Skip to main content

Applications and Threats Content Release Notes

 

Threat Intelligence Report



Top Attacks and Breaches

  • The biochemical systems at an Oxford university research lab currently studying the Covid-19 pandemic has been breached. Clinical research was not affected by the incident. Breached systems include machines used to prepare biochemical samples, and hackers are currently attempting to sell their access to those machines.
  • Twitter has permanently suspended multiple accounts found to be part of four disinformation campaign networks, most likely operated by state-sponsored actors associated with Iran, Russia and Armenia. The Iranian infrastructure was previously used to disrupt the 2020 US presidential campaign discourse.
  • Gmail accounts of global pro-Tibet organizations have been targeted by the Chinese APT TA413, an espionage group known for its operations against civil dissidents. The campaign leverages a customized malicious Mozilla Firefox browser extension to gain control over the victims’ Gmail accounts.
  • Npower, a British gas and energy supplier, has shut down its mobile application following a data breach that leveraged the application to steal sensitive customer information, via a credential stuffing attack.
  • Bombardier, a Canadian plane manufacturer, has admitted it has suffered a data breach leading to the exposure of employee, customer and supplier information after some of the stolen data was leaked online by the attackers.
  • Cybercrime group dubbed ‘Hotarus Corp’ has breached Ecuador’s Ministry of Finance, as well as the country’s largest private bank, Banco Pichincha. The group claims they have stolen data from the bank’s network, and have recently posted online some 6,500 records, allegedly taken from the Ministry of Finance.
  • American Telecom provider T-Mobile has disclosed it has suffered a breach, after multiple customers have fallen victim to SIM swapping attacks, in which a hacker ports the victim’s number using social engineering to gain control over their account. Personal information and identification information were stolen.

 

Vulnerabilities and Patches

  • VMWare has alerted its customers that a newly discovered critical vulnerability in its vCenter Server product, a management software for VMware vSphere environments, might allow an attacker to execute commands with elevated privileges. The flaw was assigned CVE-2021-21972. The flaw has already been exploited in the wild, as attackers have been observed scanning the web for vulnerable servers.

Check Point IPS provides protection against this threat (VMware vSphere Client Remote Code Execution (CVE-2021-21972))

  • Microsoft has patched a critical remote code execution vulnerability in Windows. The flaw, assigned CVE-2021-24093, is found in a Windows graphics component and impacts multiple Windows 10 and Windows Server versions.
  • Critical authentication bypass vulnerability has been discovered in Rockwell Automation’s Programmable Logic Controllers (PLCs). The flaw, assigned CVE-2021-22681, could enable an unauthenticated attacker to bypass verification mechanisms, connect to Logix controllers and modify their configuration.
  • Cisco has released a security update to address three critical flaws affecting its ACI Multi-Site Orchestrator (MSO), Application Services Engine and NX-OS software, as well as other vulnerabilities. The most severe flaw is a remote bypass authentication assigned CVE-2021-1388, that affects an MSO’s API endpoint.

 

Threat Intelligence Reports

  • Check Point Research has released the annual Security Report for 2021. The report provides malware distribution and vulnerability exploit statistics for 2020, covers the biggest cyber incidents and reviews attack trends observed during the past year, including a rise in attacks against the healthcare sector, double extortion attacks and more.
  • Several large-scale ransomware operations targeting mainly big corporations have recently shifted their focus from Windows OS machines to VMware ESXi Servers, and developed custom variants of their ransomware, capable of running on Linux OS machines.

Check Point SandBlast and Anti-Virus provide protection against these threats (Ransomware.Win32.DarkSide; Ransomware.Linux.DarkSide; Trojan.Win32.Ransomexx)

  • Researchers have investigated a campaign by the North Korean APT Lazarus that leveraged the ThreatNeedle malware family to target defense industry entities. The campaign uses Covid-19 themes in spear-phishing emails in addition to tailored personal information.
  • New variant of the Ryuk ransomware has been observed in the wild. The new version implements self-replication capabilities within a local network among Windows-based machines.

