Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Digital Vaccine #9528

    • Updated:
    • 14 Apr 2021
    • Product/Version:
    • TippingPoint Digital Vaccine
    • Platform:
Summary
Digital Vaccine #9528      April 13, 2021
Details
Public
Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs.

New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com.

SMS customers can update the Digital Vaccine through the SMS client. From the top-line menu, you can open the "File > Download Digital Vaccine from TMC" menu item to detect and load the latest update.
 
System Requirements
The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above,  and all TPS systems. The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance. Please note that vTPS does not currently support pre-disclosed ZDI filters.
 
Microsoft Security Bulletins
This DV includes coverage for the Microsoft vulnerabilities released on or before April 13, 2021. The following table maps TippingPoint filters to the Microsoft CVEs.
CVEFilterStatus
CVE-2021-26413 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-26415 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-26416 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-26417 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-27064 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-27067 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-27072 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-27079 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-27086 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-27088 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-27089 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-27090 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-27091 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-27092 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-27093 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-27094 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-27095 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-27096 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-28309 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-2831039553 
CVE-2021-28311 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-28312 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-28313 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-28314 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-28315 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-28316 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-28317 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-28318 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-28319 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-28320 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-28321 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-28322 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-28323 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-28324 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-2832539524 
CVE-2021-28326 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-28327 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-28328 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-28329 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-28330 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-28331 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-28332 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-28333 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-28334 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-28335 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-28336 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-28337 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-28338 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-28339 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-28340 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-28341 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-28342 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-28343 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-28344 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-28345 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-28346 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-28347 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-28348 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-28349 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-28350 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-28351 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-28352 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-28353 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-28354 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-28355 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-28356 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-28357 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-28358 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-28434 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-28435 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-28436 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-28437 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-28438 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-28439 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-28440 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-28441 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-28442 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-28443 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-28444 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-28445 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-28446 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-28447 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-28448 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-28449 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-28450 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-28451 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-28452 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-28453 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-28454 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-28456 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-28457 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-28458 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-28459 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-28460 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-28464 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-28466 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-28468 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-28469 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-28470 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-28472 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-28473 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-28475 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-28477 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-28480 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-28481 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-28482 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-28483 Vendor Deemed Reproducibility or Exploitation Unlikely
Filters marked with * shipped prior to this DV, providing zero-day protection.
 
The Digital Vaccine can be manually downloaded from the following URLs:
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9528.pkg
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9528.pkg

Update Details

Table of Contents
--------------------------

Filters
 New Filters - 14
 Modified Filters (logic changes) - 3
 Modified Filters (metadata changes only) - 1
 Removed Filters - 0

Filters
----------------
  New Filters: 

    39493: HTTP: WordPress File Manager connector.minimal.php Improper Access Control Vulnerability
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an improper access control vulnerability in WordPress File Manager.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-25213 CVSS 7.5
      - Classification: Vulnerability - Access Validation
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: April 13, 2021

    39496: HTTP: Ruby WEBrick DigestAuth Denial-of-Service Vulnerability
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: High
      - Description: This filter detects an attempt to exploit a denial-of-service vulnerability in WEBrick.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-16201
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: April 13, 2021

    39508: HTTP: Umbraco CMS File Upload Stored Cross-Site Scripting Vulnerability
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a cross-site scripting vulnerability in Umbraco CMS.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-5810 CVSS 3.5
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Windows Server Application or Service
      - Release Date: April 13, 2021

    39513: HTTP: Zoho ManageEngine Applications Manager Custom Monitor Type SQL Injection Vulnerability
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a SQL injection vulnerability in Zoho ManageEngine Application Manager.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: April 13, 2021

    39516: ZDI-CAN-13333: Zero Day Initiative Vulnerability (Foxit Reader)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform or TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter protects against exploitation of a zero-day vulnerability affecting Foxit Reader.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: April 13, 2021

    39517: ZDI-CAN-13470: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Fuji Electric Tellus Lite.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: April 13, 2021

    39518: ZDI-CAN-13469: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Fuji Electric Tellus Lite.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: April 13, 2021

    39519: ZDI-CAN-13494: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Fuji Electric Tellus Lite.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: April 13, 2021

    39520: ZDI-CAN-13495: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Fuji Electric Tellus Lite.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: April 13, 2021

    39521: ZDI-CAN-13493: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Fuji Electric Tellus Lite.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: April 13, 2021

    39523: HTTP: Batflat CMS Command Execution Vulnerability
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a command execution vulnerability in Batflat CMS.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-35734
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: April 13, 2021

    39524: SMB2: Create File Request Lease RqLs with Durable Handle DH2Q Usage
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Moderate
      - Description: This filter detects the usage of SMB2_CREATE_REQUEST_LEASE with SMB2_CREATE_DURABLE_HANDLE_REQUEST_V2 functionality to preserve client caching state across multiple SMB sessions.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-28325
      - Classification: Security Policy - Other
      - Protocol: SMB
      - Platform: Windows Server Application or Service
      - Release Date: April 13, 2021

    39525: HTTP: Apache OFBiz Insecure Deserialization Vulnerability
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an insecure deserialization vulnerability in Apache OFBiz.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-26295
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: April 13, 2021

    39553: HTTP: Microsoft Windows Win32k Privilege Escalation Vulnerability
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: High
      - Description: This filter detects an attempt to exploit a privilege escalation vulnerability in Microsoft Windows.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-28310
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Windows Client Application
      - Release Date: April 13, 2021

  Modified Filters (logic changes):
    * = Enabled in Default deployments

    38393: HTTP: NETGEAR ProSAFE NMS SettingConfigController Command Injection Vulnerability (ZDI-21-356)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38393: ZDI-CAN-12121: Zero Day Initiative Vulnerability (NETGEAR ProSAFE NMS)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: November 17, 2020
      - Last Modified Date: April 13, 2021

    38394: HTTP: NETGEAR ProSAFE NMS ReportTemplateController Directory Traversal Vulnerability (ZDI-21-355)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38394: ZDI-CAN-12123: Zero Day Initiative Vulnerability (NETGEAR ProSAFE NMS)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: November 17, 2020
      - Last Modified Date: April 13, 2021

    38395: HTTP: NETGEAR ProSAFE NMS MFileUploadController Unrestricted File Upload Vulnerability (ZDI-21-357)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38395: ZDI-CAN-12124: Zero Day Initiative Vulnerability (NETGEAR ProSAFE NMS)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: November 17, 2020
      - Last Modified Date: April 13, 2021

  Modified Filters (metadata changes only):
    * = Enabled in Default deployments

    39380: HTTP: CMS Made Simple Smarty Server-Side Template Injection Vulnerability 
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "39380: HTTP: CMS Made Simple Smarty Serverside Template Injection Vulnerability ".
      - Release Date: April 06, 2021
      - Last Modified Date: April 13, 2021
      
  Removed Filters: None
      
Top of the Page
Premium
Internal
Partner
Rating:
Category:
Configure; Troubleshoot; Deploy
Solution Id:
TP000286253
Feedback
Did this article help you?

Thank you for your feedback!


*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.