Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Digital Vaccine #9630

    • Updated:
    • 12 Jan 2022
    • Product/Version:
    • TippingPoint Digital Vaccine
    • Platform:
Summary
Digital Vaccine #9630      January 11, 2022
Details
Public
Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs.

New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com.
 
System Requirements
The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above,  and all TPS systems. The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance. Please note that vTPS does not currently support pre-disclosed ZDI filters.
 
Microsoft Security Bulletins
This DV includes coverage for the Microsoft vulnerabilities released on or before January 11, 2022. The following table maps TippingPoint filters to the Microsoft CVEs.
CVEFilterStatus
CVE-2021-22947 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-36976 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2022-21833 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2022-21834 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2022-21835 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2022-21836 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2022-21837 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2022-21838 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2022-21839 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2022-21840 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2022-21841 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2022-21842 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2022-21843 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2022-21846 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2022-21847 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2022-21848 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2022-21849 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2022-21850 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2022-21851 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2022-21852 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2022-21855 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2022-21857 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2022-21858 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2022-21859 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2022-21860 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2022-21861 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2022-21862 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2022-21863 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2022-21864 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2022-21865 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2022-21866 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2022-21867 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2022-21868 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2022-21869 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2022-21870 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2022-21871 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2022-21872 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2022-21873 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2022-21874 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2022-21875 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2022-21876 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2022-21877 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2022-21878 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2022-21879 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2022-21880 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2022-21881 Local Exploitation Required
CVE-2022-21882 Local Exploitation Required
CVE-2022-21883 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2022-21884 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2022-21885 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2022-21887 Local Exploitation Required
CVE-2022-21888 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2022-21889 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2022-21890 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2022-21891 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2022-21892 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2022-21893 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2022-21894 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2022-21895 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2022-21896 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2022-21897 Local Exploitation Required
CVE-2022-21898 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2022-21899 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2022-21900 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2022-21901 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2022-21902 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2022-21903 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2022-21904 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2022-21905 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2022-21906 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2022-21907 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2022-21908 Local Exploitation Required
CVE-2022-21910 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2022-21911 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2022-21912 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2022-21913 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2022-21914 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2022-21915 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2022-21916 Local Exploitation Required
CVE-2022-21917 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2022-21918 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2022-21919 Local Exploitation Required
CVE-2022-21920 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2022-21921 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2022-21922 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2022-21924 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2022-21925 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2022-21928 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2022-21929 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2022-21930 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2022-21931 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2022-21932 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2022-21954 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2022-21958 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2022-21959 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2022-21960 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2022-21961 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2022-21962 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2022-21963 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2022-21964 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2022-21969 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2022-21970 Vendor Deemed Reproducibility or Exploitation Unlikely
Filters marked with * shipped prior to this DV, providing zero-day protection.
 
The Digital Vaccine can be manually downloaded from the following URLs:
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9630.pkg
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9630.pkg

Update Details

Table of Contents
--------------------------

Filters
 New Filters - 8
 Modified Filters (logic changes) - 5
 Modified Filters (metadata changes only) - 10
 Removed Filters - 0

Filters
----------------
  New Filters: 

    40639: HTTP: WordPress Mapa Politico Espana Plugin Cross-Site Scripting Vulnerability
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a cross-site scripting vulnerability in WordPress Mapa Politico Espana plugin.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-24609
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: January 11, 2022

    40657: ZDI-CAN-15692: Zero Day Initiative Vulnerability (NETGEAR R6700v3)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform or TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting NETGEAR R6700v3.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: January 11, 2022

    40658: ZDI-CAN-15762: Zero Day Initiative Vulnerability (NETGEAR R6700v3)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform or TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting NETGEAR R6700v3.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: January 11, 2022

    40662: HTTP: Oracle WebLogic Code Execution Vulnerability
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a code execution vulnerability in Oracle WebLogic.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-14882 CVSS 10.0
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: January 11, 2022

    40663: HTTP: WordPress Popular Posts Plugin Arbitrary File Upload Vulnerability
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an arbitrary file upload vulnerability in WordPress Popular Posts Plugin.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-42362 CVSS 8.8
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: January 11, 2022

    40664: HTTP: Zoho ManageEngine ADManager Plus ReportsAction Unrestricted File Upload Vulnerability
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a file upload vulnerability in Zoho ManageEngine.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-37921 CVSS 7.5
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: January 11, 2022

    40670: HTTP: device.rsp Request with admin Cookie
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Security Policy
      - Severity: Moderate
      - Description: This filter detects device.rsp requests with admin Cookie.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-9995
      - Classification: Security Policy - Forbidden Application Access or Service Request
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: January 11, 2022

    40671: HTTP: Apache APISIX uri-block Plugin Directory Traversal Vulnerability 
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Exploits
      - Severity: High
      - Description: This filter detects an attempt to exploit a directory traversal vulnerability in Apache APISIX.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-43557
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: January 11, 2022