Check Point SandBlast and SandBlast Agent provide protection against this threat (Ransomware.Win32.Ryuk)

 

New Anti-Spyware Signatures (32)

Severity

ID

Attack Name

Default Action

Minimum PAN-OS Version

Maximum PAN-OS Version

medium

21262

MediaGet Command and Control Traffic Detection

alert

7.1.0

critical

21283

Ramnit Command and Control Traffic Detection

reset-both

7.1.0

critical

21290

Upatre Command and Control Traffic Detection

reset-both

7.1.0

critical

21295

Monstres Command and Control Traffic Detection

reset-both

7.1.0

critical

21296

Pastebin Command and Control Traffic Detection

reset-both

7.1.0

critical

21297

Pastebin Command and Control Traffic Detection

reset-both

7.1.0

critical

21298

Pastebin Command and Control Traffic Detection

reset-both

7.1.0

critical

21299

Pastebin Command and Control Traffic Detection

reset-both

7.1.0

critical

21300

Pastebin Command and Control Traffic Detection

reset-both

7.1.0

critical

21301

Pastebin Command and Control Traffic Detection

reset-both

7.1.0

critical

21302

Pastebin Command and Control Traffic Detection

reset-both

7.1.0

critical

21303

Pastebin Command and Control Traffic Detection

reset-both

7.1.0

critical

21304

Pastebin Command and Control Traffic Detection

reset-both

7.1.0

critical

21305

Pastebin Command and Control Traffic Detection

reset-both

7.1.0

critical

21306

RemcosRAT Command and Control Traffic Detection

reset-both

7.1.0

critical

21307

Gh0st Command and Control Traffic Detection

reset-both

7.1.0

critical

21308

Gh0st Command and Control Traffic Detection

reset-both

7.1.0

critical

21309

Gh0st Command and Control Traffic Detection

reset-both

7.1.0

critical

21310

Gh0st Command and Control Traffic Detection

reset-both

7.1.0

critical

21311

RemcosRAT Command and Control Traffic Detection

reset-both

7.1.0

critical

21312

FlyStudio Command and Control Traffic Detection

reset-both

7.1.0

critical

21313

Pastebin Command and Control Traffic Detection

reset-both

7.1.0

critical

21314

Pastebin Command and Control Traffic Detection

reset-both

7.1.0

critical

21315

Pastebin Command and Control Traffic Detection

reset-both

7.1.0

critical

21316

Pastebin Command and Control Traffic Detection

reset-both

7.1.0

critical

21317

Pastebin Command and Control Traffic Detection

reset-both

7.1.0

critical

21318

Pastebin Command and Control Traffic Detection

reset-both

7.1.0

critical

21319

Pastebin Command and Control Traffic Detection

reset-both

7.1.0

critical

21320

Pastebin Command and Control Traffic Detection

reset-both

7.1.0

critical

21321

Pastebin Command and Control Traffic Detection

reset-both

7.1.0

critical

21322

Pastebin Command and Control Traffic Detection

reset-both

7.1.0

critical

21324

StopRansomware Command and Control Traffic Detection

reset-both

7.1.0

Modified Anti-Spyware Signatures (7)

Severity

ID

Attack Name

Default Action

Change

Minimum PAN-OS Version

Maximum PAN-OS Version

low

10553

Lop Spyware Traffic Detection

alert

improved detection logic to cover a new c2 variant

7.1.0

high

80747

Webshell.ASP.tennc.cmdexec File Detection

reset-both

improved detection logic to cover a new c2 variant

7.1.0

high

80858

Webshell.CFM.tennc.Cmd_Shell File Detection

reset-both

improved detection logic to cover a new c2 variant

7.1.0

high

80860

Webshell.CFM.tennc.Cmd_Shell File Detection

reset-both

improved detection logic to cover a new c2 variant

7.1.0

medium

81074

Webshell.CFM.tennc.cfExec File Detection

alert

improved detection logic to cover a new c2 variant

7.1.0

critical

85244

Cobalt Strike PowerShell Payload Detection

reset-both

improved detection logic to address a possible fp issue

7.1.0

medium

86237

Cobalt Strike Beacon Command and Control Traffic Detection

alert

updated associated metadata information

7.1.0

Disabled Anti-Spyware Signatures (1)

