Threat Intelligence Report
Top Attacks and Breaches
- The biochemical systems at an Oxford university research lab currently studying the Covid-19 pandemic has been breached. Clinical research was not affected by the incident. Breached systems include machines used to prepare biochemical samples, and hackers are currently attempting to sell their access to those machines.
- Twitter has permanently suspended multiple accounts found to be part of four disinformation campaign networks, most likely operated by state-sponsored actors associated with Iran, Russia and Armenia. The Iranian infrastructure was previously used to disrupt the 2020 US presidential campaign discourse.
- Gmail accounts of global pro-Tibet organizations have been targeted by the Chinese APT TA413, an espionage group known for its operations against civil dissidents. The campaign leverages a customized malicious Mozilla Firefox browser extension to gain control over the victims’ Gmail accounts.
- Npower, a British gas and energy supplier, has shut down its mobile application following a data breach that leveraged the application to steal sensitive customer information, via a credential stuffing attack.
- Bombardier, a Canadian plane manufacturer, has admitted it has suffered a data breach leading to the exposure of employee, customer and supplier information after some of the stolen data was leaked online by the attackers.
- Cybercrime group dubbed ‘Hotarus Corp’ has breached Ecuador’s Ministry of Finance, as well as the country’s largest private bank, Banco Pichincha. The group claims they have stolen data from the bank’s network, and have recently posted online some 6,500 records, allegedly taken from the Ministry of Finance.
- American Telecom provider T-Mobile has disclosed it has suffered a breach, after multiple customers have fallen victim to SIM swapping attacks, in which a hacker ports the victim’s number using social engineering to gain control over their account. Personal information and identification information were stolen.
Vulnerabilities and Patches
- VMWare has alerted its customers that a newly discovered critical vulnerability in its vCenter Server product, a management software for VMware vSphere environments, might allow an attacker to execute commands with elevated privileges. The flaw was assigned CVE-2021-21972. The flaw has already been exploited in the wild, as attackers have been observed scanning the web for vulnerable servers.
Check Point IPS provides protection against this threat (VMware vSphere Client Remote Code Execution (CVE-2021-21972))
- Microsoft has patched a critical remote code execution vulnerability in Windows. The flaw, assigned CVE-2021-24093, is found in a Windows graphics component and impacts multiple Windows 10 and Windows Server versions.
- Critical authentication bypass vulnerability has been discovered in Rockwell Automation’s Programmable Logic Controllers (PLCs). The flaw, assigned CVE-2021-22681, could enable an unauthenticated attacker to bypass verification mechanisms, connect to Logix controllers and modify their configuration.
- Cisco has released a security update to address three critical flaws affecting its ACI Multi-Site Orchestrator (MSO), Application Services Engine and NX-OS software, as well as other vulnerabilities. The most severe flaw is a remote bypass authentication assigned CVE-2021-1388, that affects an MSO’s API endpoint.
Threat Intelligence Reports
- Check Point Research has released the annual Security Report for 2021. The report provides malware distribution and vulnerability exploit statistics for 2020, covers the biggest cyber incidents and reviews attack trends observed during the past year, including a rise in attacks against the healthcare sector, double extortion attacks and more.
- Several large-scale ransomware operations targeting mainly big corporations have recently shifted their focus from Windows OS machines to VMware ESXi Servers, and developed custom variants of their ransomware, capable of running on Linux OS machines.
Check Point SandBlast and Anti-Virus provide protection against these threats (Ransomware.Win32.DarkSide; Ransomware.Linux.DarkSide; Trojan.Win32.Ransomexx)
- Researchers have investigated a campaign by the North Korean APT Lazarus that leveraged the ThreatNeedle malware family to target defense industry entities. The campaign uses Covid-19 themes in spear-phishing emails in addition to tailored personal information.
- New variant of the Ryuk ransomware has been observed in the wild. The new version implements self-replication capabilities within a local network among Windows-based machines.
