Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs. New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com. SMS customers can update the Digital Vaccine through the SMS client. From the top-line menu, you can open the "File > Download Digital Vaccine from TMC" menu item to detect and load the latest update. |
System Requirements |
The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above, and all TPS systems. The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance. Please note that vTPS does not currently support pre-disclosed ZDI filters. |
The Digital Vaccine can be manually downloaded from the following URLs: https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9515.pkg https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9515.pkg |
Update Details
Table of Contents
--------------------------
Filters
New Filters - 51
Modified Filters (logic changes) - 14
Modified Filters (metadata changes only) - 3
Removed Filters - 0
Filters
----------------
New Filters: 38446: HTTP: Common Gateway Interface apply_save.cgi Usage - IPS Version: 3.6.2 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Moderate - Description: This filter detects the use of "apply_save" common gateway interface. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2021-27254 CVSS 6.3 - Zero Day Initiative: ZDI-21-252 - Classification: Security Policy - Other - Protocol: HTTP - Platform: Multi-Platform Client Application - Release Date: March 16, 2021 39082: ZDI-CAN-13010: Zero Day Initiative Vulnerability (AutoDesk Design Review) - IPS Version: 3.6.2 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting AutoDesk Design Review. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: March 16, 2021 39083: ZDI-CAN-13134: Zero Day Initiative Vulnerability (Phoenix Contact Automationworx) - IPS Version: 3.6.2 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Phoenix Contact Automationworx. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: March 16, 2021 39085: ZDI-CAN-12579: Zero Day Initiative Vulnerability (Apple WebKit) - IPS Version: 3.6.2 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter protects against exploitation of a zero-day vulnerability affecting Apple WebKit. - Deployments: - Deployment: Default (Block / Notify / Trace) - Deployment: Performance-Optimized (Disabled) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: March 16, 2021 39086: ZDI-CAN-12919: Zero Day Initiative Vulnerability (AutoDesk Design Review) - IPS Version: 3.6.2 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting AutoDesk Design Review. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: March 16, 2021 39087: ZDI-CAN-12984: Zero Day Initiative Vulnerability (AutoDesk Design Review) - IPS Version: 3.6.2 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting AutoDesk Design Review. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: March 16, 2021 39088: ZDI-CAN-12986: Zero Day Initiative Vulnerability (AutoDesk Design Review) - IPS Version: 3.6.2 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting AutoDesk Design Review. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: March 16, 2021 39089: ZDI-CAN-13038,ZDI-CAN-13039: Zero Day Initiative Vulnerability (Advantech WebAccess Node) - IPS Version: 3.6.2 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter protects against exploitation of a zero-day vulnerability affecting Advantech WebAccess Node. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: March 16, 2021 39090: ZDI-CAN-13005: Zero Day Initiative Vulnerability (AutoDesk Design Review) - IPS Version: 3.6.2 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting AutoDesk Design Review. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: March 16, 2021 39091: ZDI-CAN-12987: Zero Day Initiative Vulnerability (AutoDesk Design Review) - IPS Version: 3.6.2 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting AutoDesk Design Review. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: March 16, 2021 39092: ZDI-CAN-13040: Zero Day Initiative Vulnerability (Siemens Solid Edge Viewer) - IPS Version: 3.6.2 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens Solid Edge Viewer. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: March 16, 2021 39093: ZDI-CAN-13227: Zero Day Initiative Vulnerability (Microsoft Windows) - IPS Version: 3.6.2 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against exploitation of a zero-day vulnerability affecting Microsoft Windows. - Deployments: - Deployment: Default (Block / Notify / Trace) - Deployment: Performance-Optimized (Disabled) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: March 16, 2021 39094: ZDI-CAN-13131: Zero Day Initiative Vulnerability (Siemens JT2Go) - IPS Version: 3.6.2 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens JT2Go. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: March 16, 2021 39095: ZDI-CAN-13101: Zero Day Initiative Vulnerability (Foxit Reader) - IPS Version: 3.6.2 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter protects against exploitation of a zero-day vulnerability affecting Foxit Reader. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: March 16, 2021 39215: HTTP: SaltStack Salt salt.wheel.pillar_roots.writeMethod Directory Traversal Vulnerability - IPS Version: 3.6.2 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a directory traversal vulnerability in SaltStack Salt. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2021-25282 - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: March 16, 2021 39222: HTTP: Oracle E-Business Suite Common Applications Calendar Cross-Site Scripting Vulnerability - IPS Version: 3.6.2 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a cross-side scripting vulnerability in Oracle E-Business Suite. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2021-2114 CVSS 5.8 - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: March 16, 2021 39229: HTTP: 2Wire Multiple Routers Cross-Site Request Forgery Vulnerability - IPS Version: 3.6.2 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a cross-site request forgery (CSRF) vulnerability in multiple 2Wire Routers. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2007-4387 - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: Multi-Platform Client Application - Release Date: March 16, 2021 39230: HTTP: 2Wire Multiple Routers Sensitive Endpoint Request - IPS Version: 3.6.2 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Low - Description: This filter detects an attempt to access sensitive endpoints in multiple 2Wire Routers. - Deployment: Not enabled by default in any deployment. - References: - Common Vulnerabilities and Exposures: CVE-2007-4387 - Classification: Security Policy - Other - Protocol: HTTP - Platform: Multi-Platform Client Application - Release Date: March 16, 2021 39231: HTTP: 2Wire Multiple Routers 2Wire Header Detection - IPS Version: 3.6.2 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Low - Description: This filter detects a 2Wire HTTP Header. - Deployment: Not enabled by default in any deployment. - References: - Common Vulnerabilities and Exposures: CVE-2007-4387 - Classification: Security Policy - Other - Protocol: HTTP - Platform: Multi-Platform Client Application - Release Date: March 16, 2021 39232: TCP: Apple AppleTV AirPlay Display Image Request - IPS Version: 3.6.2 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Low - Description: This filter detects a display image request sent to an AppleTV with AirPlay. - Deployment: Not enabled by default in any deployment. - Classification: Security Policy - Other - Protocol: TCP (Generic) - Platform: Multi-Platform Client Application - Release Date: March 16, 2021 39233: TCP: Apple AppleTV AirPlay Display Video Request - IPS Version: 3.6.2 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Low - Description: This filter detects a display video request sent to an AppleTV with AirPlay. - Deployment: Not enabled by default in any deployment. - Classification: Security Policy - Other - Protocol: TCP (Generic) - Platform: Multi-Platform Client Application - Release Date: March 16, 2021 39234: TCP: Veeder-Root Automatic Tank Gauge Administrative Client Detection - IPS Version: 3.6.2 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Low - Description: This filter detects administrative requests to Veeder-Root Automatic Tank Gauges (ATGs). - Deployment: Not enabled by default in any deployment. - Classification: Security Policy - Other - Protocol: TCP (Generic) - Platform: Multi-Platform Server Application or Service - Release Date: March 16, 2021 39235: HTTP: Google Chromecast Factory Reset Request - IPS Version: 3.6.2 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Low - Description: This filter detects an attempt to factory reset a Google Chromecast. - Deployment: Not enabled by default in any deployment. - Classification: Security Policy - Other - Protocol: HTTP - Platform: Multi-Platform Client Application - Release Date: March 16, 2021 39236: HTTP: Google Chromecast Reboot Request - IPS Version: 3.6.2 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Low - Description: This filter detects an attempt to reboot a Google Chromecast. - Deployment: Not enabled by default in any deployment. - Classification: Security Policy - Other - Protocol: HTTP - Platform: Multi-Platform Client Application - Release Date: March 16, 2021 39237: HTTP: Google Chromecast YouTube DIAL Remote Control Play Request - IPS Version: 3.6.2 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Low - Description: This filter detects an attempt to play a YouTube video via the Discovery and Launch (DIAL) protocol through a Google Chromecast. - Deployment: Not enabled by default in any deployment. - Classification: Security Policy - Other - Protocol: HTTP - Platform: Multi-Platform Client Application - Release Date: March 16, 2021 39238: HTTP: Google Chromecast YouTube DIAL Remote Control Stop Request - IPS Version: 3.6.2 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Low - Description: This filter detects an attempt to stop YouTube via the Discovery and Launch (DIAL) protocol through a Google Chromecast. - Deployment: Not enabled by default in any deployment. - Classification: Security Policy - Other - Protocol: HTTP - Platform: Multi-Platform Client Application - Release Date: March 16, 2021 39239: HTTP: jQuery Vulnerable Version Detection - IPS Version: 3.6.2 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Low - Description: This filter detects requests to known vulnerable versions of JQuery. - Deployment: Not enabled by default in any deployment. - Classification: Security Policy - Other - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: March 16, 2021 39242: HTTP: Cisco Data Center Network Manager ReportServlet Session Request - IPS Version: 3.6.2 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Moderate - Description: This filter detects a session request to the ReportServlet in Cisco Data Center Network Manager (DCNM). - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2019-1619 - Classification: Security Policy - Other - Protocol: HTTP - Platform: UNIX/Linux Client Application - Release Date: March 16, 2021 39243: HTTP: Cisco Data Center Network Manager downloadServlet Information Disclosure Vulnerability - IPS Version: 3.6.2 