Severity

ID

Attack Name

Default Action

Minimum PAN-OS Version

Maximum PAN-OS Version

low

85891

DNS Sinkhole Traffic Detection

alert

7.1.0

New Vulnerability Signatures (42)

Severity

ID

Attack Name

CVE ID

Vendor ID

Default Action

Minimum PAN-OS Version

Maximum PAN-OS Version

informational

90010

Compromised or manufacturer default password found in HTTP Basic Authentication

alert

9.1.0

informational

90011

Compromised or manufacturer default password found in HTTP Basic Authentication

alert

9.1.0

informational

90012

Compromised or manufacturer default password found in HTTP Basic Authentication

alert

9.1.0

informational

90013

Compromised or manufacturer default password found in HTTP Basic Authentication

alert

9.1.0

informational

90014

Compromised or manufacturer default password found in HTTP Basic Authentication

alert

9.1.0

informational

90015

Compromised or manufacturer default password found in HTTP Basic Authentication

alert

9.1.0

informational

90016

Compromised or manufacturer default password found in HTTP Basic Authentication

alert

9.1.0

informational

90018

Compromised or manufacturer default password found in HTTP Basic Authentication

alert

9.1.0

informational

90020

Compromised or manufacturer default password found in HTTP Basic Authentication

alert

9.1.0

informational

90021

Compromised or manufacturer default password found in HTTP Basic Authentication

alert

9.1.0

informational

90022

Compromised or manufacturer default password found in HTTP Basic Authentication

alert

9.1.0

informational

90023

Compromised or manufacturer default password found in HTTP Basic Authentication

alert

9.1.0

informational

90024

Compromised or manufacturer default password found in HTTP Basic Authentication

alert

9.1.0

informational

90025

Compromised or manufacturer default password found in HTTP Basic Authentication

alert

9.1.0

informational

90026

Compromised or manufacturer default password found in HTTP Basic Authentication

alert

9.1.0

informational

90027

Compromised or manufacturer default password found in HTTP Basic Authentication

alert

9.1.0

informational

90028

Compromised or manufacturer default password found in HTTP Basic Authentication

alert

9.1.0

informational

90029

Compromised or manufacturer default password found in HTTP Basic Authentication

alert

9.1.0

informational

90030

Compromised or manufacturer default password found in HTTP Basic Authentication

alert

9.1.0

informational

90031

Compromised or manufacturer default password found in HTTP Basic Authentication

alert

9.1.0

informational

90032

Compromised or manufacturer default password found in HTTP Basic Authentication

alert

9.1.0

informational

90033

Compromised or manufacturer default password found in HTTP Basic Authentication

alert

9.1.0

informational

90034

Compromised or manufacturer default password found in HTTP Basic Authentication

alert

9.1.0

informational

90035

Compromised or manufacturer default password found in HTTP Basic Authentication

alert

9.1.0

informational

90036

Compromised or manufacturer default password found in HTTP Basic Authentication

alert

9.1.0

informational

90037

Compromised or manufacturer default password found in HTTP Basic Authentication

alert

9.1.0

informational

90038

Compromised or manufacturer default password found in HTTP Basic Authentication

alert

9.1.0

informational

90039

Compromised or manufacturer default password found in HTTP Basic Authentication

alert

9.1.0

informational

90040

Compromised or manufacturer default password found in HTTP Basic Authentication

alert

9.1.0

informational

90041

Compromised or manufacturer default password found in HTTP Basic Authentication

alert

9.1.0

critical

90412

VMware Use-After-Free Vulnerability

CVE-2020-3992

alert

7.1.0

critical

90417

OpenSLP Project and VMWare OpenSLP Heap Buffer Overflow Vulnerability

CVE-2019-5544

alert

7.1.0

medium

90418

Fortinet FortiOS Heap Buffer Overflow Vulnerability

CVE-2018-13383

alert

7.1.0

high

90420

FortiOS Buffer Overflow Vulnerability

CVE-2018-13381

alert

7.1.0

high

90435

FasterXML Jackson-Databind Deserialization Vulnerability

CVE-2020-24750

reset-server

7.1.0

medium

90774

DNSmasq Out-of-Bounds Write Vulnerability

CVE-2020-25683

alert

8.1.0

critical

90779

AdvanTech iView SQL Injection Vulnerability

CVE-2021-22658

alert

7.1.0

critical

90804

Emby Media Server Server-Side Request Forgery Vulnerability

CVE-2020-26948

reset-server

7.1.0

critical

90805

CASAP Automated Enrollment System SQL Injection Vulnerability

CVE-2021-26201

alert

7.1.0

critical

90806

OneDev OneDev Platform AttachmentUploadServet Insecure Deserialization Vulnerability