Check Point SandBlast and SandBlast Agent provide protection against this threat (Ransomware.Win32.Ryuk)
New Anti-Spyware Signatures
(32)
|
Severity |
ID |
Attack Name |
Default Action |
Minimum PAN-OS Version |
Maximum PAN-OS Version |
|
medium |
21262 |
MediaGet Command and Control Traffic Detection |
alert |
7.1.0 |
|
|
critical |
21283 |
Ramnit Command and Control Traffic Detection |
reset-both |
7.1.0 |
|
|
critical |
21290 |
Upatre Command and Control Traffic Detection |
reset-both |
7.1.0 |
|
|
critical |
21295 |
Monstres Command and Control Traffic Detection |
reset-both |
7.1.0 |
|
|
critical |
21296 |
Pastebin Command and Control Traffic Detection |
reset-both |
7.1.0 |
|
|
critical |
21297 |
Pastebin Command and Control Traffic Detection |
reset-both |
7.1.0 |
|
|
critical |
21298 |
Pastebin Command and Control Traffic Detection |
reset-both |
7.1.0 |
|
|
critical |
21299 |
Pastebin Command and Control Traffic Detection |
reset-both |
7.1.0 |
|
|
critical |
21300 |
Pastebin Command and Control Traffic Detection |
reset-both |
7.1.0 |
|
|
critical |
21301 |
Pastebin Command and Control Traffic Detection |
reset-both |
7.1.0 |
|
|
critical |
21302 |
Pastebin Command and Control Traffic Detection |
reset-both |
7.1.0 |
|
|
critical |
21303 |
Pastebin Command and Control Traffic Detection |
reset-both |
7.1.0 |
|
|
critical |
21304 |
Pastebin Command and Control Traffic Detection |
reset-both |
7.1.0 |
|
|
critical |
21305 |
Pastebin Command and Control Traffic Detection |
reset-both |
7.1.0 |
|
|
critical |
21306 |
RemcosRAT Command and Control Traffic Detection |
reset-both |
7.1.0 |
|
|
critical |
21307 |
Gh0st Command and Control Traffic Detection |
reset-both |
7.1.0 |
|
|
critical |
21308 |
Gh0st Command and Control Traffic Detection |
reset-both |
7.1.0 |
|
|
critical |
21309 |
Gh0st Command and Control Traffic Detection |
reset-both |
7.1.0 |
|
|
critical |
21310 |
Gh0st Command and Control Traffic Detection |
reset-both |
7.1.0 |
|
|
critical |
21311 |
RemcosRAT Command and Control Traffic Detection |
reset-both |
7.1.0 |
|
|
critical |
21312 |
FlyStudio Command and Control Traffic Detection |
reset-both |
7.1.0 |
|
|
critical |
21313 |
Pastebin Command and Control Traffic Detection |
reset-both |
7.1.0 |
|
|
critical |
21314 |
Pastebin Command and Control Traffic Detection |
reset-both |
7.1.0 |
|
|
critical |
21315 |
Pastebin Command and Control Traffic Detection |
reset-both |
7.1.0 |
|
|
critical |
21316 |
Pastebin Command and Control Traffic Detection |
reset-both |
7.1.0 |
|
|
critical |
21317 |
Pastebin Command and Control Traffic Detection |
reset-both |
7.1.0 |
|
|
critical |
21318 |
Pastebin Command and Control Traffic Detection |
reset-both |
7.1.0 |
|
|
critical |
21319 |
Pastebin Command and Control Traffic Detection |
reset-both |
7.1.0 |
|
|
critical |
21320 |
Pastebin Command and Control Traffic Detection |
reset-both |
7.1.0 |
|
|
critical |
21321 |
Pastebin Command and Control Traffic Detection |
reset-both |
7.1.0 |
|
|
critical |
21322 |
Pastebin Command and Control Traffic Detection |
reset-both |
7.1.0 |
|
|
critical |
21324 |
StopRansomware Command and Control Traffic Detection |
reset-both |
7.1.0 |
Modified Anti-Spyware
Signatures (7)
|
Severity |
ID |
Attack Name |
Default Action |
Change |
Minimum PAN-OS Version |
Maximum PAN-OS Version |
|
low |
10553 |
Lop Spyware Traffic Detection |
alert |
improved detection logic to cover a new c2 variant |
7.1.0 |
|
|
high |
80747 |
Webshell.ASP.tennc.cmdexec File Detection |
reset-both |
improved detection logic to cover a new c2 variant |
7.1.0 |
|
|
high |
80858 |
Webshell.CFM.tennc.Cmd_Shell File Detection |
reset-both |
improved detection logic to cover a new c2 variant |
7.1.0 |
|
|
high |
80860 |
Webshell.CFM.tennc.Cmd_Shell File Detection |
reset-both |
improved detection logic to cover a new c2 variant |
7.1.0 |
|
|
medium |
81074 |
Webshell.CFM.tennc.cfExec File Detection |
alert |
improved detection logic to cover a new c2 variant |
7.1.0 |
