*** NetKeeper 8.554 Release *** Total number of signatures: 3057 Signature update 8.554 is for NetKeeper series devices. NK6000 (NK6105, NK6210C/F/G) NK3500 (NK3520, NK3550) NK5500 NK5900 NK7210 Description ================================================================== In this signature, we addressed the exploits/vulnerabilities and applications as below: Different from the version 8.552 *** Modify 85 Rules: -------------------------------------------------------------------- 1130078 WEB GNU Bash Remote Code Execution -8.a (CVE-2014-6271, Shellshock) 1133705 WEB Dahua IPCam Credentials Leak -1 (CVE-2017-6341) 1133816 EXPLOIT Zabbix Server Active Proxy Trapper Command Injection -1 (CVE-2017-2824) 1133708 WEB GoAhead IPCam Remote Code Execution -1 1133735 SMB Samba Writeable Share Insecure Library Loading -1 (CVE-2017-7494) 1133797 DB Oracle MySQL sql_authentication Integer Overflow -2 (CVE-2017-3599) 1112133 WEB Cross-site Scripting -24 1050015 WEB Cross-site Scripting -34 1068827 IM IPMSG access via UDP -1 1068828 IM IPMSG access via UDP -2 1069534 IM IPMSG access via TCP -1 1063205 P2P BT-BitComet access via TCP -4 1052638 P2P Gnutella-iMesh/Lphant access via TCP -3 1051783 P2P Gnutella access via TCP -1 1067963 TUNNEL Hamachi access via TCP -1 1052586 TUNNEL SoftEther/PacketiX access via SSL -1 1054074 TUNNEL SoftEther/PacketiX access via SSL -2 1067966 TUNNEL SoftEther/PacketiX access via SSL -3 1068555 TUNNEL SoftEther/PacketiX access via TCP -1 1052604 TUNNEL HTTP-Tunnel access via TCP -1 1052668 TUNNEL Ping Tunnel access via ICMP -1 1053075 TUNNEL CCProxy access via TCP -1 1053076 TUNNEL CCProxy access via TCP -2 1053077 TUNNEL CCProxy access via TCP -3 1053078 TUNNEL CCProxy access via TCP -4 1061733 MEDIA Sohu TV access via TCP -1 1052108 TERMINAL PcAnywhere Access Port-5631 access via TCP -1 1053409 TERMINAL PCAnywhere access via TCP -1 1067737 TERMINAL pcAnywhere access via TCP -2 1068074 TERMINAL ShowMyPC access via TCP -2 1048972 NETWORK Photuris (Authentication Failed) access via ICMP -1 1048892 NETWORK redirect host access via ICMP -1 1048897 NETWORK Source Quench access via ICMP -1 1048925 NETWORK PING access via ICMP -1 1048926 NETWORK traceroute access via ICMP -1 1048927 NETWORK Address Mask Reply access via ICMP -1 1048929 NETWORK Address Mask Request access via ICMP -1 1048931 NETWORK Alternate Host Address access via ICMP -1 1048933 NETWORK Datagram Conversion Error access via ICMP -1 1048904 NETWORK Destination Unreachable access via ICMP -1 1048905 NETWORK Destination Unreachable access via ICMP -2 1048906 NETWORK Destination Unreachable access via ICMP -3 1048935 NETWORK Destination Unreachable access via ICMP -4 1048936 NETWORK Destination Unreachable access via ICMP -5 1048937 NETWORK Destination Unreachable access via ICMP -6 1048938 NETWORK Destination Unreachable access via ICMP -7 1048939 NETWORK Destination Unreachable access via ICMP -8 1048940 NETWORK Destination Unreachable access via ICMP -9 1048941 NETWORK Destination Unreachable access via ICMP -10 1048942 NETWORK Destination Unreachable access via ICMP -11 1048943 NETWORK Destination Unreachable access via ICMP -12 1048944 NETWORK Destination Unreachable access via ICMP -13 1048945 NETWORK Destination Unreachable access via ICMP -14 1048946 NETWORK Destination Unreachable access via ICMP -15 1048947 NETWORK Destination Unreachable access via ICMP -16 1048951 NETWORK Fragment Reassembly Time Exceeded access via ICMP -1 1048956 NETWORK Information Reply access via ICMP -1 1048958 NETWORK Information Request access via ICMP -1 1048960 NETWORK Mobile Host Redirect access via ICMP -1 1048962 NETWORK Mobile Registration Reply access via ICMP -1 1048964 NETWORK Mobile Registration Request access via ICMP -1 1048966 NETWORK Parameter Problem (Bad Length) access via ICMP -1 1048967 NETWORK Parameter Problem (Missing a Requiered Option) access via ICMP -1 1048968 NETWORK Parameter Problem (Unspecified Error) access via ICMP -1 1048970 NETWORK Photuris (Reserved) access via ICMP -1 1048971 NETWORK Photuris (Unknown Security Parameters Index) access via ICMP -1 1048973 NETWORK Photuris (Decryption Failed) access via ICMP -1 1048975 NETWORK Redirect (for TOS and Host) access via ICMP -1 1048976 NETWORK Redirect (for TOS and Network) access via ICMP -1 1048978 NETWORK Reserved for Security (Type 19) access via ICMP -1 1048980 NETWORK Router Advertisement access via ICMP -1 1048981 NETWORK Router Selection access via ICMP -1 1048982 NETWORK SKIP access via ICMP -1 1048985 NETWORK Time-To-Live Exceeded in Transit access via ICMP -1 1048987 NETWORK Timestamp Reply access via ICMP -1 1048989 NETWORK Timestamp Request access via ICMP -1 1048991 NETWORK Traceroute ipopts access via ICMP -1 1050288 NETWORK source route - lsrr access via ICMP -1 1050290 NETWORK sourceroute-ssrr access via ICMP -1 1053048 NETWORK SSL/TLS Handshake access via SSL -1 1063660 NETWORK SSL/TLS Handshake access via SSL -2 1063661 NETWORK SSL/TLS Handshake access via SSL -3 1063662 NETWORK SSL/TLS Handshake access via SSL -4 1063663 NETWORK SSL/TLS Handshake access via SSL -5 1063939 NETWORK SSL/TLS Handshake access via SSL -6 Add 45 Rules: -------------------------------------------------------------------- 1133882 WEB GNU Bash Remote Code Execution -8.x (CVE-2014-6271, Shellshock) 1133861 WEB Apache Struts 2 OGNL Script Injection -7 1133860 SCADA Netikus EventSentry XSS via SNMP 1133891 EXPLOIT Zabbix Server Active Proxy Trapper Command Injection -2 (CVE-2017-2824) 1133876 WEB-CLIENT Suspicious Adobe Flash File Loading -6 (Ransomware Attack Vector) 1133851 EXPLOIT Genivia gSOAP XML parser Buffer Overflow (CVE-2017-9765) 1133852 SMB Samba Writeable Share Insecure Library Loading -2.1 (CVE-2017-7494) 1133853 WEB GoAhead login.cgi Information Disclosure Vulnerability 1133854 SMB Samba Writeable Share Insecure Library Loading -3 (CVE-2017-7494) 1133855 WEB GoAhead IPCam Remote Code Execution -2 1133856 SMB Samba Writeable Share Insecure Library Loading -2.2 (CVE-2017-7494) 1133858 SIP Digium Asterisk SIP CSeq Heap Buffer Overflow 1133862 SIP Digium Asterisk chan_skinny SCCP packet Denial of Service -1 1133863 SIP Digium Asterisk chan_skinny SCCP packet Denial of Service -2 1133865 WEB Cisco Prime Infrastructure and EPNM SystemPreferences_Configurable Cross Site Scripting -1.2 (CVE-2017-6699) 1133866 WEB Cisco Prime Infrastructure and EPNM ImportJobResults.jsp Cross Site Scripting -1.1 (CVE-2017-6699) 1133867 WEB Cisco Prime Infrastructure and EPNM ImportJobResults.jsp Cross Site Scripting -1.2 (CVE-2017-6699) 1133869 SIP Digium Asterisk pjsip_multipart_parse Denial of Service -1.1 1133870 WEB Cisco Prime Collaboration Provisioning logconfigtracer.jsp Directory Traversal -1 (CVE-2017-6621) 1133871 SIP Digium Asterisk pjsip_multipart_parse Denial of Service -1.2 1133872 SMB SMBLoris Denial of Service Vulnerability 1133873 WEB Cisco Prime Collaboration Provisioning ScriptMgr Authentication Bypass -1 (CVE-2017-6622) 1133874 WEB Cisco Prime Collaboration Provisioning licensestatus.jsp Arbitrary File Deletion -1.a (CVE-2017-6635) 1133875 WEB Cisco Prime Collaboration Provisioning licensestatus.jsp Arbitrary File Deletion -1.x (CVE-2017-6635) 1133877 WEB Trend Micro IWSVA ManageSRouteSettings HttpServlet Command Injection -1.1 1133878 WEB Trend Micro IWSVA ManageSRouteSettings HttpServlet Command Injection -1.2 1133879 WEB Trend Micro IWSVA ManageSRouteSettings HttpServlet Command Injection -2 1133880 WEB Trend Micro IWSVA ManageSRouteSettings HttpServlet Command Injection -3 1133883 SCADA Schneider Electric U.motion Builder css.inc.php Arbitrary File Inclusion - 1.a 1133884 SCADA Schneider Electric U.motion Builder css.inc.php Arbitrary File Inclusion - 1.x 1133885 SCADA Schneider Electric U.motion Builder loadtemplate.php SQL Injection - 1.u 1133886 WEB IPFire ids.cgi OINKCODE Parameter Command Injection -1 (CVE-2017-9757) 1133887 WEB IPFire ids.cgi OINKCODE Parameter