CVE-2021-21242

reset-server

7.1.0

critical

90808

Micro Focus Operations Bridge Reporter Remote Command Execution Vulnerability

CVE-2021-22502

reset-server

7.1.0

high

90811

Node.js Remote Code Execution Vulnerability

CVE-2021-21315

reset-server

7.1.0

Modified Vulnerability Signatures - Detection Logic (2)

Severity

ID

Attack Name

CVE ID

Vendor ID

Default Action

Change

Minimum PAN-OS Version

Maximum PAN-OS Version

medium

58498

FastJson Deserialization Vulnerability

alert

improved detection logic to cover a new exploit

7.1.0

informational

59296

Magmi Authentication Bypass Attempt Detection

allow

improved detection logic to address a possible fp issue

7.1.0

Modified Vulnerability Signatures - Metadata Information (101)

Severity

ID

Attack Name

CVE ID

Vendor ID

Default Action

Change

Minimum PAN-OS Version

Maximum PAN-OS Version

high

30227

RealVNC Remote Authentication Bypass Vulnerability

CVE-2006-2369

reset-both

updated associated default action to reset

7.1.0

high

30232

BomberClone Error Message Buffer Overflow Vulnerability

CVE-2006-0460

reset-server

updated associated default action to reset

6.1.0

high

30353

Network Time Protocol Windows Daemon Denial of Service Vulnerability

CVE-2016-9312

reset-server

updated associated default action to reset

7.1.0

critical

30656

Microsoft Windows Search Heap Buffer Overflow Vulnerability

CVE-2017-11771

reset-server

updated associated default action to reset

7.1.0

critical

31027

Memcached process_bin_append_prepend Integer Overflow Vulnerability

CVE-2016-8704

reset-server

updated associated default action to reset

7.1.0

critical

31159

Snort Back Orifice Pre-Processor Buffer Overflow Vulnerability

CVE-2005-3252

reset-server

updated associated default action to reset

7.1.0

high

31311

Oracle Web Cache Heap Overflow Denial-of-Service Vulnerability

CVE-2004-0385

reset-server

updated associated default action to reset

7.1.0

high

31519

Motorola Timbuktu Crafted Login Request Buffer Overflow Vulnerability

CVE-2007-4221

reset-server

updated associated default action to reset

7.1.0

high

31531

Firebird Database Username Buffer Overflow Vulnerability

CVE-2008-0387

reset-server

updated associated default action to reset

7.1.0

high

31554

Citrix Presentation Server IMA Service Remote Buffer Overflow Vulnerability

CVE-2008-0356

reset-server

updated associated default action to reset

7.1.0

high

31766

Microsoft SMBv3 Tree Connect Denial-of-Service Vulnerability

reset-client

updated associated default action to reset

7.1.0

critical

32208

IBM Tivoli Storage Manager Express Backup Heap Corruption Vulnerability

CVE-2008-4563

1377388

reset-server

updated associated default action to reset

7.1.0

critical

32296

Windows Command Reverse Shell Access

reset-server

updated associated default action to reset

7.1.0

critical

32312

HPE LoadRunner and Performance Center Heap Buffer Overflow Vulnerability

CVE-2017-5789

reset-server

updated associated default action to reset

7.1.0

high

32382

Subversion Date Parsing Overflow Vulnerability

CVE-2004-0397

reset-server

updated associated default action to reset

7.1.0

high

32387

IBM Tivoli Storage Manager String Handling Buffer Overflow Vulnearbility

CVE-2008-4828

1384389

reset-server