|
|
critical |
85244 |
Cobalt Strike PowerShell Payload Detection |
reset-both |
improved detection logic to address a possible fp issue |
7.1.0 |
|
|
medium |
86237 |
Cobalt Strike Beacon Command and Control Traffic Detection |
alert |
updated associated metadata information |
7.1.0 |
Disabled Anti-Spyware
Signatures (1)
|
Severity |
ID |
Attack Name |
Default Action |
Minimum PAN-OS Version |
Maximum PAN-OS Version |
|
low |
85891 |
DNS Sinkhole Traffic Detection |
alert |
7.1.0 |
New Vulnerability Signatures
(42)
|
Severity |
ID |
Attack Name |
CVE ID |
Vendor ID |
Default Action |
Minimum PAN-OS Version |
Maximum PAN-OS Version |
|
informational |
90010 |
Compromised or manufacturer default password found in HTTP Basic
Authentication |
alert |
9.1.0 |
|||
|
informational |
90011 |
Compromised or manufacturer default password found in HTTP Basic
Authentication |
alert |
9.1.0 |
|||
|
informational |
90012 |
Compromised or manufacturer default password found in HTTP Basic
Authentication |
alert |
9.1.0 |
|||
|
informational |
90013 |
Compromised or manufacturer default password found in HTTP Basic
Authentication |
alert |
9.1.0 |
|||
|
informational |
90014 |
Compromised or manufacturer default password found in HTTP Basic
Authentication |
alert |
9.1.0 |
|||
|
informational |
90015 |
Compromised or manufacturer default password found in HTTP Basic
Authentication |
alert |
9.1.0 |
|||
|
informational |
90016 |
Compromised or manufacturer default password found in HTTP Basic
Authentication |
alert |
9.1.0 |
|||
|
informational |
90018 |
Compromised or manufacturer default password found in HTTP Basic
Authentication |
alert |
9.1.0 |
|||
|
informational |
90020 |
Compromised or manufacturer default password found in HTTP Basic
Authentication |
alert |
9.1.0 |
|||
|
informational |
90021 |
Compromised or manufacturer default password found in HTTP Basic
Authentication |
alert |
9.1.0 |
|||
|
informational |
90022 |
Compromised or manufacturer default password found in HTTP Basic
Authentication |
alert |
9.1.0 |
|||
|
informational |
90023 |
Compromised or manufacturer default password found in HTTP Basic
Authentication |
alert |
9.1.0 |
|||
|
informational |
90024 |
Compromised or manufacturer default password found in HTTP Basic
Authentication |
alert |
9.1.0 |
|||
|
informational |
90025 |
Compromised or manufacturer default password found in HTTP Basic
Authentication |
alert |
9.1.0 |
|||
|
informational |
90026 |
Compromised or manufacturer default password found in HTTP Basic
Authentication |
alert |
9.1.0 |
|||
|
informational |
90027 |
Compromised or manufacturer default password found in HTTP Basic
Authentication |
alert |
9.1.0 |
|||
|
informational |
90028 |
Compromised or manufacturer default password found in HTTP Basic
Authentication |
alert |
9.1.0 |
|||
|
informational |
90029 |
Compromised or manufacturer default password found in HTTP Basic
Authentication |
alert |
9.1.0 |
|||
|
informational |
90030 |
Compromised or manufacturer default password found in HTTP Basic
Authentication |
alert |
9.1.0 |
|||
|
informational |
90031 |
Compromised or manufacturer default password found in HTTP Basic
Authentication |
alert |
9.1.0 |
|||
|
informational |
90032 |
Compromised or manufacturer default password found in HTTP Basic
Authentication |
alert |
9.1.0 |
|||
|
informational |
90033 |
Compromised or manufacturer default password found in HTTP Basic
Authentication |
alert |
9.1.0 |
|||
|
informational |
90034 |
Compromised or manufacturer default password found in HTTP Basic
Authentication |
alert |
9.1.0 |
|||
|
informational |
90035 |
Compromised or manufacturer default password found in HTTP Basic
Authentication |
alert |
9.1.0 |
|||
|
informational |
90036 |
Compromised or manufacturer default password found in HTTP Basic
Authentication |
alert |
9.1.0 |
|||
|
informational |
90037 |
Compromised or manufacturer default password found in HTTP Basic
Authentication |
alert |
9.1.0 |
|||
|
informational |
90038 |
