*** EX RELS 03492 Release *** Total number of signatures: 6009 Description ================================================================== In this signature, we addressed the exploits/vulnerabilities and applications as below: Added 26 rule(s): --------------- 1056958 EXPLOIT DCERPC recon attempt 1059684 MISC Bitcoin/LiteCoin/Dogecoin Mining Activity -1 1131349 EXPLOIT Suspicious User-Agent Exploit Kit Activity 1132460 SSL TLS FREAK with CBC Cipher TLS_RSA_EXPROT1024_WITH_RC4_56_SHA -1.1 1132464 SSL TLS FREAK with CBC Cipher TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA -1.1 1133189 MISC Bitcoin/LiteCoin/Dogecoin Mining Activity -2 1134268 TELNET Default Password Login -22 1134390 MISC Cryptocurrency Monero Mining Activity -1 1134404 TELNET Default Password Login -23 1134550 TELNET Default Password Login -24 1134551 TELNET Default Password Login -25 1134552 TELNET Default Password Login -26 1136595 FILE Microsoft Windows CryptoAPI Spoofing Vulnerability -1 (CVE-2020-0601) 1137235 WEB LinuxKI Toolset 6.01 Remote Command Execution -1.1 (CVE-2020-7209) 1137236 WEB LinuxKI Toolset 6.01 Remote Command Execution -1.2 (CVE-2020-7209) 1137293 WEB SAP NetWeaver Application Server JAVA Disclosed (RECON) -1.1 (CVE-2020-6287) 1137296 WEB SAP NetWeaver Application Server JAVA Disclosed (RECON) -1.2 (CVE-2020-6287) 1137304 WEB Zivif Camera iptest.cgi Blind Remote Command Execution (CVE-2017-171069) 1137317 FILE Microsoft Windows CAB File Parsing Directory Traversal (CVE-2020-1300) 1137318 WEB NetGear DGN1000B Wireless Router Multiple Security Vulnerabilities (BID-57836) 1137319 DNS Microsoft Windows DNS Server Remote Code Execution Vulnerability -1.2 (CVE-2020-1350) 1137320 WEB Cayin xPost wayfinder_seqid SQLi to RCE (CVE-2020-7356) 1137321 WEB Realtek SDK Miniigd UPnP SOAP Command Execution -1.2 (CVE-2014-8361) 1137326 WEB Eir D1000 Wireless Router WAN Side Remote Command Injection -1.1 (CVE-2016-10372) 1137327 WEB Eir D1000 Wireless Router WAN Side Remote Command Injection -1.2 (CVE-2016-10372) 1137328 WEB D-Link Multiple Routers HNAP Protocol Security Bypass Vulnerability -1.2 (BID-37690) Modified 6 rule(s): --------------- 1059669 WEB D-Link Multiple Routers HNAP Protocol Security Bypass Vulnerability -1.1 (BID-37690) 1068665 MEDIA YouTube access via UDP -3 1132746 WEB-CLIENT Shell Application Remote Code Execution -1 (Ransomware Attack Vector) 1134286 WEB Realtek SDK Miniigd UPnP SOAP Command Execution -1.1 (CVE-2014-8361) 1134287 WEB Huawei Home Gateway SOAP Command Execution (CVE-2017-17215) 1137255 DNS Microsoft Windows DNS Server Remote Code Execution Vulnerability -1.1 (CVE-2020-1350) Deleted 18 rule(s): --------------- 1131075 FILE Microsoft Office Memory Corruption Vulnerability -1.2 (CVE-2015-1641) (old rule) 1135883 WEB Atlassian JIRA Template Injection Code Execution -2.1 (CVE-2019-11581) (old rule) 1136949 RPC Microsoft Windows Server Service RPC Request Handling Buffer Overflow -6 (MS08-067,CVE-2008-4250) (old rule) 1136950 WEB Rockwell Automation FactoryTalk RNADiagnosticsSrv Insecure Deserialization -1.1 (CVE-2020-6967) (old rule) 1136951 WEB Rockwell Automation FactoryTalk RNADiagnosticsSrv Insecure Deserialization -2 (CVE-2020-6967) (old rule) 1136952 WEB Rockwell Automation FactoryTalk RNADiagnosticsSrv Insecure Deserialization -3 (CVE-2020-6967) (old rule) 1136953 WEB Rockwell Automation FactoryTalk RNADiagnosticsSrv Insecure Deserialization -4 (CVE-2020-6967) (old rule) 1136954 WEB Rockwell Automation FactoryTalk RNADiagnosticsSrv Insecure Deserialization -5 (CVE-2020-6967) (old rule) 1136955 WEB Cisco UCS Director isEnableRestKeyAccessCheckForUser Authentication Bypass Vulnerability -1 (CVE-2020-3243) (old rule) 1136964 WEB-CLIENT Microsoft Internet Explorer VBScript Remote Code Execution Vulnerability (CVE-2020-1058) (old rule) 1136966 WEB-CLIENT Microsoft Internet Explorer VBScript Remote Code Execution Vulnerability (CVE-2020-1035) (old rule) 1136973 WEB Oracle Business Intelligence BIRemotingServlet AMF Insecure Deserialization (CVE-2020-2950) (old rule) 1136976 WEB-CLIENT Microsoft Internet Explorer VBScript Remote Code Execution Vulnerability (CVE-2020-1060) (old rule) 1136977 WEB Rockwell Automation FactoryTalk RNADiagnosticsSrv Insecure Deserialization -1.2 (CVE-2020-6967) (old rule) 1136978 WEB Rockwell Automation FactoryTalk RNADiagnosticsSrv Insecure Deserialization -1.3 (CVE-2020-6967) (old rule) 1136979 WEB Rockwell Automation FactoryTalk RNADiagnosticsSrv Insecure Deserialization -1.4 (CVE-2020-6967) (old rule) 1136980 WEB Rockwell Automation FactoryTalk RNADiagnosticsSrv Insecure Deserialization -1.5 (CVE-2020-6967) (old rule) 1136981 WEB Rockwell Automation FactoryTalk RNADiagnosticsSrv Insecure Deserialization -1.6 (CVE-2020-6967) (old rule)