Rule Update
20-062 (December 15, 2020)
DESCRIPTION
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services
1010652* - Microsoft Windows SMB2 Server Information Disclosure Vulnerability (CVE-2020-17140)
1010653* - Microsoft Windows SMB2 Server Remote Code Execution Vulnerability (CVE-2020-17096)
DCERPC Services - Client
1003123* - Windows Common AVI Parsing Overflow
DNS Client
1010669 - Identified Malicious Domain - SolarWinds
DNS Server
1010633* - Identified DNS Trojan.Linux.Anchor.A Traffic
1010632* - Identified DNS Trojan.Win64.Anchor.A Traffic
Directory Server LDAP
1010667 - Microsoft Windows Active Directory IntegratedDNS Remote Code Execution Vulnerability (CVE-2020-0761)
Dynamics 365 Client Services
1010656* - Microsoft Dynamics 365 Commerce Remote Code Execution Vulnerabilities (CVE-2020-17152 and CVE-2020-17158)
FTP Server IIS
1004553* - Microsoft IIS FTPSVC Unspecified Remote Denial Of Service
HP Intelligent Management Center (IMC)
1009962* - HPE Intelligent Management Center 'IctTableExportToCSVBean' Expression Language Injection Vulnerability (CVE-2019-5370)
1008969* - HPE Intelligent Management Center Multiple Expression Language Injection Vulnerabilities
IBM WebSphere Application Server
1010343* - IBM WebSphere UploadFileArgument Deserialization Vulnerability (CVE-2020-4448)
Mail Server Over SSL/TLS
1009977* - Exim Mail Server Remote Code Execution Vulnerability (CVE-2019-15846)
Microsoft Office
1010673 - Microsoft Excel Remote Code Execution Vulnerability (CVE-2020-17125)
1010674 - Microsoft Excel Remote Code Execution Vulnerability (CVE-2020-17128)
1010672 - Microsoft PowerPoint Remote Code Execution Vulnerability (CVE-2020-17124)
NFS Server
1010605* - Microsoft Windows Network File System NLM RPC Message Information Disclosure Vulnerability (CVE-2020-17056)
Port Mapper RPC
1010606* - Identified Out-Of-Sync RPCSEC_GSS_CONTINUE_INIT RPC Message
Remote Desktop Protocol Server
1009958* - Microsoft Windows RDP Remote Code Execution Vulnerability (CVE-2019-1181)
1009961* - Microsoft Windows RDP Remote Code Execution Vulnerability (CVE-2019-1182)
Suspicious Client Application Activity
1010675 - Identified HTTP Backdoor Win32.Beaconsolar.A Runtime Detection
1010676 - Identified HTTP Trojan.MSIL.Sunburst.A Traffic Request
Suspicious Server Application Activity
1010462* - Identified HTTP Drovorub Command And Control Traffic
Trend Micro InterScan Web Security Virtual Appliance
1010665 - Trend Micro InterScan Web Security Virtual Appliance Multiple Security Vulnerabilities
Web Application Common
1009966* - ImageMagick Out-Of-Bounds Access Vulnerability (CVE-2019-10714) - 1
1009496* - Microsoft Exchange Server Multiple Elevation Of Privilege Vulnerabilities
1010648* - Wordpress Woody Ad Snippets Plugin Remote Code Execution Vulnerability (CVE-2019-15858)
1009979* - XStream Library ReflectionConverter Insecure Deserialization Remote Command Execution Vulnerability (CVE-2019-10173) - Server
1010660 - Zoho ManageEngine ServiceDesk Plus Arbitrary File Upload Vulnerability (CVE-2019-8394)
Web Application PHP Based
1009545* - PHP 'phar_tar_writeheaders()' Function Stack Buffer Overflow Vulnerability (CVE-2016-2554)
1009776* - WordPress Comment Field Remote Code Execution Vulnerability (CVE-2019-9787)
1009544* - WordPress Image Remote Code Execution Vulnerability (CVE-2019-8942)
Web Application Tomcat
1009697* - Apache Tomcat Remote Code Execution Vulnerability (CVE-2019-0232)
Web Client Common
1010659 - Adobe Acrobat and Acrobat Reader Information Disclosure Vulnerability (CVE-2020-29075)
1009483* - Linux APT Remote Code Execution Vulnerability (CVE-2019-3462)
1002377* - Microsoft Windows GDI Multiply By Zero Code Execution
1010651 - Microsoft Windows WebM Video Parsing Uninitialized Pointer Remote Code Execution Vulnerability (CVE-2020-1319)
1010586 - SAP 3D Visual Enterprise Viewer SVG File XML External Entity Processing Information Disclosure Vulnerability (CVE-2020-6315)
1004956* - VideoLAN VLC Media Player MMS Plugin Stack Buffer Overflow Vulnerability
Web Client Internet Explorer/Edge