Compromised or manufacturer default password found in HTTP Basic
Authentication |
alert |
9.1.0 |
|||
|
informational |
90039 |
Compromised or manufacturer default password found in HTTP Basic
Authentication |
alert |
9.1.0 |
|||
|
informational |
90040 |
Compromised or manufacturer default password found in HTTP Basic
Authentication |
alert |
9.1.0 |
|||
|
informational |
90041 |
Compromised or manufacturer default password found in HTTP Basic
Authentication |
alert |
9.1.0 |
|||
|
critical |
90412 |
VMware Use-After-Free Vulnerability |
CVE-2020-3992 |
alert |
7.1.0 |
||
|
critical |
90417 |
OpenSLP Project and VMWare OpenSLP Heap Buffer Overflow
Vulnerability |
CVE-2019-5544 |
alert |
7.1.0 |
||
|
medium |
90418 |
Fortinet FortiOS Heap Buffer Overflow Vulnerability |
CVE-2018-13383 |
alert |
7.1.0 |
||
|
high |
90420 |
FortiOS Buffer Overflow Vulnerability |
CVE-2018-13381 |
alert |
7.1.0 |
||
|
high |
90435 |
FasterXML Jackson-Databind Deserialization Vulnerability |
CVE-2020-24750 |
reset-server |
7.1.0 |
||
|
medium |
90774 |
DNSmasq Out-of-Bounds Write Vulnerability |
CVE-2020-25683 |
alert |
8.1.0 |
||
|
critical |
90779 |
AdvanTech iView SQL Injection Vulnerability |
CVE-2021-22658 |
alert |
7.1.0 |
||
|
critical |
90804 |
Emby Media Server Server-Side Request Forgery Vulnerability |
CVE-2020-26948 |
reset-server |
7.1.0 |
||
|
critical |
90805 |
CASAP Automated Enrollment System SQL Injection Vulnerability |
CVE-2021-26201 |
alert |
7.1.0 |
||
|
critical |
90806 |
OneDev OneDev Platform AttachmentUploadServet Insecure
Deserialization Vulnerability |
CVE-2021-21242 |
reset-server |
7.1.0 |
||
|
critical |
90808 |
Micro Focus Operations Bridge Reporter Remote Command Execution
Vulnerability |
CVE-2021-22502 |
reset-server |
7.1.0 |
||
|
high |
90811 |
Node.js Remote Code Execution Vulnerability |
CVE-2021-21315 |
reset-server |
7.1.0 |
Modified Vulnerability
Signatures - Detection Logic (2)
|
Severity |
ID |
Attack Name |
CVE ID |
Vendor ID |
Default Action |
Change |
Minimum PAN-OS Version |
Maximum PAN-OS Version |
|
medium |
58498 |
FastJson Deserialization Vulnerability |
alert |
improved detection logic to cover a new exploit |
7.1.0 |
|||
|
informational |
59296 |
Magmi Authentication Bypass Attempt Detection |
allow |
improved detection logic to address a possible fp issue |
7.1.0 |
Modified Vulnerability
Signatures - Metadata Information (101)
|
Severity |
ID |
Attack Name |
CVE ID |
Vendor ID |
Default Action |
Change |
Minimum PAN-OS Version |
Maximum PAN-OS Version |
|
high |
30227 |
RealVNC Remote Authentication Bypass Vulnerability |
CVE-2006-2369 |
reset-both |
updated associated default action to reset |
7.1.0 |
||
|
high |
30232 |
BomberClone Error Message Buffer Overflow Vulnerability |
CVE-2006-0460 |
reset-server |
updated associated default action to reset |
6.1.0 |
||
|
high |
30353 |
Network Time Protocol Windows Daemon Denial of Service
Vulnerability |
CVE-2016-9312 |
reset-server |
updated associated default action to reset |
7.1.0 |
||
|
critical |
30656 |
Microsoft Windows Search Heap Buffer Overflow Vulnerability |
CVE-2017-11771 |
reset-server |
updated associated default action to reset |
7.1.0 |
||
|
critical |
31027 |
Memcached process_bin_append_prepend Integer Overflow
Vulnerability |
CVE-2016-8704 |
reset-server |
updated associated default action to reset |
7.1.0 |
||
|
critical |
31159 |
Snort Back Orifice Pre-Processor Buffer Overflow Vulnerability |
CVE-2005-3252 |
reset-server |
updated associated default action to reset |
7.1.0 |
||
|
high |
31311 |
Oracle Web Cache Heap Overflow Denial-of-Service Vulnerability |
CVE-2004-0385 |
reset-server |
updated associated default action to reset |
7.1.0 |
||
|
high |
31519 |
Motorola Timbuktu Crafted Login Request Buffer Overflow
Vulnerability |
CVE-2007-4221 |
reset-server |
updated associated default action to reset |
7.1.0 |
||
|
high |
31531 |
Firebird Database Username Buffer Overflow Vulnerability |
CVE-2008-0387 |
reset-server |