updated associated default action to reset

7.1.0

high

32390

Computer Associates License Manager Stack Buffer Overflow Vulnerability

CVE-2005-0581

reset-server

updated associated default action to reset

7.1.0

high

32521

Symantec VSF Scheduler Service NULL Session Authentication Bypass Vulnerability

CVE-2008-3703

SYM08-015

reset-server

updated associated default action to reset

7.1.0

critical

32799

Aerospike Database Server Multiple Stack Buffer Overflow Vulnerabilities

CVE-2016-9052
CVE-2016-9054

reset-server

updated associated default action to reset

7.1.0

critical

33000

Microsoft Windows Media Services Stack Buffer Overflow Vulnerability

CVE-2010-0478

MS10-025

reset-server

updated associated default action to reset

7.1.0

high

33039

DB2 JDBC Applet Server Request Parsing Buffer Overflow Vulnerability

CVE-2007-2582

reset-server

updated associated default action to reset

7.1.0

high

33048

Berlios GPSD Remote Format String Vulnerability

CVE-2004-1388

reset-server

updated associated default action to reset

7.1.0

high

33183

Novell eDirectory NDS Verb 0x01 Integer Overflow Vulnerability

CVE-2009-0895

reset-server

updated associated default action to reset

7.1.0

high

33610

Asterisk chan_skinny CAPABILITIES_RES_MESSAGE Denial of Service Vulnerability

CVE-2007-4280

reset-server

updated associated default action to reset

7.1.0

high

33616

IAX2 Asterisk Remote Denial-of-Service Vulnerability

CVE-2007-3763

reset-server

updated associated default action to reset

8.1.0

high

33672

RealVNC VNC Server ClientCutText Message Memory Corruption Vulnerability

reset-server

updated associated default action to reset

7.1.0

critical

33758

Schneider Electric Modbus Authentication Bypass Vulnerability

CVE-2017-6032
CVE-2017-6034

reset-server

updated associated default action to reset

7.1.0

high

34080

CA BrightStor ARCserve UDP Discovery Service Overflow

CVE-2005-0260

reset-server

updated associated default action to reset

7.1.0

high

34171

IBM Tivoli Storage Manager CAD Service Buffer Overflow Vulnerability

CVE-2009-3853

reset-server

updated associated default action to reset

7.1.0

high

34477

Microsoft Host Integration Server Access of Unallocated Memory Denial of Service Vulnerability

CVE-2011-2008

MS11-082

reset-server

updated associated default action to reset

7.1.0

high

34583

DAQFactory NETB Packet Stack Overflow Vulnerability

CVE-2011-3492

reset-server

updated associated default action to reset

7.1.0

high

34584

Siemens Tecnomatix FactoryLink CSService Logging Function Buffer Overflow Vulnerability

reset-server

updated associated default action to reset

7.1.0

high

34585

Siemens Tecnomatix FactoryLink vrn Opcode 9 Buffer Overflow Vulnerability

reset-server

updated associated default action to reset

7.1.0

high

34586

Iconics GENESIS32 Opcode 0x4b0 Integer Overflow Vulnerability

reset-server

updated associated default action to reset

7.1.0

high

34589

IGSS DataServer ListAll Command Parsing Stack Overflow Vulnerability

CVE-2011-1567

reset-server

updated associated default action to reset

7.1.0

high

34590

MOXA Device Manager Tool Buffer Overflow Vulnerability

reset-both

updated associated default action to reset

7.1.0

high

34591

DATAC RealWin SCADA Server On_FC_CONNECT_FCS_a_FILE Buffer Overflow Vulnerability

