Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Digital Vaccine #9558

    • Updated:
    • 14 Jul 2021
    • Product/Version:
    • TippingPoint Digital Vaccine
    • Platform:
Summary
Digital Vaccine #9558      July 13, 2021
Details
Public
Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs.

New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com.
 
System Requirements
The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above,  and all TPS systems. The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance. Please note that vTPS does not currently support pre-disclosed ZDI filters.
 
Microsoft Security Bulletins
This DV includes coverage for the Microsoft vulnerabilities released on or before July 13, 2021. The following table maps TippingPoint filters to the Microsoft CVEs.
CVEFilterStatus
CVE-2021-31183 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-31196 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-31206 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-31947 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-31961 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-31979 Local Exploitation Required
CVE-2021-31984 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-33740 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-33743 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-33744 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-33745 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-33746 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-33749 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-33750 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-33751 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-33752 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-33753 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-33754 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-33755 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-33756 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-33757 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-33758 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-33759 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-33760 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-33761 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-33763 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-33764 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-33765 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-33766 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-33767 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-33768 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-33771 Local Exploitation Required
CVE-2021-33772 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-33773 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-33774 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-33775 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-33776 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-33777 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-33778 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-33779 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-33780 Under Investigation
CVE-2021-33781 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-33782 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-33783 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-33784 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-33785 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-33786 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-33788 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-34438 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-34439 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-34440 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-34441 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-34442 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-34444 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-34445 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-34446 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-34447 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-34448 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-34449 Local Exploitation Required
CVE-2021-34450 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-34451 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-34452 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-34454 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-34455 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-34456 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-34457 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-34458 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-34459 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-34460 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-34461 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-34462 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-34464 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-34466 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-3446739959 
CVE-2021-34468 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-34469 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-34470 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-3447339997 
CVE-2021-34474 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-34476 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-34477 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-34479 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-34488 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-34489 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-34490 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-34491 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-34492 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-34493 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-34494 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-34496 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-34497 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-34498 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-34499 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-34500 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-34501 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-34503 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-34504 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-34507 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-34508 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-34509 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-34510 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-34511 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-34512 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-34513 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-34514 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-34516 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-34517 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-34518 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-34519 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-34520*39405 
CVE-2021-34521 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-34522 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-34523 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-34525 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-3452739940, 39954 
CVE-2021-34528 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-34529 Vendor Deemed Reproducibility or Exploitation Unlikely
Filters marked with * shipped prior to this DV, providing zero-day protection.
 
Adobe Security Bulletins
This DV includes coverage for the Adobe vulnerabilities released on or before July 13, 2021.
The following table maps TippingPoint filters to the Adobe CVEs.
BulletinCVEFilterStatus
APSB21-51CVE-2021-28634 Vendor Deemed Reproducibility or Exploitation Unlikely
APSB21-51CVE-2021-2863539963 
APSB21-51CVE-2021-28636 Vendor Deemed Reproducibility or Exploitation Unlikely
APSB21-51CVE-2021-28637 Vendor Deemed Reproducibility or Exploitation Unlikely
APSB21-51CVE-2021-28638 Vendor Deemed Reproducibility or Exploitation Unlikely
APSB21-51CVE-2021-28639 Vendor Deemed Reproducibility or Exploitation Unlikely
APSB21-51CVE-2021-2864039964 
APSB21-51CVE-2021-28641 Vendor Deemed Reproducibility or Exploitation Unlikely
APSB21-51CVE-2021-28642 Vendor Deemed Reproducibility or Exploitation Unlikely
APSB21-51CVE-2021-28643 Vendor Deemed Reproducibility or Exploitation Unlikely
APSB21-51CVE-2021-28644 Vendor Deemed Reproducibility or Exploitation Unlikely
APSB21-51CVE-2021-35980 Vendor Deemed Reproducibility or Exploitation Unlikely
APSB21-51CVE-2021-35981 Vendor Deemed Reproducibility or Exploitation Unlikely
APSB21-51CVE-2021-35983 Vendor Deemed Reproducibility or Exploitation Unlikely
APSB21-51CVE-2021-35984 Vendor Deemed Reproducibility or Exploitation Unlikely
APSB21-51CVE-2021-35985 Vendor Deemed Reproducibility or Exploitation Unlikely
APSB21-51CVE-2021-35986 Vendor Deemed Reproducibility or Exploitation Unlikely
APSB21-51CVE-2021-35987 Vendor Deemed Reproducibility or Exploitation Unlikely
APSB21-51CVE-2021-35988 Vendor Deemed Reproducibility or Exploitation Unlikely
Filters marked with * shipped prior to this DV, providing zero-day protection.
 
