*** NK8 RELS 3494 Release *** Total number of signatures: 3084 Description ================================================================== In this signature, we addressed the exploits/vulnerabilities and applications as below: Added 9 rule(s): --------------- 1137393 WEB Plex Unpickle Dict Windows RCE (CVE-2020-5741) 1137398 WEB ZenTao Pro 8.8.2 Remote Code Execution -1 (CVE-2020-7361) 1137405 FILE Nitro Pro PDF Nested Pages Use After Free -1 (CVE-2020-6074) 1137406 FILE Nitro Pro PDF Nested Pages Use After Free -2 (CVE-2020-6074) 1137411 WEB Citrix Application Delivery Controller and Gateway Authorization Bypass -1 (CVE-2020-8193) 1137412 WEB Citrix Application Delivery Controller and Gateway Authorization Bypass -2 (CVE-2020-8193) 1137413 WEB ZenTao Pro 8.8.2 Remote Code Execution -2 (CVE-2020-7361) 1137416 WEB Citrix Application Delivery Controller and Gateway Multiple Vulnerabilities (CVE-2020-8194) 1137418 WEB Citrix Application Delivery Controller and Gateway Multiple Vulnerabilities (CVE-2020-8191) Modified 74 rule(s): --------------- 1048891 NETWORK icmpenum v1.1.1 via ICMP -1 1048892 NETWORK redirect host access via ICMP -1 1048893 NETWORK redirect net via ICMP -1 1048897 NETWORK Source Quench access via ICMP -1 1048904 NETWORK Destination Unreachable access via ICMP -1 1048905 NETWORK Destination Unreachable access via ICMP -2 1048906 NETWORK Destination Unreachable access via ICMP -3 1048925 NETWORK PING access via ICMP -1 1048926 NETWORK traceroute access via ICMP -1 1048927 NETWORK Address Mask Reply access via ICMP -1 1048929 NETWORK Address Mask Request access via ICMP -1 1048931 NETWORK Alternate Host Address access via ICMP -1 1048933 NETWORK Datagram Conversion Error access via ICMP -1 1048935 NETWORK Destination Unreachable access via ICMP -4 1048936 NETWORK Destination Unreachable access via ICMP -5 1048937 NETWORK Destination Unreachable access via ICMP -6 1048938 NETWORK Destination Unreachable access via ICMP -7 1048939 NETWORK Destination Unreachable access via ICMP -8 1048940 NETWORK Destination Unreachable access via ICMP -9 1048941 NETWORK Destination Unreachable access via ICMP -10 1048942 NETWORK Destination Unreachable access via ICMP -11 1048943 NETWORK Destination Unreachable access via ICMP -12 1048944 NETWORK Destination Unreachable access via ICMP -13 1048945 NETWORK Destination Unreachable access via ICMP -14 1048946 NETWORK Destination Unreachable access via ICMP -15 1048947 NETWORK Destination Unreachable access via ICMP -16 1048951 NETWORK Fragment Reassembly Time Exceeded access via ICMP -1 1048956 NETWORK Information Reply access via ICMP -1 1048958 NETWORK Information Request access via ICMP -1 1048960 NETWORK Mobile Host Redirect access via ICMP -1 1048962 NETWORK Mobile Registration Reply access via ICMP -1 1048964 NETWORK Mobile Registration Request access via ICMP -1 1048966 NETWORK Parameter Problem (Bad Length) access via ICMP -1 1048967 NETWORK Parameter Problem (Missing a Requiered Option) access via ICMP -1 1048968 NETWORK Parameter Problem (Unspecified Error) access via ICMP -1 1048970 NETWORK Photuris (Reserved) access via ICMP -1 1048971 NETWORK Photuris (Unknown Security Parameters Index) access via ICMP -1 1048972 NETWORK Photuris (Authentication Failed) access via ICMP -1 1048973 NETWORK Photuris (Decryption Failed) access via ICMP -1 1048975 NETWORK Redirect (for TOS and Host) access via ICMP -1 1048976 NETWORK Redirect (for TOS and Network) access via ICMP -1 1048978 NETWORK Reserved for Security (Type 19) access via ICMP -1 1048980 NETWORK Router Advertisement access via ICMP -1 1048981 NETWORK Router Selection access via ICMP -1 1048982 NETWORK SKIP access via ICMP -1 1048985 NETWORK Time-To-Live Exceeded in Transit access via ICMP -1 1048987 NETWORK Timestamp Reply access via ICMP -1 1048989 NETWORK Timestamp Request access via ICMP -1 1048991 NETWORK Traceroute ipopts access via ICMP -1 1049008 NETWORK Large ICMP Packet via ICMP -1 1050288 NETWORK source route - lsrr access via ICMP -1 1050290 NETWORK sourceroute-ssrr access via ICMP -1 1050714 MAIL IMAP4 login via TCP -1 1050946 FILE FTP transfer-upload via TCP -1 1050947 FILE FTP transfer-download via TCP -1 1050955 FILE FTP User login via TCP -1 1050956 FILE FTP PASS command communicate via TCP -1 1050957 MAIL POP3 PASS communicate via TCP -1 1050958 MAIL POP3 User login via TCP -1 1052849 NETWORK NETBIOS SMB Empty Password Failed access via TCP -1 1053048 NETWORK SSL/TLS Handshake access via SSL -1 1063342 STDPROTOCOL DHCP access via UDP -1 1063530 NETWORK ONC-RPC v1 portmap access via TCP -1 1063531 NETWORK ONC-RPC v2 portmap access via TCP -1 1063568 STDPROTOCOL DHCP access via UDP -2 1063584 NETWORK UPnP access via UDP -1 1063585 NETWORK UPnP access via UDP -2 1063586 NETWORK UPnP access via TCP -1 1063660 NETWORK SSL/TLS Handshake access via SSL -2 1063661 NETWORK SSL/TLS Handshake access via SSL -3 1063662 NETWORK SSL/TLS Handshake access via SSL -4 1063663 NETWORK SSL/TLS Handshake access via SSL -5 1063939 NETWORK SSL/TLS Handshake access via SSL -6 1069622 WEB HTTP access via TCP -3 Deleted 10 rule(s): --------------- 1133409 EXPLOIT Memcached process_bin_sasl_auth Integer Underflow -1 (CVE-2016-8706) (old rule) 1133410 EXPLOIT Memcached process_bin_update body_len Integer Overflow -1 (CVE-2016-8705) (old rule) 1133420 SSH OpenSSH kex_input_kexinit Denial of Service (CVE-2016-8858) (old rule) 1133421 WEB-CLIENT Microsoft Windows OLE Automation Array Remote Code Execution Vulnerability -8 (CVE-2014-6332) (old rule) 1133428 NTP Network Time Protocol Daemon read_mru_list Denial of Service -1 (CVE-2016-7434) (old rule) 1133438 WEB-CLIENT Cisco WebEx Chrome Extension Remote Code Execution -1 (CVE-2017-3823) (old rule) 1133451 WEB Cross-site Scripting -36 (old rule) 1133453 SSH D-Link DWR-932B Backdoor Access -1 (CVE-2016-10177) (old rule) 1133455 WEB Axis Communications MPQT/PACS 5.20.x SSI Daemon Remote Format String (old rule) 1133459 WEB PHP exception toString Denial of Service (CVE-2016-7478) (old rule)