updated associated default action to reset |
7.1.0 |
||
|
high |
31554 |
Citrix Presentation Server IMA Service Remote Buffer Overflow
Vulnerability |
CVE-2008-0356 |
reset-server |
updated associated default action to reset |
7.1.0 |
||
|
high |
31766 |
Microsoft SMBv3 Tree Connect Denial-of-Service Vulnerability |
reset-client |
updated associated default action to reset |
7.1.0 |
|||
|
critical |
32208 |
IBM Tivoli Storage Manager Express Backup Heap Corruption
Vulnerability |
CVE-2008-4563 |
1377388 |
reset-server |
updated associated default action to reset |
7.1.0 |
|
|
critical |
32296 |
Windows Command Reverse Shell Access |
reset-server |
updated associated default action to reset |
7.1.0 |
|||
|
critical |
32312 |
HPE LoadRunner and Performance Center Heap Buffer Overflow
Vulnerability |
CVE-2017-5789 |
reset-server |
updated associated default action to reset |
7.1.0 |
||
|
high |
32382 |
Subversion Date Parsing Overflow Vulnerability |
CVE-2004-0397 |
reset-server |
updated associated default action to reset |
7.1.0 |
||
|
high |
32387 |
IBM Tivoli Storage Manager String Handling Buffer Overflow
Vulnearbility |
CVE-2008-4828 |
1384389 |
reset-server |
updated associated default action to reset |
7.1.0 |
|
|
high |
32390 |
Computer Associates License Manager Stack Buffer Overflow
Vulnerability |
CVE-2005-0581 |
reset-server |
updated associated default action to reset |
7.1.0 |
||
|
high |
32521 |
Symantec VSF Scheduler Service NULL Session Authentication Bypass
Vulnerability |
CVE-2008-3703 |
SYM08-015 |
reset-server |
updated associated default action to reset |
7.1.0 |
|
|
critical |
32799 |
Aerospike Database Server Multiple Stack Buffer Overflow
Vulnerabilities |
CVE-2016-9052 |
reset-server |
updated associated default action to reset |
7.1.0 |
||
|
critical |
33000 |
Microsoft Windows Media Services Stack Buffer Overflow
Vulnerability |
CVE-2010-0478 |
MS10-025 |
reset-server |
updated associated default action to reset |
7.1.0 |
|
|
high |
33039 |
DB2 JDBC Applet Server Request Parsing Buffer Overflow
Vulnerability |
CVE-2007-2582 |
reset-server |
updated associated default action to reset |
7.1.0 |
||
|
high |
33048 |
Berlios GPSD Remote Format String Vulnerability |
CVE-2004-1388 |
reset-server |
updated associated default action to reset |
7.1.0 |
||
|
high |
33183 |
Novell eDirectory NDS Verb 0x01 Integer Overflow Vulnerability |
CVE-2009-0895 |
reset-server |
updated associated default action to reset |
7.1.0 |
||
|
high |
33610 |
Asterisk chan_skinny CAPABILITIES_RES_MESSAGE Denial of Service
Vulnerability |
CVE-2007-4280 |
reset-server |
updated associated default action to reset |
7.1.0 |
||
|
high |
33616 |
IAX2 Asterisk Remote Denial-of-Service Vulnerability |
CVE-2007-3763 |
reset-server |
updated associated default action to reset |
8.1.0 |
||
|
high |
33672 |
RealVNC VNC Server ClientCutText Message Memory Corruption
Vulnerability |
reset-server |
updated associated default action to reset |
7.1.0 |
|||
|
critical |
33758 |
Schneider Electric Modbus Authentication Bypass Vulnerability |
CVE-2017-6032 |
reset-server |
updated associated default action to reset |
7.1.0 |
||
|
high |
34080 |
CA BrightStor ARCserve UDP Discovery Service Overflow |
CVE-2005-0260 |
reset-server |
updated associated default action to reset |
7.1.0 |
||
|
high |
34171 |
IBM Tivoli Storage Manager CAD Service Buffer Overflow
Vulnerability |
CVE-2009-3853 |
reset-server |
updated associated default action to reset |
7.1.0 |
||
|
high |
34477 |
Microsoft Host Integration Server Access of Unallocated Memory
Denial of Service Vulnerability |
CVE-2011-2008 |
MS11-082 |
reset-server |
updated associated default action to reset |
7.1.0 |
|
|
high |
34583 |
DAQFactory NETB Packet Stack Overflow Vulnerability |
CVE-2011-3492 |
reset-server |
updated associated default action to reset |
7.1.0 |
||
|
high |
34584 |
Siemens Tecnomatix FactoryLink CSService Logging Function Buffer
Overflow Vulnerability |
reset-server |
updated associated default action to reset |