Command Injection -2 (CVE-2017-9757) 1133888 SCADA Schneider Electric U.motion Builder loadtemplate.php SQL Injection - 1.b 1133889 RADIUS FreeRADIUS data2vp_wimax Heap Buffer Overflow (CVE-2017-10984) 1133890 WEB CloudBees Jenkins Unauthenticated Code Execution (CVE-2017-1000353) 1133857 NTP Network Time Protocol Daemon read_mru_list Denial of Service -5 (CVE-2016-7434) 1133859 WEB Squid Squoison Host Header Cache Poisoning -2 (CVE-2016-4553) 1133850 SMB Samba Symlink Directory Traversal 1160586 FILE Dropbox transfer via SSL -2 1160587 FILE Dropbox access via SSL -3 1160559 MEDIA Sohu TV media via TCP -12 1160560 MEDIA Sohu TV access via SSL -1 1160558 WEB-IM ICQ access via SSL -1 1160577 SOCIAL Twitter transfer via SSL -1 Delete 39 Rules: -------------------------------------------------------------------- 1133491 FILE Adobe Acrobat ImageConversion JPEG Heap-based Buffer Overflow (CVE-2017-2959) 1133503 WEB-CLIENT Microsoft Edge CVE-2017-0010 Memory Corruption (CVE-2017-0010) 1133504 WEB-CLIENT Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0015) 1133505 WEB-CLIENT Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0067) 1133506 WEB-CLIENT Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0141) 1133518 WEB-CLIENT Microsoft Edge document.domain Same Origin Policy Bypass -1 (CVE-2017-0002) 1133519 WEB-CLIENT Microsoft Edge document.domain Same Origin Policy Bypass -2 (CVE-2017-0002) 1133520 SMB Microsoft Windows LSASS Authentication Denial of Service -1.1 (CVE-2017-0004) 1133521 SMB Microsoft Windows LSASS Authentication Denial of Service -1.2 (CVE-2017-0004) 1133522 SMB Microsoft Windows LSASS Authentication Denial of Service -1.3 (CVE-2017-0004) 1133494 WEB-CLIENT Microsoft Internet Explorer Scripting Engine Memory Corruption -2 (CVE-2016-3385) 1133496 TELNET DBLTek GoIP Backdoor Access 1133507 WEB-CLIENT Internet Explorer Memory Corruption Vulnerability (CVE-2017-0018) 1133508 WEB-CLIENT Internet Explorer Elevation of Privilege Vulnerability (CVE-2017-0154) 1133516 WEB Dell SonicWALL GMS-Analyzer license.jsp Information Disclosure 1133492 EXPLOIT Tarantool xrow_header_decode Out of Bounds Read (CVE-2016-9037) 1133493 WEB HPE Operations Orchestration Insecure Deserialization (CVE-2016-8519) 1133513 WEB IBM Lotus Domino Multiple Cross Site Scripting Vulnerabilities -1.x (CVE-2015-5956) 1130364 SSL OpenSSL ssl23_get_client_hello Function Denial of Service (CVE-2014-3569) 1112626 WEB Sophos Web Appliance SophosConfig Write Command Execution -2 (CVE-2014-2850) 1130077 WEB F5 Multiple Products iControl API hostname Remote Command Execution -1 (CVE-2014-2928) 1130179 WEB Visual Mining NetCharts Server Remote Code Execution -1 (CVE-2014-8516) 1130239 WEB F5 Multiple Products iControl API hostname Remote Command Execution -3 (CVE-2014-2928) 1130252 WEB ManageEngine EventLog Analyzer agentHandler Information Disclosure (CVE-2014-6038) 1130306 WEB ActualAnalyzer ant Cookie Command Execution (OSVDB-110601) 1131528 SMB Potential Exploit Data Detection -1 1055195 WEB Sun Java Web Start Plugin Command Line Argument Injection (CVE-2012-0500) 1056598 RPC EMC NetWorker nsrd Format String Remote Code Execution -1 (CVE-2012-2288) 1056943 FILE RealNetworks RealPlayer URL Parsing Stack Buffer Overflow (CVE-2012-5691) 1058077 WEB SQL injection attempt -1.b 1058417 WEB JIRA Issues Collector Directory Traversal -1.a (CVE-2014-2314) 1058545 WEB Cross-site Scripting -15 1058632 EXPLOIT Linksys E-series Unauthenticated Remote Code Execution Exploit (EDB-31683) 1058814 WEB Linksys WRT120N tmUnblock Buffer Overflow (EDB-31758) 1058816 WEB Apache Commons FileUpload and Apache Tomcat DoS -1 (CVE-2014-0050) 1058817 SCADA GE Proficy CIMPLICITY gefebt.exe Remote Code Execution (CVE-2014-0750) 1058825 EXPLOIT SolidWorks Workgroup PDM 2014 SP2 - Arbitrary File Write Vulnerability (OSVDB-10367) 1058834 WEB Apache Commons FileUpload and Apache Tomcat DoS -2 (CVE-2014-0050) 1058938 WEB-CLIENT Safari User-Assisted Download and Run Attack