Excel. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: March 09, 2021 39080: ZDI-CAN-12934: Zero Day Initiative Vulnerability (Microsoft Excel) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Microsoft Excel. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: March 09, 2021 39081: ZDI-CAN-12913: Zero Day Initiative Vulnerability (AutoDesk Design Review) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting AutoDesk Design Review. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: March 09, 2021 39096: ZDI-CAN-13053: Zero Day Initiative Vulnerability (Microsoft Windows 3D Builder) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against exploitation of a zero-day vulnerability affecting Microsoft Windows 3D Builder. - Deployments: - Deployment: Default (Block / Notify / Trace) - Deployment: Performance-Optimized (Disabled) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: March 09, 2021 39097: HTTP: phpMyAdmin SearchController SQL Injection Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a SQL vulnerability in phpMyAdmin. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2020-26935 CVSS 7.5 - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: March 09, 2021 39100: ZDI-CAN-12948: Zero Day Initiative Vulnerability (Microsoft SharePoint) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft SharePoint. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: March 09, 2021 39102: ZDI-CAN-12703: Zero Day Initiative Vulnerability (Microsoft Excel) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Microsoft Excel. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: March 09, 2021 39112: HTTP: Oracle Application Server Config Files Access - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Moderate - Description: This filter detects access requests of config files to Oracle Application Server. - Deployment: Not enabled by default in any deployment. - Classification: Security Policy - Forbidden Application Access or Service Request - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: March 09, 2021 39213: DNS: Microsoft Windows DNS Integer Overflow Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit an integer overflow vulnerability in Microsoft Windows. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2021-26877 - Classification: Vulnerability - Buffer/Heap Overflow - Protocol: DNS - Platform: Windows Server Application or Service - Release Date: March 09, 2021 39214: HTTP: Microsoft Internet Explorer Memory Corruption Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Internet Explorer. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2021-26411 - Classification: Vulnerability - Other - Protocol: HTTP - Platform: Multi-Platform Client Application - Release Date: March 09, 2021 39216: TCP: VMWare ESXi SLP Buffer Overflow Vulnerability (ZDI-21-250) - IPS Version: 3.1.3 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in VMWare ESXi. - Deployment: Not enabled by default in any deployment. - References: - Common Vulnerabilities and Exposures: CVE-2021-21974 - Zero Day Initiative: ZDI-21-250 - Classification: Vulnerability - Buffer/Heap Overflow - Protocol: TCP (Generic) - Platform: Other Server Application or Service - Release Date: March 09, 2021 39218: DNS: Microsoft Windows Server DNS Buffer Overflow Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Windows Server. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2021-26897 - Classification: Vulnerability - Other - Protocol: DNS - Platform: Windows Server Application or Service - Release Date: March 09, 2021 39219: HTTP: Microsoft SharePoint Unsafe Deserialization Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit an unsafe deserialization vulnerability in Microsoft SharePoint. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - References: - Common Vulnerabilities and Exposures: CVE-2021-27076 - Classification: Vulnerability - Other - Protocol: HTTP - Platform: Windows Server Application or Service - Release Date: March 09, 2021 39220: HTTP: Oracle Application Server Unauthorized File Access - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Low - Description: This filter detects unauthorized files access request to Oracle Application Server. - Deployment: Not enabled by default in any deployment. - Classification: Security Policy - Other - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: March 09, 2021 39221: DNS: Long Dynamic SigRR Update - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Low - Description: This filter detects a DNS dynamic update request containing a sigRR record with a long signature length. - Deployment: Not enabled by default in any deployment. - References: - Common Vulnerabilities and Exposures: CVE-2021-26897 - Classification: Security Policy - Other - Protocol: DNS - Platform: Multi-Platform Server Application or Service - Release Date: March 09, 2021 Modified Filters (logic changes): * = Enabled in Default deployments 37692: HTTP: Advantech iView Directory Traversal Vulnerability (ZDI-20-847,829,1085,1086,1087,1088,1089) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37692: ZDI-CAN-10630,10636,10976,10988-95: Zero Day Initiative Vulnerability (Advantech iView)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: May 05, 2020 - Last Modified Date: March 09, 2021 38059: HTTP: D-Link DAP-2020 webproc getpage Buffer Overflow Vulnerability (ZDI-21-203) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "38059: ZDI-CAN-10932: Zero Day Initiative Vulnerability (D-Link DAP-2020)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: September 01, 2020 - Last Modified Date: March 09, 2021 38144: HTTP: D-Link DAP-2020 WEB_CmdFileList Command Injection Vulnerability (ZDI-21-204) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "38144: ZDI-CAN-11369: Zero Day Initiative Vulnerability (D-Link DAP-2020)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: September 22, 2020 - Last Modified Date: March 09, 2021 38210: UDP: NETGEAR Multiple Routers SSDP Buffer Overflow Vulnerability (ZDI-21-206) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "38210: ZDI-CAN-11851: Zero Day Initiative Vulnerability (Multiple NETGEAR Routers)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: October 06, 2020 - Last Modified Date: March 09, 2021 38216: HTTP: Siemens JT2Go DXF File Parsing Out-Of-Bounds Write Vulnerability (ZDI-21-245) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "38216: ZDI-CAN-11910: Zero Day Initiative Vulnerability (Siemens JT2Go)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: October 06, 2020 - Last Modified Date: March 09, 2021 38217: HTTP: Siemens JT2Go DXF File Parsing Out-Of-Bounds Write Vulnerability (ZDI-21-246) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "38217: ZDI-CAN-11911: Zero Day Initiative Vulnerability (Siemens JT2Go)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: October 06, 2020 - Last Modified Date: March 09, 2021 38218: HTTP: Siemens JT2Go DXF File Parsing Memory Corruption Vulnerability (ZDI-21-218) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "38218: ZDI-CAN-11912: Zero Day Initiative Vulnerability (Siemens JT2Go)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: October 06, 2020 - Last Modified Date: March 09, 2021 38221: HTTP: Siemens JT2Go DXF File Parsing Memory Corruption Vulnerability (ZDI-21-219) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "38221: ZDI-CAN-11927: Zero Day Initiative Vulnerability (Siemens JT2Go)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: October 06, 2020 - Last Modified Date: March 09, 2021 38293: HTTP: Siemens JT2Go DXF and DWG File Parsing Buffer Overflow Vulnerability (ZDI-21-220) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "38293: ZDI-CAN-11901: Zero Day Initiative Vulnerability (Siemens JT2Go)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: November 03, 2020 - Last Modified Date: March 09, 2021 38300: HTTP: Siemens JT2Go DXF File Parsing Memory Corruption Vulnerability (ZDI-21-221) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "38300: ZDI-CAN-11913: Zero Day Initiative Vulnerability (Siemens JT2Go)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: November 03, 2020 - Last Modified Date: March 09, 2021 38387: HTTP: Siemens JT2Go DXF File Parsing Untrusted Pointer Dereference Vulnerability (ZDI-21-222) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "38387: ZDI-CAN-11989: Zero Day Initiative Vulnerability (Siemens JT2Go)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: November 17, 2020 - Last Modified Date: March 09, 2021 38455: DHCP: NETGEAR R7800 udchpd DHCP_REQUEST Command Injection Vulnerability (Pwn2Own ZDI-21-248) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "38455: PWN2OWN ZDI-CAN-12216: Zero Day Initiative Vulnerability (Netgear Nighthawk R7800)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: November 10, 2020 - Last Modified Date: March 09, 2021 38461: FTP: NETGEAR Nighthawk R7800 Remote Code Execution Vulnerability (PWN2OWN ZDI-21-247) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "38461: PWN2OWN ZDI-CAN-12308: Zero Day Initiative Vulnerability (Netgear Nighthawk R7800)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: November 17, 2020 - Last Modified Date: March 09, 2021 38478: HTTP: Siemens JT2Go DXF File Parsing Untrusted Pointer Dereference Vulnerability (ZDI-21-224) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "38478: ZDI-CAN-11988: Zero Day Initiative Vulnerability (Siemens JT2Go)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: November 24, 2020 - Last Modified Date: March 09, 2021 38480: HTTP: Siemens JT2Go BMP File Parsing Memory Corruption Vulnerability (ZDI-21-237) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "38480: ZDI-CAN-12018: Zero Day Initiative Vulnerability (Siemens JT2Go)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: November 24, 2020 - Last Modified Date: March 09, 2021 38481: HTTP: Siemens JT2Go DGN File Parsing Out-Of-Bounds Write Vulnerability (ZDI-21-225) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "38481: ZDI-CAN-12019: Zero Day Initiative Vulnerability (Siemens JT2Go)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: November 24, 2020 - Last Modified Date: March 09, 2021 38482: HTTP: Siemens JT2Go DGN File Parsing Memory Corruption Vulnerability (ZDI-21-226) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "38482: ZDI-CAN-12026: Zero Day Initiative Vulnerability (Siemens JT2Go)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: November 24, 2020 - Last Modified Date: March 09, 2021 38484: HTTP: Siemens JT2Go PAR File Parsing Out-Of-Bounds Read Vulnerability (ZDI-21-238) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "38484: ZDI-CAN-12040: Zero Day Initiative Vulnerability (Siemens JT2Go)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: November 24, 2020 - Last Modified Date: March 09, 2021 38485: HTTP: Siemens JT2Go PAR File Parsing Out-Of-Bounds Read Vulnerability (ZDI-21-239) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "38485: ZDI-CAN-12042: Zero Day Initiative Vulnerability (Siemens JT2Go)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: November 24, 2020 - Last Modified Date: March 09, 2021 38570: HTTP: Siemens JT2Go PAR File Parsing Out-Of-Bounds Read Vulnerability (ZDI-21-228) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "38570: ZDI-CAN-12043: Zero Day Initiative Vulnerability (Siemens JT2Go)". - Severity changed from "Critical" to "High". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: December 15, 2020 - Last Modified Date: March 09, 2021 38575: HTTP: Siemens JT2Go CGM File Parsing Out-Of-Bounds Read Vulnerability (ZDI-21-230) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "38575: ZDI-CAN-12163: Zero Day Initiative Vulnerability (Siemens JT2Go)". - Severity changed from "Critical" to "High". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: December 15, 2020 - Last Modified Date: March 09, 2021 38576: HTTP: Siemens JT2Go DWG File Parsing Heap-based Buffer Overflow Vulnerability (ZDI-21-240) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "38576: ZDI-CAN-12165: Zero Day Initiative Vulnerability (Siemens JT2Go)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: December 15, 2020 - Last Modified Date: March 09, 2021 38578: HTTP: Siemens JT2Go SGI File Parsing Use-After-Free Vulnerability (ZDI-21-242) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "38578: ZDI-CAN-12176: Zero Day Initiative Vulnerability (Siemens JT2Go)". - Severity changed from "Critical" to "High". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: December 15, 2020 - Last Modified Date: March 09, 2021 38579: HTTP: Siemens JT2Go TGA File Parsing Out-Of-Bounds Write Vulnerability (ZDI-21-231) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "38579: ZDI-CAN-12178: Zero Day Initiative Vulnerability (Siemens JT2Go)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: December 15, 2020 - Last Modified Date: March 09, 2021 38580: HTTP: Siemens JT2Go PCT File Parsing Memory Corruption Vulnerability (ZDI-21-232) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "38580: ZDI-CAN-12182: Zero Day Initiative Vulnerability (Siemens JT2Go)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: December 15, 2020 - Last Modified Date: March 09, 2021 38582: HTTP: Siemens JT2Go HPG File Parsing Out-Of-Bounds Read Vulnerability (ZDI-21-234) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "38582: ZDI-CAN-12208: Zero Day Initiative Vulnerability (Siemens JT2Go)". - Severity changed from "Critical" to "High". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: December 15, 2020 - Last Modified Date: March 09, 2021 38586: HTTP: Siemens JT2Go RAS File Parsing Out-Of-Bounds Read Vulnerability (ZDI-21-236) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "38586: ZDI-CAN-12283: Zero Day Initiative Vulnerability (Siemens JT2Go)". - Severity changed from "Critical" to "High". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: December 15, 2020 - Last Modified Date: March 09, 2021 38624: HTTP: Apache Struts 2 Attribute Forced OGNL Evaluation Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Detection logic updated. - Release Date: December 15, 2020 - Last Modified Date: March 09, 2021 38683: HTTP: Siemens JT2Go PLT File Parsing Out-Of-Bounds Read Vulnerability (ZDI-21-235) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "38683: ZDI-CAN-12209: Zero Day Initiative Vulnerability (Siemens JT2Go)". - Severity changed from "Critical" to "High". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: January 12, 2021 - Last Modified Date: March 09, 2021 38684: HTTP: Siemens JT2Go HPG File Parsing Out-Of-Bounds Read Vulnerability (ZDI-21-233) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "38684: ZDI-CAN-12207: Zero Day Initiative Vulnerability (Siemens JT2Go)". - Severity changed from "Critical" to "High". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: January 12, 2021 - Last Modified Date: March 09, 2021 38685: HTTP: Siemens JT2Go DWG File Parsing Out-Of-Bounds Read Vulnerability (ZDI-21-243) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "38685: ZDI-CAN-12166: Zero Day Initiative Vulnerability (Siemens JT2Go)". - Severity changed from "Critical" to "High". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: January 12, 2021 - Last Modified Date: March 09, 2021 Modified Filters (metadata changes only): * = Enabled in Default deployments 37620: HTTP: Liferay Portal JSON Insecure Deserialization Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37620: HTTP: Lifeway Portal JSON Insecure Deserialization Vulnerability". - Description updated. - Release Date: April 21, 2020 - Last Modified Date: March 09, 2021 Removed Filters: NoneTop of the Page