7.1.0 |
|||
|
high |
34585 |
Siemens Tecnomatix FactoryLink vrn Opcode 9 Buffer Overflow
Vulnerability |
reset-server |
updated associated default action to reset |
7.1.0 |
|||
|
high |
34586 |
Iconics GENESIS32 Opcode 0x4b0 Integer Overflow Vulnerability |
reset-server |
updated associated default action to reset |
7.1.0 |
|||
|
high |
34589 |
IGSS DataServer ListAll Command Parsing Stack Overflow
Vulnerability |
CVE-2011-1567 |
reset-server |
updated associated default action to reset |
7.1.0 |
||
|
high |
34590 |
MOXA Device Manager Tool Buffer Overflow Vulnerability |
reset-both |
updated associated default action to reset |
7.1.0 |
|||
|
high |
34591 |
DATAC RealWin SCADA Server On_FC_CONNECT_FCS_a_FILE Buffer
Overflow Vulnerability |
CVE-2011-1563 |
reset-server |
updated associated default action to reset |
7.1.0 |
||
|
high |
34592 |
RealWin SCADA Server DATAC Login Buffer Overflow Vulnerability |
CVE-2011-1563 |
reset-server |
updated associated default action to reset |
7.1.0 |
||
|
high |
34640 |
EMC Autostart Domain Name Logging Buffer Overflow Vulnerability |
CVE-2011-2735 |
reset-server |
updated associated default action to reset |
7.1.0 |
||
|
high |
34646 |
Sielco Sistemi Winlog Pro Opcode 2 Parsing Stack Overflow
Vulnerability |
CVE-2011-0517 |
reset-server |
updated associated default action to reset |
7.1.0 |
||
|
high |
34647 |
DATAC RealWin Remote Overflow Vulnerability |
CVE-2011-1563 |
reset-server |
updated associated default action to reset |
7.1.0 |
||
|
high |
34648 |
DATAC RealWin Remote Integer Overflow Vulnerability |
CVE-2011-1564 |
reset-server |
updated associated default action to reset |
7.1.0 |
||
|
high |
34649 |
DATAC RealWin Remote Overflow Vulnerability |
CVE-2011-1563 |
reset-server |
updated associated default action to reset |
7.1.0 |
||
|
high |
34650 |
DATAC RealWin Remote Overflow Vulnerability |
CVE-2011-1563 |
reset-server |
updated associated default action to reset |
7.1.0 |
||
|
high |
34661 |
Interactive Graphical SCADA System Remote Buffer Overflow
Vulnerability |
CVE-2011-1567 |
reset-server |
updated associated default action to reset |
7.1.0 |
||
|
high |
34662 |
Interactive Graphical SCADA System Remote Buffer Overflow
Vulnerability |
CVE-2011-1567 |
reset-server |
updated associated default action to reset |
7.1.0 |
||
|
high |
34684 |
Sunway Forcecontrol SNMP NetDBServer Stack Overflow Vulnerability |
reset-server |
updated associated default action to reset |
7.1.0 |
|||
|
high |
34811 |
Trend Micro Control Manager CmdProcessor AddTask Remote Code
Execution Vulnerability |
CVE-2011-5001 |
reset-server |
updated associated default action to reset |
7.1.0 |
||
|
high |
34981 |
Novell ZENworks Configuration Management Preboot Opcode 0x4c
Buffer Overflow Vulnerability |
CVE-2011-3176 |
reset-server |
updated associated default action to reset |
7.1.0 |
||
|
high |
35022 |
Novell ZENworks Configuration Management Preboot Opcode 0x21
Buffer Overflow Vulnerability |
reset-server |
updated associated default action to reset |
7.1.0 |
|||
|
high |
35088 |
Digium Asterisk Skinny Channel Driver Heap Buffer Overflow
Vulnerability |
CVE-2012-2415 |
reset-server |
updated associated default action to reset |
7.1.0 |
||
|
high |
35187 |
IPSwitch WS_FTP Logging Server Daemon Denial of Service
Vulnerability |
reset-server |
updated associated default action to reset |
7.1.0 |
|||
|
high |
35196 |
IBM Tivoli Storage Manager FastBack Remote Code Execution
Vulnerability |
CVE-2010-3058 |
reset-server |
updated associated default action to reset |
7.1.0 |
||
|
high |
35208 |
Citrix Provisioning Services Remote Code Execution Vulnerability |
reset-server |
updated associated default action to reset |
7.1.0 |
|||
|
high |
35262 |
DATAC RealWin SCADA Server SCPC_INITIALIZE Buffer Overflow
Vulnerability |
CVE-2010-4142 |
reset-server |
updated associated default action to reset |
7.1.0 |
||
|
high |
35292 |
ABB WebWare Server Buffer Overflow Vulnerability |
CVE-2012-0245 |
reset-server |
