Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Digital Vaccine #9546

    • Updated:
    • 9 Jun 2021
    • Product/Version:
    • TippingPoint Digital Vaccine
    • Platform:
Summary
Digital Vaccine #9546      June 8, 2021
Details
Public
Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs.

New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com.
 
System Requirements
The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above,  and all TPS systems. The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance. Please note that vTPS does not currently support pre-disclosed ZDI filters.
 
Microsoft Security Bulletins
This DV includes coverage for the Microsoft vulnerabilities released on or before June 8, 2021. The following table maps TippingPoint filters to the Microsoft CVEs.
CVEFilterStatus
CVE-2021-1675 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-26414 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-26420 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-31199 Local Exploitation Required
CVE-2021-31201 Local Exploitation Required
CVE-2021-31938 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-31939 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-31940 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-31941 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-31942 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-31943 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-31944 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-31945 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-31946 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-31948 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-31949 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-31950 Local Exploitation Required
CVE-2021-31951 Local Exploitation Required
CVE-2021-31952 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-31953 Local Exploitation Required
CVE-2021-31954 Local Exploitation Required
CVE-2021-31955 Local Exploitation Required
CVE-2021-31956 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-31957 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-31958 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-3195939854 
CVE-2021-31960 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-31962 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-31963 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-31964 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-31965 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-31966 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-31967 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-31968 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-31969 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-31970 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-31971 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-31972 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-31973 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-31974 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-31975 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-31976 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-31977 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-31978 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-31980 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-31983 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-31985 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-33739 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-33742 Under Investigation
Filters marked with * shipped prior to this DV, providing zero-day protection.
 
Adobe Security Bulletins
This DV includes coverage for the Adobe vulnerabilities released on or before June 8, 2021. The following table maps TippingPoint filters to the Adobe CVEs.
BulletinCVEFilterStatus
APSB21-37CVE-2021-28551 Vendor Deemed Reproducibility or Exploitation Unlikely
APSB21-37CVE-2021-28552 Vendor Deemed Reproducibility or Exploitation Unlikely
APSB21-37CVE-2021-2855439834 
APSB21-37CVE-2021-28631 Vendor Deemed Reproducibility or Exploitation Unlikely
APSB21-37CVE-2021-28632 Vendor Deemed Reproducibility or Exploitation Unlikely
Filters marked with * shipped prior to this DV, providing zero-day protection.
 
The Digital Vaccine can be manually downloaded from the following URLs:
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9546.pkg
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9546.pkg

Update Details

Table of Contents
--------------------------

Filters
 New Filters - 18
 Modified Filters (logic changes) - 1
 Modified Filters (metadata changes only) - 2
 Removed Filters - 0

Filters
----------------
  New Filters: 

    39822: ZDI-CAN-13055: Zero Day Initiative Vulnerability (NETGEAR Nighthawk R7800)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform or TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Netgear Nighthawk R7800.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: June 08, 2021

    39824: ZDI-CAN-13635: Zero Day Initiative Vulnerability (VMWare vCenter)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting VMWare vCenter.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: June 08, 2021

    39825: ZDI-CAN-13641: Zero Day Initiative Vulnerability (VMWare vCenter)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting VMWare vCenter.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: June 08, 2021

    39826: ZDI-CAN-13766: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform or TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Adobe Acrobat Pro DC.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: June 08, 2021

    39827: ZDI-CAN-13905: Zero Day Initiative Vulnerability (Fatek Automation WinProladder)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against exploitation of a zero-day vulnerability affecting Fatek Automation WinProladder.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: June 08, 2021

    39828: ZDI-CAN-13903: Zero Day Initiative Vulnerability (Fatek Automation WinProladder)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against exploitation of a zero-day vulnerability affecting Fatek Automation WinProladder.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: June 08, 2021