1010671 - Microsoft Edge Chakra LinearScan Memory Corruption Remote Code Execution Vulnerability (CVE-2020-17131)
1010602* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2020-17053)
Web Server Apache
1010461* - Apache Struts2 Remote Code Execution Vulnerability (CVE-2019-0230)
1010670 - Apache Struts2 Remote Code Execution Vulnerability (CVE-2020-17530)
Web Server Common
1010650 - SaltStack Salt 'rest_cherrypy' Command Injection Remote Code Execution Vulnerability (CVE-2020-16846)
Web Server HTTPS
1010479* - Identified HTTP Ngioweb Command And Control Traffic
Web Server Miscellaneous
1010662 - Atlassian Jira Information Disclosure Vulnerability (CVE-2020-14181)
1010649* - Microsoft Windows Exchange Memory Corruption Vulnerability (CVE-2020-17144)
Web Server Oracle
1010587* - Oracle WebLogic Server IIOP Protocol Remote Code Execution Vulnerability (CVE-2020-14841)
Web Server SharePoint
1009971* - Microsoft SharePoint Multiple Remote Code Execution Vulnerabilities (Sep-2019)
1009974* - Microsoft SharePoint Remote Code Execution Vulnerability (CVE-2019-1295)
1010655* - Microsoft SharePoint Remote Code Execution Vulnerability (CVE-2020-17121)
Zoho ManageEngine
1009957* - Zoho ManageEngine Application Manager Remote Command Execution Vulnerability (CVE-2019-15105)
1009960* - Zoho ManageEngine OpManager Remote Command Execution Vulnerability (CVE-2019-15104)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
DCERPC Services
1010652* - Microsoft Windows SMB2 Server Information Disclosure Vulnerability (CVE-2020-17140)
1010653* - Microsoft Windows SMB2 Server Remote Code Execution Vulnerability (CVE-2020-17096)
DCERPC Services - Client
1003123* - Windows Common AVI Parsing Overflow
DNS Client
1010669 - Identified Malicious Domain - SolarWinds
DNS Server
1010633* - Identified DNS Trojan.Linux.Anchor.A Traffic
1010632* - Identified DNS Trojan.Win64.Anchor.A Traffic
Directory Server LDAP
1010667 - Microsoft Windows Active Directory IntegratedDNS Remote Code Execution Vulnerability (CVE-2020-0761)
Dynamics 365 Client Services
1010656* - Microsoft Dynamics 365 Commerce Remote Code Execution Vulnerabilities (CVE-2020-17152 and CVE-2020-17158)
FTP Server IIS
1004553* - Microsoft IIS FTPSVC Unspecified Remote Denial Of Service
HP Intelligent Management Center (IMC)
1009962* - HPE Intelligent Management Center 'IctTableExportToCSVBean' Expression Language Injection Vulnerability (CVE-2019-5370)
1008969* - HPE Intelligent Management Center Multiple Expression Language Injection Vulnerabilities
IBM WebSphere Application Server
1010343* - IBM WebSphere UploadFileArgument Deserialization Vulnerability (CVE-2020-4448)
Mail Server Over SSL/TLS
1009977* - Exim Mail Server Remote Code Execution Vulnerability (CVE-2019-15846)
Microsoft Office
1010673 - Microsoft Excel Remote Code Execution Vulnerability (CVE-2020-17125)
1010674 - Microsoft Excel Remote Code Execution Vulnerability (CVE-2020-17128)
1010672 - Microsoft PowerPoint Remote Code Execution Vulnerability (CVE-2020-17124)
NFS Server
1010605* - Microsoft Windows Network File System NLM RPC Message Information Disclosure Vulnerability (CVE-2020-17056)
Port Mapper RPC
1010606* - Identified Out-Of-Sync RPCSEC_GSS_CONTINUE_INIT RPC Message
Remote Desktop Protocol Server
1009958* - Microsoft Windows RDP Remote Code Execution Vulnerability (CVE-2019-1181)
1009961* - Microsoft Windows RDP Remote Code Execution Vulnerability (CVE-2019-1182)
Suspicious Client Application Activity
1010675 - Identified HTTP Backdoor Win32.Beaconsolar.A Runtime Detection
1010676 - Identified HTTP Trojan.MSIL.Sunburst.A Traffic Request
Suspicious Server Application Activity
1010462* - Identified HTTP Drovorub Command And Control Traffic
Trend Micro InterScan Web Security Virtual Appliance
1010665 - Trend Micro InterScan Web Security Virtual Appliance Multiple Security Vulnerabilities
Web Application Common
1009966* - ImageMagick Out-Of-Bounds Access Vulnerability (CVE-2019-10714) - 1
1009496* - Microsoft Exchange Server Multiple Elevation Of Privilege Vulnerabilities
