Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Digital Vaccine #9586

    • Updated:
    • 8 Sep 2021
    • Product/Version:
    • TippingPoint Digital Vaccine
    • Platform:
Summary
Digital Vaccine #9586      September 7, 2021
Details
Public
Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs.

New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com.
 
System Requirements
The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above,  and all TPS systems. The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance. Please note that vTPS does not currently support pre-disclosed ZDI filters.
 
The Digital Vaccine can be manually downloaded from the following URLs:
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9586.pkg
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9586.pkg

Update Details

Table of Contents
--------------------------

Filters
 New Filters - 9
 Modified Filters (logic changes) - 9
 Modified Filters (metadata changes only) - 4
 Removed Filters - 1

Filters
----------------
  New Filters: 

      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a SQL injection vulnerability in Centreon.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: September 07, 2021

    40166: HTTP: Advantech R-SeeNet ssh_form.php Cross-Site Scripting Vulnerability
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a cross-site scripting vulnerability in Advantech R-SeeNet.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-21800 CVSS 6.3
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: September 07, 2021

    40173: HTTP: Nagios XI switch.ini.php Command Injection Vulnerability
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a command injection vulnerability in Nagios XI.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-37344 CVSS 6.0
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: September 07, 2021

    40174: HTTP: ThinkCMF Framework XSS Remote Code Execution Exploit
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a cross-site scripting vulnerability in ThinkCMF Framework.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: September 07, 2021

    40177: HTTP: Eaton IPM removeBackground removeFirmware Arbitrary File Deletion Vulnerability
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter detects an attempt to exploit an arbitrary file deletion vulnerability in Eaton Intelligent Power Manager.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-23278 CVSS 5.5
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: September 07, 2021

    40179: HTTP: Apache Camel CamelXsltResourceUri Header Usage
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Moderate
      - Description: This filter detects any attempt to use the Apache Camel's XSLT component.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2014-0003
      - Classification: Security Policy - Forbidden Application Access or Service Request
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: September 07, 2021

    40180: HTTP: Microsoft Exchange Server ECP Authentication Bypass Vulnerability (ZDI-21-798)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter detects an attempt to exploit an authentication bypass vulnerability in Microsoft Exchange.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-33766 CVSS 5.0
        - Zero Day Initiative: ZDI-21-798
      - Classification: Vulnerability - Access Validation
      - Protocol: HTTP
      - Platform: Windows Server Application or Service
      - Release Date: September 07, 2021

    40181: HTTP: Adobe Acrobat Reader DC JPEG2000 Heap Buffer Overflow
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Adobe Acrobat Reader DC.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-28560
      - Classification: Vulnerability - Buffer/Heap Overflow
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application
      - Release Date: September 07, 2021

    40260: HTTP: Atlassian Confluence Server and Data Center OGNL Injection Vulnerability
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an OGNL injection vulnerability in Atlassian Confluence Server and Data Center.
      - Deployments:
        - Deployment: Default (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-26084
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: September 07, 2021

  Modified Filters (logic changes):
    * = Enabled in Default deployments

    34225: HTTP: Apple Safari FloatingObjects Use-After-Free Vulnerability (ZDI-19-677)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "34225: ZDI-CAN-7864: Zero Day Initiative Vulnerability (Apple Safari)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: February 05, 2019
      - Last Modified Date: September 07, 2021

    36636: HTTP: NETGEAR Routers UPnP SOAPAction Authentication Bypass Vulnerability (Pwn2Own ZDI-20-703)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "36636: HTTP: NETGEAR R6700 UPnP SOAPAction Authentication Bypass Vulnerability (Pwn2Own ZDI-20-703)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: November 19, 2019
      - Last Modified Date: September 07, 2021

    38235: MS-NRPC: Microsoft Windows NetrServerAuthenticate Request
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Release Date: September 29, 2020
      - Last Modified Date: September 07, 2021

    * 38304: HTTP: Cisco Multiple Routers RESTCONF Header Command Injection Vulnerability (ZDI-21-132)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38304:  ZDI-CAN-11688: Zero Day Initiative Vulnerability (Cisco Multiple Routers)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: November 03, 2020
      - Last Modified Date: September 07, 2021

    * 38306: HTTP: Cisco Multiple Routers RESTCONF URL Command Injection Vulnerability (ZDI-21-133)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38306:  ZDI-CAN-11690: Zero Day Initiative Vulnerability (Cisco Multiple Routers)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: November 03, 2020
      - Last Modified Date: September 07, 2021

    * 38307: HTTP: Cisco Multiple Routers RESTCONF Directory Traversal Vulnerability (ZDI-21-134)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38307:  ZDI-CAN-11693: Zero Day Initiative Vulnerability (Cisco Multiple Routers)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: November 03, 2020
      - Last Modified Date: September 07, 2021

    * 38308: HTTP: Cisco Multiple Routers DNIAPI Directory Traversal Vulnerability (ZDI-21-135)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38308:  ZDI-CAN-11716: Zero Day Initiative Vulnerability (Cisco Multiple Routers)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: November 03, 2020
      - Last Modified Date: September 07, 2021

    38456: HTTP: Google Chrome JavaScript Type Confusion Vulnerability
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Release Date: November 10, 2020
      - Last Modified Date: September 07, 2021

    39966: HTTP: Facade Ignition Error-Handling Code Execution Vulnerability
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Release Date: July 20, 2021
      - Last Modified Date: September 07, 2021

  Modified Filters (metadata changes only):
    * = Enabled in Default deployments

    13855: TCP: XML External Entity (XXE) Usage
      - IPS Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Vulnerability references updated.
      - Release Date: April 28, 2014
      - Last Modified Date: September 07, 2021

    * 33707: HTTP: Apache Camel XML CamelXsltResourceUri Java Code Execution Vulnerability
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Release Date: December 11, 2018
      - Last Modified Date: September 07, 2021

    33903: HTTP: Horner Automation Cscape CSP File Parsing Out-of-Bounds Write Vulnerability (ZDI-19-226)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Vulnerability references updated.
      - Release Date: January 01, 2019
      - Last Modified Date: September 07, 2021

    39970: ZDI-CAN-14055: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform or TPS devices
      - Miscellaneous modification.
      - Release Date: August 24, 2021
      - Last Modified Date: September 07, 2021

  Removed Filters:

    36637: ZDI-CAN-9659: Zero Day Initiative Vulnerability (Netgear Nighthawk AC1750)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Release Date: November 19, 2019


Top of the Page
Premium
Internal
Partner
Rating:
Category:
Configure; Troubleshoot; Deploy
Solution Id:
TP000288988
Feedback
Did this article help you?

Thank you for your feedback!


*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.