CVE-2011-1563

reset-server

updated associated default action to reset

7.1.0

high

34592

RealWin SCADA Server DATAC Login Buffer Overflow Vulnerability

CVE-2011-1563

reset-server

updated associated default action to reset

7.1.0

high

34640

EMC Autostart Domain Name Logging Buffer Overflow Vulnerability

CVE-2011-2735

reset-server

updated associated default action to reset

7.1.0

high

34646

Sielco Sistemi Winlog Pro Opcode 2 Parsing Stack Overflow Vulnerability

CVE-2011-0517

reset-server

updated associated default action to reset

7.1.0

high

34647

DATAC RealWin Remote Overflow Vulnerability

CVE-2011-1563

reset-server

updated associated default action to reset

7.1.0

high

34648

DATAC RealWin Remote Integer Overflow Vulnerability

CVE-2011-1564

reset-server

updated associated default action to reset

7.1.0

high

34649

DATAC RealWin Remote Overflow Vulnerability

CVE-2011-1563

reset-server

updated associated default action to reset

7.1.0

high

34650

DATAC RealWin Remote Overflow Vulnerability

CVE-2011-1563

reset-server

updated associated default action to reset

7.1.0

high

34661

Interactive Graphical SCADA System Remote Buffer Overflow Vulnerability

CVE-2011-1567

reset-server

updated associated default action to reset

7.1.0

high

34662

Interactive Graphical SCADA System Remote Buffer Overflow Vulnerability

CVE-2011-1567

reset-server

updated associated default action to reset

7.1.0

high

34684

Sunway Forcecontrol SNMP NetDBServer Stack Overflow Vulnerability

reset-server

updated associated default action to reset

7.1.0

high

34811

Trend Micro Control Manager CmdProcessor AddTask Remote Code Execution Vulnerability

CVE-2011-5001

reset-server

updated associated default action to reset

7.1.0

high

34981

Novell ZENworks Configuration Management Preboot Opcode 0x4c Buffer Overflow Vulnerability

CVE-2011-3176
CVE-2011-3175

reset-server

updated associated default action to reset

7.1.0

high

35022

Novell ZENworks Configuration Management Preboot Opcode 0x21 Buffer Overflow Vulnerability

reset-server

updated associated default action to reset

7.1.0

high

35088

Digium Asterisk Skinny Channel Driver Heap Buffer Overflow Vulnerability

CVE-2012-2415

reset-server

updated associated default action to reset

7.1.0

high

35187

IPSwitch WS_FTP Logging Server Daemon Denial of Service Vulnerability

reset-server

updated associated default action to reset

7.1.0

high

35196

IBM Tivoli Storage Manager FastBack Remote Code Execution Vulnerability

CVE-2010-3058

reset-server

updated associated default action to reset

7.1.0

high

35208

Citrix Provisioning Services Remote Code Execution Vulnerability

reset-server

updated associated default action to reset

7.1.0

high

35262

DATAC RealWin SCADA Server SCPC_INITIALIZE Buffer Overflow Vulnerability

CVE-2010-4142

reset-server

updated associated default action to reset

7.1.0

high

35292

ABB WebWare Server Buffer Overflow Vulnerability

CVE-2012-0245

reset-server

updated associated default action to reset

7.1.0

high

35319

GE Proficy Real Time Information Portal Directory Traversal Vulnerability

CVE-2012-0232

reset-server

updated associated default action to reset

7.1.0

high

35361

Helix SNMP Server DisplayString Input Handling Buffer Overflow Vulnerability

reset-server

updated associated default action to reset

7.1.0

high

35371

GIMP Script-Fu Server Buffer Overflow Vulnerability

CVE-2012-2763

reset-server

updated associated default action to reset

7.1.0

high

35374

SAP NetWeaver Dispatcher DiagTraceR3Info Buffer Overflow Vulnerability

CVE-2012-2611

reset-server

updated associated default action to reset

7.1.0

high

35411

Digium Asterisk UDPTL Processing Heap Buffer Overflow Vulnerability

CVE-2011-1147

reset-server

updated associated default action to reset

7.1.0

high

35433

Novell eDirectory NCP Stack Overflow Vulnerability

CVE-2012-0432

reset-server

updated associated default action to reset

7.1.0

high

35582

Sielco Sistemi WinlogLite Buffer Overflow Vulnerability

CVE-2012-3815

reset-server

updated associated default action to reset

7.1.0

high

35594

Novell ZENworks Configuration Management Preboot Opcode 0x4c Buffer Overflow Vulnerability

CVE-2011-3176

reset-server

updated associated default action to reset

7.1.0

high

35650

Schneider Electric Interactive Graphical SCADA Buffer Overflow Vulnerability

CVE-2013-0657

reset-server

updated associated default action to reset

7.1.0

high

35678

Trend Micro Control Manager CmdProcessor AddTask Remote Code Execution Vulnerability