The Digital Vaccine can be manually downloaded from the following URLs:
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9558.pkg
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9558.pkg

Update Details

Table of Contents
--------------------------

Filters
 New Filters - 10
 Modified Filters (logic changes) - 4
 Modified Filters (metadata changes only) - 3
 Removed Filters - 0

Filters
----------------
  New Filters: 

    39941: HTTP: MyBookLive REST_API language Command Injection Vulnerability
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a command injection vulnerability in MyBookLive REST_API.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-18472
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: July 13, 2021

    39946: HTTP: Zoho ManageEngine Applications Manager Displayname Stored Cross-Site Scripting Vulnerability
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a stored cross-site scripting in Zoho ManageEngine.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: July 13, 2021

    39955: HTTP: MyBookLive REST_API XML External Entity Vulnerability
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an XML external entity vulnerability in MyBookLive REST_API.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-18472
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: July 13, 2021

    39956: HTTP: Jenkins Scriptler Plugin Parameter Names Stored Cross-Site Scripting Vulnerability
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a stored cross-site scripting vulnerability in Jenkins Scriptler Plugin.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-21667 CVSS 3.5
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: July 13, 2021

    39957: ZooKeeper: Apache Dubbo Routing Configuration Unsafe YAML Unmarshalling Vulnerability
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an unsafe YAML unmarshalling vulnerability in Apache Dubbo.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-30180 CVSS 6.8
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: TCP (Generic)
      - Platform: Multi-Platform Server Application or Service
      - Release Date: July 13, 2021

    39958: HTTP: Jenkins Scriptler Plugin Script Content Stored Cross-Site Scripting Vulnerability 
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a cross-site scripting vulnerability in Jenkins Scriptler Plugin.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-21668 CVSS 3.5
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: July 13, 2021

    39959: HTTP: Microsoft SharePoint Code Execution Vulnerability
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a code execution vulnerability in Microsoft SharePoint.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-34467
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Windows Server Application or Service
      - Release Date: July 13, 2021

    39963: HTTP: Adobe Acrobat Reader DC AcroForm addField Use-After-Free Vulnerability
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Adobe Acrobat Pro DC.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-28635
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application
      - Release Date: July 13, 2021

    39964: HTTP: Adobe Acrobat Reader DC Thermometer Use-After-Free Vulnerability
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Adobe Acrobat Reader DC.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-28640
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application
      - Release Date: July 13, 2021

    39997: TCP: Microsoft SharePoint Explicit Logon AutoDiscover Request
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Moderate
      - Description: This filter detects requests to a Microsoft Exchange Autodiscover service.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-34473
      - Classification: Security Policy - Other
      - Protocol: TCP (Generic)
      - Platform: Windows Server Application or Service
      - Release Date: July 13, 2021

  Modified Filters (logic changes):
    * = Enabled in Default deployments

    13971: HTTP:  Adobe Acrobat Professional Enhanced Metafile (EMF) Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.
      - Release Date: May 20, 2014
      - Last Modified Date: July 13, 2021

    38938: HTTP: Autodesk Design Review PDF File Parsing Out-Of-Bounds Read Vulnerability (ZDI-21-742)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38938: ZDI-CAN-13037: Zero Day Initiative Vulnerability (AutoDesk Design Review)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: February 23, 2021
      - Last Modified Date: July 13, 2021

    38942: HTTP: Microsoft Print 3D PLY File Parsing Out-Of-Bounds Read Vulnerability (ZDI-21-696)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38942: ZDI-CAN-13050: Zero Day Initiative Vulnerability (Microsoft Windows Print 3D)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: February 23, 2021
      - Last Modified Date: July 13, 2021

    39631: ZDI-CAN-13719: Zero Day Initiative Vulnerability (AutoDesk Navisworks)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform or TPS devices
      - Detection logic updated.
      - Release Date: May 04, 2021
      - Last Modified Date: July 13, 2021

  Modified Filters (metadata changes only):
    * = Enabled in Default deployments

    * 19713: TCP: EMC AutoStart ftAgent Remote Code Execution Vulnerability (ZDI-15-175)
      - IPS Version: 3.1.3 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Vulnerability references updated.
      - Release Date: April 14, 2015
      - Last Modified Date: July 13, 2021

    39940: RPC: Microsoft Windows AddPrinterDriverEx Request
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Miscellaneous modification.
      - Release Date: July 01, 2021
      - Last Modified Date: July 13, 2021

    39954: RPC: Microsoft Windows AsyncEnumPrinterDrivers/AsyncAddPrinterDriver Request
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Miscellaneous modification.
      - Release Date: July 06, 2021
      - Last Modified Date: July 13, 2021

  Removed Filters: None
      
Top of the Page
Premium
Internal
Partner
Rating:
Category:
Configure; Troubleshoot; Deploy
Solution Id:
TP000287775
Feedback
Did this article help you?

Thank you for your feedback!


*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.