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: High - Description: This filter detects an attempt to exploit an information disclosure vulnerability in Cisco Data Center Network Manager (DCNM). - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2019-1621 - Classification: Vulnerability - Other - Protocol: HTTP - Platform: UNIX/Linux Server Application or Service - Release Date: March 16, 2021 39244: HTTP: Cisco Secure ACS Password Change Request - IPS Version: 3.6.2 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Moderate - Description: This filter detects an attempt to change a password in Cisco Secure Access Control Server (ACS). - Deployment: Not enabled by default in any deployment. - References: - Common Vulnerabilities and Exposures: CVE-2011-0951 - Classification: Security Policy - Other - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: March 16, 2021 39245: ZDI-CAN-12341: Zero Day Initiative Vulnerability (Delta Industrial Automation DOPSoft) - IPS Version: 3.6.2 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Delta Industrial Automation DOPSoft. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: March 16, 2021 39246: ZDI-CAN-12600: Zero Day Initiative Vulnerability (Schneider Electric IGSS) - IPS Version: 3.6.2 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against exploitation of a zero-day vulnerability affecting Schneider Electric IGSS. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: March 16, 2021 39247: ZDI-CAN-12460: Zero Day Initiative Vulnerability (Synology DS418play) - IPS Version: 3.6.2 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Synology DS418play. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: March 16, 2021 39248: ZDI-CAN-12007: Zero Day Initiative Vulnerability (SolarWinds Orion) - IPS Version: 3.6.2 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting SolarWinds Orion. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: March 16, 2021 39249: ZDI-CAN-12578: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC) - IPS Version: 3.6.2 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Adobe Acrobat Pro DC. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: March 16, 2021 39250: ZDI-CAN-12740: Zero Day Initiative Vulnerability (AutoDesk Design Review) - IPS Version: 3.6.2 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting AutoDesk Design Review. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: March 16, 2021 39251: ZDI-CAN-12795: Zero Day Initiative Vulnerability (AutoDesk Design Review) - IPS Version: 3.6.2 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting AutoDesk Design Review. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: March 16, 2021 39252: ZDI-CAN-12856: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC) - IPS Version: 3.6.2 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Adobe Acrobat Pro DC. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: March 16, 2021 39253: ZDI-CAN-12875: Zero Day Initiative Vulnerability (AutoDesk Design Review) - IPS Version: 3.6.2 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting AutoDesk Design Review. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: March 16, 2021 39254: ZDI-CAN-12878: Zero Day Initiative Vulnerability (AutoDesk Design Review) - IPS Version: 3.6.2 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting AutoDesk Design Review. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: March 16, 2021 39257: ZDI-CAN-12879: Zero Day Initiative Vulnerability (AutoDesk Design Review) - IPS Version: 3.6.2 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting AutoDesk Design Review. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: March 16, 2021 39258: ZDI-CAN-12880: Zero Day Initiative Vulnerability (AutoDesk Design Review) - IPS Version: 3.6.2 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting AutoDesk Design Review. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: March 16, 2021 39259: ZDI-CAN-12881: Zero Day Initiative Vulnerability (AutoDesk Design Review) - IPS Version: 3.6.2 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting AutoDesk Design Review. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: March 16, 2021 39260: ZDI-CAN-12882: Zero Day Initiative Vulnerability (AutoDesk Design Review) - IPS Version: 3.6.2 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting AutoDesk Design Review. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: March 16, 2021 39261: ZDI-CAN-12883: Zero Day Initiative Vulnerability (AutoDesk Design Review) - IPS Version: 3.6.2 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting AutoDesk Design Review. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: March 16, 2021 39262: ZDI-CAN-12884: Zero Day Initiative Vulnerability (AutoDesk Design Review) - IPS Version: 3.6.2 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting AutoDesk Design Review. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: March 16, 2021 39263: ZDI-CAN-12886: Zero Day Initiative Vulnerability (AutoDesk Design Review) - IPS Version: 3.6.2 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting AutoDesk Design Review. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: March 16, 2021 39264: ZDI-CAN-12887: Zero Day Initiative Vulnerability (AutoDesk Design Review) - IPS Version: 3.6.2 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting AutoDesk Design Review. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: March 16, 2021 39265: HTTP: F5 BIG-IP ASM is_hdr_criteria_matches Buffer Overflow Vulnerability - IPS Version: 3.6.2 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in F5 BIG-IP. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2021-22992 - Classification: Vulnerability - Buffer/Heap Overflow - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: March 16, 2021 39266: ZDI-CAN-12888: Zero Day Initiative Vulnerability (AutoDesk Design Review) - IPS Version: 3.6.2 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting AutoDesk Design Review. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: March 16, 2021 39267: ZDI-CAN-12889: Zero Day Initiative Vulnerability (AutoDesk Design Review) - IPS Version: 3.6.2 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting AutoDesk Design Review. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: March 16, 2021 Modified Filters (logic changes): * = Enabled in Default deployments 37584: HTTP: Advantech iView NetworkServlet Improper Input Validation Vulnerability (ZDI-20-834) - IPS Version: 3.6.2 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Detection logic updated. - Release Date: April 14, 2020 - Last Modified Date: March 16, 2021 37789: HTTP: SaltStack Salt API SSH Client Command Injection Vulnerability(ZDI-20-1379,1380,1381,1382,1383) - IPS Version: 3.6.2 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Detection logic updated. - Release Date: June 23, 2020 - Last Modified Date: March 16, 2021 38121: HTTP: Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Vulnerability (ZDI-21-254) - IPS Version: 3.6.2 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "38121: ZDI-CAN-11704: Zero Day Initiative Vulnerability (Fatek Automation FvDesigner)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: September 22, 2020 - Last Modified Date: March 16, 2021 38151: HTTP: Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Read Vulnerability (ZDI-21-255) - IPS Version: 3.6.2 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "38151: ZDI-CAN-11802: Zero Day Initiative Vulnerability (Fatek Automation FvDesigner)". - Severity changed from "Critical" to "High". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: September 22, 2020 - Last Modified Date: March 16, 2021 38216: HTTP: Siemens JT2Go DXF File Parsing Out-Of-Bounds Write Vulnerability (ZDI-21-245) - IPS Version: 3.6.2 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Detection logic updated. - Release Date: October 06, 2020 - Last Modified Date: March 16, 2021 38217: HTTP: Siemens JT2Go DXF File Parsing Out-Of-Bounds Write Vulnerability (ZDI-21-246) - IPS Version: 3.6.2 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Detection logic updated. - Release Date: October 06, 2020 - Last Modified Date: March 16, 2021 38218: HTTP: Siemens JT2Go DXF File Parsing Memory Corruption Vulnerability (ZDI-21-218) - IPS Version: 3.6.2 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Detection logic updated. - Release Date: October 06, 2020 - Last Modified Date: March 16, 2021 38300: HTTP: Siemens JT2Go DXF File Parsing Memory Corruption Vulnerability (ZDI-21-221) - IPS Version: 3.6.2 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Detection logic updated. - Release Date: November 03, 2020 - Last Modified Date: March 16, 2021 38343: HTTP: Siemens SINEC NMS FirmwareFileUtils Directory Traversal Vulnerability (ZDI-21-253) - IPS Version: 3.6.2 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "38343: ZDI-CAN-12054: Zero Day Initiative Vulnerability (Siemens SINEC NMS)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: November 03, 2020 - Last Modified Date: March 16, 2021 38479: HTTP: Fatek Automation FvDesigner FPJ File Parsing Uninitialized Pointer Vulnerability (ZDI-21-261) - IPS Version: 3.6.2 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "38479: ZDI-CAN-12000: Zero Day Initiative Vulnerability (Fatek Automation FvDesigner)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: November 24, 2020 - Last Modified Date: March 16, 2021 38588: HTTP: Advantech iView UserServlet SQL Injection Vulnerability (ZDI-21-191) - IPS Version: 3.6.2 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Detection logic updated. - Vulnerability references updated. - Release Date: December 15, 2020 - Last Modified Date: March 16, 2021 38624: HTTP: Apache Struts 2 Attribute Forced OGNL Evaluation Vulnerability - IPS Version: 3.6.2 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Detection logic updated. - Release Date: December 15, 2020 - Last Modified Date: March 16, 2021 38815: ZDI-CAN-11845: Zero Day Initiative Vulnerability (OMRON CX-One) - IPS Version: 3.6.2 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform or TPS devices - Detection logic updated. - Release Date: February 02, 2021 - Last Modified Date: March 16, 2021 39101: HTTP: Microsoft Exchange Server Side Request Forgery Vulnerability - IPS Version: 3.6.2 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Detection logic updated. - Release Date: March 03, 2021 - Last Modified Date: March 16, 2021 Modified Filters (metadata changes only): * = Enabled in Default deployments * 3706: NDMP: Veritas Backup Exec Agent Security Bypass Vulnerability - IPS Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Miscellaneous modification. - Release Date: December 31, 2005 - Last Modified Date: March 16, 2021 13498: HTTP: Cisco Prime Data Center Network Manager Arbitrary File Upload Vulnerability (ZDI-13-255) - IPS Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Miscellaneous modification. - Release Date: February 04, 2014 - Last Modified Date: March 16, 2021 * 16871: HTTP: Google Android Browser Same Origin Policy Bypass Vulnerability - IPS Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Vulnerability references updated. - Release Date: October 21, 2014 - Last Modified Date: March 16, 2021 Removed Filters: NoneTop of the Page