CVE-2011-5001

reset-server

updated associated default action to reset

7.1.0

high

35691

IGSS DataServer ListAll Parameter Parsing Buffer Overflow Vulnerability

CVE-2011-1567

reset-server

updated associated default action to reset

7.1.0

high

35700

Siemens SIMATIC WinCC Flexible Runtime Stack Overflow Vulnerability

CVE-2011-4875

reset-server

updated associated default action to reset

7.1.0

high

36019

3S Smart Software Solutions CoDeSys Gateway Server Heap Overflow Vulnerability

CVE-2012-4706

reset-server

updated associated default action to reset

7.1.0

high

36087

CitectSCADA ODBC Server Remote Stack Based Buffer Overflow Vulnerability

CVE-2008-2639

reset-server

updated associated default action to reset

7.1.0

high

36726

CA eTrust Secure Content Manager Gateway FTP PASV Stack Overflow Vulnerability

CVE-2008-2541

reset-client

updated associated default action to reset

7.1.0

high

36886

GoldenFTP PASS Stack Buffer Overflow Vulnerability

CVE-2006-6576

reset-both

updated associated default action to reset

7.1.0

high

36912

SolarFTP Server PASV Buffer Overflow Vulnerability

reset-server

updated associated default action to reset

7.1.0

critical

36957

Microsoft Windows Search Remote Code Execution Vulnerability

CVE-2017-8543

reset-server

updated associated default action to reset

7.1.0

high

36977

ISC DHCP Server BOOTP Packet Denial of Service Vulnerability

CVE-2011-2749
CVE-2011-2748

reset-server

updated associated default action to reset

7.1.0

high

37085

EMC Replication Manager Command Execution Vulnerability

CVE-2011-0647

reset-server

updated associated default action to reset

7.1.0

high

37248

HP Data Protector DtbClsLogin Remote Code Execution Vulnerability

CVE-2010-3007

reset-server

updated associated default action to reset

7.1.0

medium

37363

WordPress Information Disclosure Vulnerabilities

CVE-2015-1579
CVE-2014-9734

alert

updated associated metadata information

7.1.0

critical

38390

ProFTPD Unauthorized Remote File Upload Vulnerability

CVE-2015-3306
CVE-2019-12815

reset-server

updated associated default action to reset

7.1.0

high

39272

Quagga BGP Daemon bgp_capability_msg_parse Denial-of-Service Vulnerability

CVE-2018-5381

reset-server

updated associated default action to reset

7.1.0

high

39587

Netis/Netcore Router Default Credential Remote Code Execution Vulnerability

reset-server

updated associated default action to reset

7.1.0

high

39639

Network Time Protocol CRYPTO_NAK Crash Vulnerability

CVE-2016-4957

reset-server

updated associated default action to reset

7.1.0

critical

40384

Java/Python FTP Injection Vulnerability

reset-server

updated associated default action to reset

7.1.0

high

54401

Linux Kernel iSCSI Login Key Heap Buffer Overflow Vulnerability

CVE-2013-2850

reset-server

updated associated default action to reset

8.1.0

high

54402

OpenAFS GetStatistics64 AFS Rx Packet statsVersion Heap Buffer Overflow Vulnerability

CVE-2014-0159

reset-server

updated associated default action to reset

8.1.0

high

54486

KarjaSoft Sami FTP Server 2.0.2 Remote Stack Based Buffer Overflow Vulnerability

CVE-2006-2212

reset-server

updated associated default action to reset

7.1.0

critical

54956

libVNC LibVNCServer File Transfer Extension Heap-based Buffer Overflow Vulnerability