updated associated default action to reset |
7.1.0 |
||
|
high |
35319 |
GE Proficy Real Time Information Portal Directory Traversal
Vulnerability |
CVE-2012-0232 |
reset-server |
updated associated default action to reset |
7.1.0 |
||
|
high |
35361 |
Helix SNMP Server DisplayString Input Handling Buffer Overflow
Vulnerability |
reset-server |
updated associated default action to reset |
7.1.0 |
|||
|
high |
35371 |
GIMP Script-Fu Server Buffer Overflow Vulnerability |
CVE-2012-2763 |
reset-server |
updated associated default action to reset |
7.1.0 |
||
|
high |
35374 |
SAP NetWeaver Dispatcher DiagTraceR3Info Buffer Overflow
Vulnerability |
CVE-2012-2611 |
reset-server |
updated associated default action to reset |
7.1.0 |
||
|
high |
35411 |
Digium Asterisk UDPTL Processing Heap Buffer Overflow
Vulnerability |
CVE-2011-1147 |
reset-server |
updated associated default action to reset |
7.1.0 |
||
|
high |
35433 |
Novell eDirectory NCP Stack Overflow Vulnerability |
CVE-2012-0432 |
reset-server |
updated associated default action to reset |
7.1.0 |
||
|
high |
35582 |
Sielco Sistemi WinlogLite Buffer Overflow Vulnerability |
CVE-2012-3815 |
reset-server |
updated associated default action to reset |
7.1.0 |
||
|
high |
35594 |
Novell ZENworks Configuration Management Preboot Opcode 0x4c
Buffer Overflow Vulnerability |
CVE-2011-3176 |
reset-server |
updated associated default action to reset |
7.1.0 |
||
|
high |
35650 |
Schneider Electric Interactive Graphical SCADA Buffer Overflow
Vulnerability |
CVE-2013-0657 |
reset-server |
updated associated default action to reset |
7.1.0 |
||
|
high |
35678 |
Trend Micro Control Manager CmdProcessor AddTask Remote Code
Execution Vulnerability |
CVE-2011-5001 |
reset-server |
updated associated default action to reset |
7.1.0 |
||
|
high |
35691 |
IGSS DataServer ListAll Parameter Parsing Buffer Overflow
Vulnerability |
CVE-2011-1567 |
reset-server |
updated associated default action to reset |
7.1.0 |
||
|
high |
35700 |
Siemens SIMATIC WinCC Flexible Runtime Stack Overflow
Vulnerability |
CVE-2011-4875 |
reset-server |
updated associated default action to reset |
7.1.0 |
||
|
high |
36019 |
3S Smart Software Solutions CoDeSys Gateway Server Heap Overflow
Vulnerability |
CVE-2012-4706 |
reset-server |
updated associated default action to reset |
7.1.0 |
||
|
high |
36087 |
CitectSCADA ODBC Server Remote Stack Based Buffer Overflow
Vulnerability |
CVE-2008-2639 |
reset-server |
updated associated default action to reset |
7.1.0 |
||
|
high |
36726 |
CA eTrust Secure Content Manager Gateway FTP PASV Stack Overflow
Vulnerability |
CVE-2008-2541 |
reset-client |
updated associated default action to reset |
7.1.0 |
||
|
high |
36886 |
GoldenFTP PASS Stack Buffer Overflow Vulnerability |
CVE-2006-6576 |
reset-both |
updated associated default action to reset |
7.1.0 |
||
|
high |
36912 |
SolarFTP Server PASV Buffer Overflow Vulnerability |
reset-server |
updated associated default action to reset |
7.1.0 |
|||
|
critical |
36957 |
Microsoft Windows Search Remote Code Execution Vulnerability |
CVE-2017-8543 |
reset-server |
updated associated default action to reset |
7.1.0 |
||
|
high |
36977 |
ISC DHCP Server BOOTP Packet Denial of Service Vulnerability |
CVE-2011-2749 |
reset-server |
updated associated default action to reset |
7.1.0 |
||
|
high |
37085 |
EMC Replication Manager Command Execution Vulnerability |
CVE-2011-0647 |
reset-server |
updated associated default action to reset |
7.1.0 |
||
|
high |
37248 |
HP Data Protector DtbClsLogin Remote Code Execution Vulnerability |
CVE-2010-3007 |
reset-server |
updated associated default action to reset |
7.1.0 |
||
|
medium |
37363 |
WordPress Information Disclosure Vulnerabilities |
CVE-2015-1579 |
alert |
updated associated metadata information |
7.1.0 |
||
|
critical |
38390 |
ProFTPD Unauthorized Remote File Upload Vulnerability |
CVE-2015-3306 |
reset-server |
updated associated default action to reset |
7.1.0 |
||
|
high |
39272 |