    39829: ZDI-CAN-13852: Zero Day Initiative Vulnerability (Fatek Automation WinProladder)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against exploitation of a zero-day vulnerability affecting Fatek Automation WinProladder.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: June 08, 2021

    39830: ZDI-CAN-13904: Zero Day Initiative Vulnerability (Fatek Automation WinProladder)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against exploitation of a zero-day vulnerability affecting Fatek Automation WinProladder.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: June 08, 2021

    39831: ZDI-CAN-13906: Zero Day Initiative Vulnerability (Fatek Automation WinProladder)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against exploitation of a zero-day vulnerability affecting Fatek Automation WinProladder.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: June 08, 2021

    39832: ZDI-CAN-13913: Zero Day Initiative Vulnerability (AutoDesk Design Review)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting AutoDesk Design Review.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: June 08, 2021

    39834: HTTP: Adobe Acrobat Reader DC Out-of-Bounds Read Vulnerability
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a use-after-free vulnerability in in Adobe Acrobat Reader DC.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-28554
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application
      - Release Date: June 08, 2021

    39843: HTTP: Cisco HyperFlex HX Auth Handling Remote Command Execution Vulnerability
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a code execution vulnerability in Cisco HyperFlex.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-1497 CVSS 10.0
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: June 08, 2021

    39844: SMTP: Email with Large Number of Recipients
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects mail traffic with a large number of recipients.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-28017
      - Classification: Vulnerability - Buffer/Heap Overflow
      - Protocol: SMTP
      - Platform: UNIX/Linux Server Application or Service
      - Release Date: June 08, 2021

    39845: SMTP: Exim Mail Server auth_xtextdecode Code Execution Vulnerability
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a code execution vulnerability in Exim Mail Server.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-28021
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: SMTP
      - Platform: UNIX/Linux Server Application or Service
      - Release Date: June 08, 2021

    39846: HTTP: Netgear ProSAFE NMS300 FileUploadUtils Directory Traversal Vulnerability
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a directory traversal vulnerability in Netgear ProSAFE NMS300.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: June 08, 2021

    39847: HTTP: Cisco HyperFlex HX upload Handling Directory Traversal Vulnerability
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter detects an attempt to exploit a directory traversal vulnerability in Cisco HyperFlex.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-1499 CVSS 5.0
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: June 08, 2021

    39848: HTTP: VMware vSphere Client getClusterCapabilityData Request
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Moderate
      - Description: This filter detects the usage of a getClusterCapabilityData request in VMware vSphere Client.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-21985
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application
      - Release Date: June 08, 2021

    39854: HTTP: Microsoft Edge JIT Object PropertyId Type Confusion Vulnerability
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a type confusion vulnerability in Microsoft Edge.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-31959
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application
      - Release Date: June 08, 2021

  Modified Filters (logic changes):
    * = Enabled in Default deployments

    38687: HTTP: SolarWinds NPM FromJson Insecure Deserialization Vulnerability (ZDI-21-602)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38687: ZDI-CAN-12213: Zero Day Initiative Vulnerability (SolarWinds Network Performance Monitor)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: January 12, 2021
      - Last Modified Date: June 08, 2021

  Modified Filters (metadata changes only):
    * = Enabled in Default deployments

    38347: HTTP: Adobe Acrobat Reader DC Annotation page Property Use-After-Free Vulnerability (ZDI-21-169)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Miscellaneous modification.
      - Release Date: November 03, 2020
      - Last Modified Date: June 08, 2021

    39805: ZDI-CAN-13425: Zero Day Initiative Vulnerability (VMWare vCenter)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, or TPS models.
      - Miscellaneous modification.
      - Release Date: June 01, 2021
      - Last Modified Date: June 08, 2021

  Removed Filters: None
      
Top of the Page
Premium
Internal
Partner
Rating:
Category:
Configure; Troubleshoot; Deploy
Solution Id:
TP000286714
Feedback
Did this article help you?

Thank you for your feedback!


*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.