CVE-2018-15127

reset-server

updated associated default action to reset

7.1.0

critical

55035

LibVNCClient and TightVNC vncviewer CoRRE Buffer Overflow Vulnerability

CVE-2018-20020
CVE-2019-8287

reset-client

updated associated default action to reset

7.1.0

high

55818

Microsoft Windows SMB Remote Code Execution Vulnerability

CVE-2019-0630

reset-server

updated associated default action to reset

8.1.0

critical

56091

Fuji Electric V-Server Weak Cryptography Vulnerability

CVE-2019-3947

reset-both

updated associated default action to reset

7.1.0

high

56536

BACnet Stack 0.8.6 Denial-of-Service Vulnerability

CVE-2019-12480

reset-server

updated associated default action to reset

7.1.0

high

56660

SolarWinds DameWare Mini Remote Control RsaSignatureLen Out-of-Bounds Read Vulnerability

CVE-2019-3957

reset-server

updated associated default action to reset

8.1.0

high

56696

SolarWinds DameWare Mini Remote Control CltDHPubKeyLen Out-of-Bounds Read Vulnerability

CVE-2019-3956

reset-server

updated associated default action to reset

8.1.0

critical

57061

TurboVNC Fence Message Stack-based Buffer Overflow Vulnerability

CVE-2019-15683

reset-server

updated associated default action to reset

7.1.0

critical

57207

OpenSLP Project and VMWare OpenSLP Heap Buffer Overflow Vulnerability

CVE-2019-5544

reset-server

updated associated default action to reset

7.1.0

critical

57715

HiSilicon DVR Telnet Backdoor Account Vulnerability

reset-server

updated associated default action to reset

7.1.0

critical

57737

Anviz CrossChex Buffer Overflow Vulnerability

CVE-2019-12518

reset-server

updated associated default action to reset

7.1.0

high

57847

Netgear R6400 Buffer Overflow Vulnerability

CVE-2020-9373

reset-server

updated associated default action to reset

7.1.0

high

57905

Memcached try_read_command_binary Stack Buffer Overflow Vulnerability

CVE-2020-10931

reset-server

updated associated default action to reset

8.1.0

high

57964

Microsoft Windows SMB Remote Code Execution Vulnerability

CVE-2019-0630

reset-server

updated associated default action to reset

8.1.0

high

59011

Valhala Honeypot Stack Buffer Overflow Vulnerability

reset-server

updated associated default action to reset

7.1.0

Disabled Vulnerability Signatures (1)

Severity

ID

Attack Name

CVE ID

Vendor ID

Default Action

Minimum PAN-OS Version

Maximum PAN-OS Version

high

36075

ISC BIND OPT Record Handling Denial of Service Vulnerability

CVE-2002-1220

alert

7.1.0

 


Comments

Popular posts from this blog

Cisco Releases Security Updates for Cisco ASA 5506-X, 5508-X, 5516-X and Firepower// Cisco Bug IDs: CSCvp36425

A vulnerability in the cryptographic driver for Cisco Adaptive Security Appliance Software (ASA) and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reboot unexpectedly. The vulnerability is due to incomplete input validation of a Secure Sockets Layer (SSL) or Transport Layer Security (TLS) ingress packet header. An attacker could exploit this vulnerability by sending a crafted TLS/SSL packet to an interface on the targeted device. An exploit could allow the attacker to cause the device to reload, which will result in a denial of service (DoS) condition. Note:  Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability affects systems configured in routed and transparent firewall mode and in single or multiple context mode. This vulnerability can be triggered by IPv4 and IPv6 traffic. A valid SSL or TLS session is required to exploit this vulnerability. Cisco has rel

Site-to-site IPsec VPN with two FortiGates

In this example, you will allow transparent communication between two networks that are located behind different FortiGates at different offices using route-based IPsec VPN. The VPN will be created on both FortiGates by using the VPN Wizard's   Site to Site - FortiGate   template. In this example, one office will be referred to as HQ and the other will be referred to as Branch. 1. Configuring the HQ IPsec VPN On the HQ FortiGate, go to  VPN > IPsec Wizard . Select the  Site to Site  template, and select  FortiGate . In the  Authentication  step, set  IP Address  to the IP of the Branch FortiGate (in the example,  172.20.120.135 ). After you enter the gateway, an available interface will be assigned as the  Outgoing Interface . If you wish to use a different interface, select it from the drop-down menu. Set a secure  Pre-shared Key . In the  Policy & Routing  step, set the  Local Interface . The  Local Subnets  will be added automatically. Set  Remote