  Modified Filters (logic changes):
    * = Enabled in Default deployments

    37077: UDP: D-Link Devices Unauthenticated Command Execution Vulnerability
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Release Date: February 25, 2020
      - Last Modified Date: January 11, 2022

    * 37427: HTTP: Dell iDRAC Code Injection Vulnerability
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Release Date: March 31, 2020
      - Last Modified Date: January 11, 2022

    40228: HTTP: Veritas Enterprise Vault Insecure Deserialization Vulnerability (ZDI-21-1589-1594)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "40228: ZDI-CAN-14074-76,14078-80: Zero Day Initiative Vulnerability (Veritas Enterprise Vault Monitoring)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: September 14, 2021
      - Last Modified Date: January 11, 2022

    * 40627: HTTP: JNDI Injection in HTTP Request
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Detection logic updated.
      - Release Date: December 13, 2021
      - Last Modified Date: January 11, 2022

    40651: HTTP: JNDI Recursive Variable Replacement in an HTTP Request
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Detection logic updated.
      - Release Date: December 21, 2021
      - Last Modified Date: January 11, 2022

  Modified Filters (metadata changes only):
    * = Enabled in Default deployments

    19813: HTTP: WordPress Theme Divi Directory Traversal Vulnerability
      - IPS Version: 3.1.3 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Vulnerability references updated.
      - Release Date: May 12, 2015
      - Last Modified Date: January 11, 2022

    40369: HTTP: Microsoft Azure Defender for IoT sync Endpoint SQL Injection Vulnerability (ZDI-21-1555)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "40369: ZDI-CAN-14159: Zero Day Initiative Vulnerability (Microsoft Azure Defender for IoT)".
      - Description updated.
      - Vulnerability references updated.
      - Release Date: October 05, 2021
      - Last Modified Date: January 11, 2022

    40371: HTTP: Microsoft Azure Defender for IoT update-handshake SQL Injection Vulnerability (ZDI-21-1556)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "40371: ZDI-CAN-14160: Zero Day Initiative Vulnerability (Microsoft Azure Defender for IoT)".
      - Description updated.
      - Vulnerability references updated.
      - Release Date: October 05, 2021
      - Last Modified Date: January 11, 2022

    40372: HTTP: Microsoft Azure Defender for IoT maintenanceWindow SQL Injection Vulnerability (ZDI-21-1595)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "40372: ZDI-CAN-14189: Zero Day Initiative Vulnerability (Microsoft Azure Defender for IoT)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Vulnerability references updated.
      - Release Date: October 05, 2021
      - Last Modified Date: January 11, 2022

    40390: HTTP: SolarWinds Network Performance TextToSpeech Privilege Escalation Vulnerability (ZDI-21-1596)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "40390: ZDI-CAN-15311: Zero Day Initiative Vulnerability (SolarWinds Network Performance Monitor)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Vulnerability references updated.
      - Release Date: October 12, 2021
      - Last Modified Date: January 11, 2022

    40391: HTTP: SolarWinds Network Performance PlaySound Privilege Escalation Vulnerability (ZDI-21-1597)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "40391: ZDI-CAN-15313: Zero Day Initiative Vulnerability (SolarWinds Network Performance Monitor)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Vulnerability references updated.
      - Release Date: October 12, 2021
      - Last Modified Date: January 11, 2022

    40392: HTTP: SolarWinds Network Performance Privilege Escalation Vulnerability (ZDI-21-1598-1600,02,03)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "40392: ZDI-CAN-15314-15316,15318: Zero Day Initiative Vulnerability(SolarWinds Network Performance Monitor)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Vulnerability references updated.
      - Release Date: October 12, 2021
      - Last Modified Date: January 11, 2022

    40580: HTTP: Edgewater Networks EdgeMarc User-Defined Configuration Request
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "40580: HTTP: Edgewater Networks Edgemarc User-Defined Configuration Request".
      - Description updated.
      - Release Date: December 07, 2021
      - Last Modified Date: January 11, 2022

    * 40581: HTTP: Edgewater Networks EdgeMarc Command Injection Vulnerability
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "40581: HTTP: Edgewater Networks Edgemarc Command Injection Vulnerability".
      - Description updated.
      - Release Date: December 07, 2021
      - Last Modified Date: January 11, 2022

    * 40660: HTTP: WordPress ZoomSounds Plugin Information Disclosure Vulnerability
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Name changed from "40660: HTTP: WordPress Zoomsounds Plugin Information Disclosure Vulnerability".
      - Description updated.
      - Release Date: January 04, 2022
      - Last Modified Date: January 11, 2022

  Removed Filters: None


Top of the Page
Premium
Internal
Partner
Rating:
Category:
Configure; Troubleshoot; Deploy
Solution Id:
TP000290316
Feedback
Did this article help you?

Thank you for your feedback!


*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.