Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Digital Vaccine #9597

    • Updated:
    • 13 Oct 2021
    • Product/Version:
    • TippingPoint Digital Vaccine
    • Platform:
Summary
Digital Vaccine #9597      October 12, 2021
Details
Public
Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs.

New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com.
 
System Requirements
The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above,  and all TPS systems. The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance. Please note that vTPS does not currently support pre-disclosed ZDI filters.
 
Microsoft Security Bulletins
This DV includes coverage for the Microsoft vulnerabilities released on or before October 12, 2021. The following table maps TippingPoint filters to the Microsoft CVEs.
CVEFilterStatus
CVE-2021-26427 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-26441 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-26442 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-34453 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-36953 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-36970 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-38662 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-38663 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-38672 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-40443 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-40449 Local Exploitation Required
CVE-2021-40450 Local Exploitation Required
CVE-2021-40454 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-40455 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-40456 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-40457 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-40458 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-40459 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-40460 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-40461 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-40462 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-40463 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-40464 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-40465 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-40466 Local Exploitation Required
CVE-2021-40467 Local Exploitation Required
CVE-2021-40468 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-40469 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-40470 Local Exploitation Required
CVE-2021-40471 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-40472 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-40473 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-40474 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-40475 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-40476 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-40477 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-40478 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-40479 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-40480 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-40481 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-40482 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-40483 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-40484 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-40485 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-40486 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-40487 Under Investigation
CVE-2021-40488 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-40489 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-41330 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-41331 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-41332 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-41333 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-41334 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-41335 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-41336 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-41337 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-41338 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-41339 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-41340 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-41341 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-41342 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-41343 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-41344 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-41345 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-41346 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-41347 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-41348 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-41349 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-41350 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-41352 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-41353 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-41354 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-41355 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-41357 Local Exploitation Required
CVE-2021-41361 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-41363 Vendor Deemed Reproducibility or Exploitation Unlikely
Filters marked with * shipped prior to this DV, providing zero-day protection.
 
The Digital Vaccine can be manually downloaded from the following URLs:
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9597.pkg
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9597.pkg

Update Details

Table of Contents
--------------------------

Filters
 New Filters - 9
 Modified Filters (logic changes) - 5
 Modified Filters (metadata changes only) - 2
 Removed Filters - 1

Filters
----------------
  New Filters: 

    39823: HTTP: VMware vCenter Server Appliance Missing Authentication Vulnerability (ZDI-21-1107)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Moderate
      - Description: This detects missing authentication in VMware vCenter Server Appliance.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-22008 CVSS 5.3
        - Zero Day Initiative: ZDI-21-1107
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: October 12, 2021

    40242: HTTP: WordPress Plugin ProfilePress Privilege Escalation Vulnerability
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a privilege escalation vulnerability in the WordPress plugin, ProfilePress.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-34621 CVSS 3.1
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: October 12, 2021

    40335: HTTP: GitLab Community and Enterprise Edition Branch Name Stored Cross-Site Scripting Vulnerability
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter detects an attempt to exploit a stored cross-site scripting vulnerability in GitLab Community and Enterprise Edition.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-22241 CVSS 3.5
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: October 12, 2021

    40385: HTTP: WordPress Redirect404 To Parent Cross-Site Scripting Vulnerability
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a cross-site scripting vulnerability in Redirect404 To Parent plugin for WordPress.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-24286 CVSS 6.1
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: October 12, 2021

    40386: HTTP: Google Chrome V8 Out-Of-Bounds Write Vulnerability
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an out-of-bounds write vulnerability in Google Chrome V8.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-30632
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Other Client Application
      - Release Date: October 12, 2021

    40389: ZDI-CAN-14859: Zero Day Initiative Vulnerability (SolarWinds Network Performance Monitor)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting SolarWinds Network Performance Monitor.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: October 12, 2021

    40390: ZDI-CAN-15311: Zero Day Initiative Vulnerability (SolarWinds Network Performance Monitor)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting SolarWinds Network Performance Monitor.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: October 12, 2021

    40391: ZDI-CAN-15313: Zero Day Initiative Vulnerability (SolarWinds Network Performance Monitor)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting SolarWinds Network Performance Monitor.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: October 12, 2021

    40392: ZDI-CAN-15314: Zero Day Initiative Vulnerability (SolarWinds Network Performance Monitor)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting SolarWinds Network Performance Monitor.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: October 12, 2021

  Modified Filters (logic changes):
    * = Enabled in Default deployments

    39347: HTTP: Oracle Business Intelligence BIRemotingServlet Deserialization Vulnerability (ZDI-21-885)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "39347: ZDI-CAN-13104: Zero Day Initiative Vulnerability (Oracle Business Intelligence)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: March 30, 2021
      - Last Modified Date: October 12, 2021

    39822: HTTP: NETGEAR R7800 net-cgi Out-Of-Bounds Write Vulnerability (ZDI-21-1116)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "39822: ZDI-CAN-13055: Zero Day Initiative Vulnerability (NETGEAR Nighthawk R7800)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: June 08, 2021
      - Last Modified Date: October 12, 2021

    39824: HTTP: VMware vCenter Server Appliance External Control of File Path Vulnerability (ZDI-21-1109)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "39824: ZDI-CAN-13635: Zero Day Initiative Vulnerability (VMWare vCenter)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: June 08, 2021
      - Last Modified Date: October 12, 2021

    39825: HTTP: VMware vCenter Server Appliance External Control of File Path Vulnerability (ZDI-21-1111)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "39825: ZDI-CAN-13641: Zero Day Initiative Vulnerability (VMWare vCenter)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: June 08, 2021
      - Last Modified Date: October 12, 2021

    40374: HTTP: WordPress Fitness Calculators Plugin XSS Vulnerability
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.
      - Release Date: October 05, 2021
      - Last Modified Date: October 12, 2021

  Modified Filters (metadata changes only):
    * = Enabled in Default deployments

    1125: HTTP: ../.. Directory Traversal
      - IPS Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Vulnerability references updated.
      - Release Date: December 31, 2005
      - Last Modified Date: October 12, 2021

    39805: HTTP:VMware vCenter Server Appliance Update Manager Directory Traversal Vulnerability (ZDI-21-1105)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "39805: ZDI-CAN-13425: Zero Day Initiative Vulnerability (VMWare vCenter)".
      - Description updated.
      - Vulnerability references updated.
      - Release Date: June 01, 2021
      - Last Modified Date: October 12, 2021

  Removed Filters:

    20106: ZDI-CAN-2967: Zero Day Initiative Vulnerability (Adobe Flash)
      - IPS Version: 3.1.3 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Release Date: July 21, 2015
      - Last Modified Date: October 23, 2018
      

Top of the Page
Premium
Internal
Partner
Rating:
Category:
Configure; Troubleshoot; Deploy
Solution Id:
TP000289256
Feedback
Did this article help you?

Thank you for your feedback!


*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.