1010648* - Wordpress Woody Ad Snippets Plugin Remote Code Execution Vulnerability (CVE-2019-15858)
1009979* - XStream Library ReflectionConverter Insecure Deserialization Remote Command Execution Vulnerability (CVE-2019-10173) - Server
1010660 - Zoho ManageEngine ServiceDesk Plus Arbitrary File Upload Vulnerability (CVE-2019-8394)
Web Application PHP Based
1009545* - PHP 'phar_tar_writeheaders()' Function Stack Buffer Overflow Vulnerability (CVE-2016-2554)
1009776* - WordPress Comment Field Remote Code Execution Vulnerability (CVE-2019-9787)
1009544* - WordPress Image Remote Code Execution Vulnerability (CVE-2019-8942)
Web Application Tomcat
1009697* - Apache Tomcat Remote Code Execution Vulnerability (CVE-2019-0232)
Web Client Common
1010659 - Adobe Acrobat and Acrobat Reader Information Disclosure Vulnerability (CVE-2020-29075)
1009483* - Linux APT Remote Code Execution Vulnerability (CVE-2019-3462)
1002377* - Microsoft Windows GDI Multiply By Zero Code Execution
1010651 - Microsoft Windows WebM Video Parsing Uninitialized Pointer Remote Code Execution Vulnerability (CVE-2020-1319)
1010586 - SAP 3D Visual Enterprise Viewer SVG File XML External Entity Processing Information Disclosure Vulnerability (CVE-2020-6315)
1004956* - VideoLAN VLC Media Player MMS Plugin Stack Buffer Overflow Vulnerability
Web Client Internet Explorer/Edge
1010671 - Microsoft Edge Chakra LinearScan Memory Corruption Remote Code Execution Vulnerability (CVE-2020-17131)
1010602* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2020-17053)
Web Server Apache
1010461* - Apache Struts2 Remote Code Execution Vulnerability (CVE-2019-0230)
1010670 - Apache Struts2 Remote Code Execution Vulnerability (CVE-2020-17530)
Web Server Common
1010650 - SaltStack Salt 'rest_cherrypy' Command Injection Remote Code Execution Vulnerability (CVE-2020-16846)
Web Server HTTPS
1010479* - Identified HTTP Ngioweb Command And Control Traffic
Web Server Miscellaneous
1010662 - Atlassian Jira Information Disclosure Vulnerability (CVE-2020-14181)
1010649* - Microsoft Windows Exchange Memory Corruption Vulnerability (CVE-2020-17144)
Web Server Oracle
1010587* - Oracle WebLogic Server IIOP Protocol Remote Code Execution Vulnerability (CVE-2020-14841)
Web Server SharePoint
1009971* - Microsoft SharePoint Multiple Remote Code Execution Vulnerabilities (Sep-2019)
1009974* - Microsoft SharePoint Remote Code Execution Vulnerability (CVE-2019-1295)
1010655* - Microsoft SharePoint Remote Code Execution Vulnerability (CVE-2020-17121)
Zoho ManageEngine
1009957* - Zoho ManageEngine Application Manager Remote Command Execution Vulnerability (CVE-2019-15105)
1009960* - Zoho ManageEngine OpManager Remote Command Execution Vulnerability (CVE-2019-15104)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Featured Stories
Unveiling AI Agent Vulnerabilities Part V: Securing LLM ServicesTo conclude our series on agentic AI, this article examines emerging vulnerabilities that threaten AI agents, focusing on providing proactive security recommendations on areas such as code execution, data exfiltration, and database access.Read more
Unveiling AI Agent Vulnerabilities Part IV: Database Access VulnerabilitiesHow can attackers exploit weaknesses in database-enabled AI agents? This research explores how SQL generation vulnerabilities, stored prompt injection, and vector store poisoning can be weaponized by attackers for fraudulent activities.Read more
The Mirage of AI Programming: Hallucinations and Code IntegrityThe adoption of large language models (LLMs) and Generative Pre-trained Transformers (GPTs), such as ChatGPT, by leading firms like Microsoft, Nuance, Mix and Google CCAI Insights, drives the industry towards a series of transformative changes. As the use of these new technologies becomes prevalent, it is important to understand their key behavior, advantages, and the risks they present.Read more
Open RAN: Attack of the xAppsThis article discusses two O-RAN vulnerabilities that attackers can exploit. One vulnerability stems from insufficient access control, and the other arises from faulty message handlingRead more