Quagga BGP Daemon bgp_capability_msg_parse Denial-of-Service
Vulnerability |
CVE-2018-5381 |
reset-server |
updated associated default action to reset |
7.1.0 |
||
|
high |
39587 |
Netis/Netcore Router Default Credential Remote Code Execution
Vulnerability |
reset-server |
updated associated default action to reset |
7.1.0 |
|||
|
high |
39639 |
Network Time Protocol CRYPTO_NAK Crash Vulnerability |
CVE-2016-4957 |
reset-server |
updated associated default action to reset |
7.1.0 |
||
|
critical |
40384 |
Java/Python FTP Injection Vulnerability |
reset-server |
updated associated default action to reset |
7.1.0 |
|||
|
high |
54401 |
Linux Kernel iSCSI Login Key Heap Buffer Overflow Vulnerability |
CVE-2013-2850 |
reset-server |
updated associated default action to reset |
8.1.0 |
||
|
high |
54402 |
OpenAFS GetStatistics64 AFS Rx Packet statsVersion Heap Buffer
Overflow Vulnerability |
CVE-2014-0159 |
reset-server |
updated associated default action to reset |
8.1.0 |
||
|
high |
54486 |
KarjaSoft Sami FTP Server 2.0.2 Remote Stack Based Buffer
Overflow Vulnerability |
CVE-2006-2212 |
reset-server |
updated associated default action to reset |
7.1.0 |
||
|
critical |
54956 |
libVNC LibVNCServer File Transfer Extension Heap-based Buffer
Overflow Vulnerability |
CVE-2018-15127 |
reset-server |
updated associated default action to reset |
7.1.0 |
||
|
critical |
55035 |
LibVNCClient and TightVNC vncviewer CoRRE Buffer Overflow
Vulnerability |
CVE-2018-20020 |
reset-client |
updated associated default action to reset |
7.1.0 |
||
|
high |
55818 |
Microsoft Windows SMB Remote Code Execution Vulnerability |
CVE-2019-0630 |
reset-server |
updated associated default action to reset |
8.1.0 |
||
|
critical |
56091 |
Fuji Electric V-Server Weak Cryptography Vulnerability |
CVE-2019-3947 |
reset-both |
updated associated default action to reset |
7.1.0 |
||
|
high |
56536 |
BACnet Stack 0.8.6 Denial-of-Service Vulnerability |
CVE-2019-12480 |
reset-server |
updated associated default action to reset |
7.1.0 |
||
|
high |
56660 |
SolarWinds DameWare Mini Remote Control RsaSignatureLen
Out-of-Bounds Read Vulnerability |
CVE-2019-3957 |
reset-server |
updated associated default action to reset |
8.1.0 |
||
|
high |
56696 |
SolarWinds DameWare Mini Remote Control CltDHPubKeyLen
Out-of-Bounds Read Vulnerability |
CVE-2019-3956 |
reset-server |
updated associated default action to reset |
8.1.0 |
||
|
critical |
57061 |
TurboVNC Fence Message Stack-based Buffer Overflow Vulnerability |
CVE-2019-15683 |
reset-server |
updated associated default action to reset |
7.1.0 |
||
|
critical |
57207 |
OpenSLP Project and VMWare OpenSLP Heap Buffer Overflow
Vulnerability |
CVE-2019-5544 |
reset-server |
updated associated default action to reset |
7.1.0 |
||
|
critical |
57715 |
HiSilicon DVR Telnet Backdoor Account Vulnerability |
reset-server |
updated associated default action to reset |
7.1.0 |
|||
|
critical |
57737 |
Anviz CrossChex Buffer Overflow Vulnerability |
CVE-2019-12518 |
reset-server |
updated associated default action to reset |
7.1.0 |
||
|
high |
57847 |
Netgear R6400 Buffer Overflow Vulnerability |
CVE-2020-9373 |
reset-server |
updated associated default action to reset |
7.1.0 |
||
|
high |
57905 |
Memcached try_read_command_binary Stack Buffer Overflow
Vulnerability |
CVE-2020-10931 |
reset-server |
updated associated default action to reset |
8.1.0 |
||
|
high |
57964 |
Microsoft Windows SMB Remote Code Execution Vulnerability |
CVE-2019-0630 |
reset-server |
updated associated default action to reset |
8.1.0 |
||
|
high |
59011 |
Valhala Honeypot Stack Buffer Overflow Vulnerability |
reset-server |
updated associated default action to reset |
7.1.0 |
Disabled Vulnerability
Signatures (1)
|
Severity |
ID |
Attack Name |
CVE ID |
Vendor ID |
Default Action |
Minimum PAN-OS Version |
Maximum PAN-OS Version |
|
high |
36075 |
ISC BIND OPT Record Handling Denial of Service Vulnerability |
CVE-2002-1220 |
alert |
7.1.0 |
Comments
Post a Comment