Cisco Talos Update for FireSIGHT Management Center

Date: 2019-01-24

This SRU number: 2019-01-24-001
Previous SRU number: 2019-01-22-001

Applies to:

3D Sensor versions: 5.x / 6.x
Cisco FireSIGHT Management Center versions: 5.x / 6.x

This SEU number: 1964
Previous SEU: 1962

Applies to:

3D Sensor Versions: 4.10
Cisco FireSIGHT Management Center versions: 4.10

This is the complete list of rules added in SRU 2019-01-24-001 and SEU 1964.

The format of the file is:

GID - SID - Rule Group - Rule Message - Policy State

The Policy State refers to each default Cisco Talos policy, Connectivity, Balanced, Security, and Maximum Detection.

The default passive policy state is the same as the Balanced policy state with the exception of alert being used instead of drop.

Note: Unless stated explicitly, the rules are for the series of products listed above.

New Rules:

**High Priority**
GID	SID	Rule Group	Rule Message	Policy State
GID	SID	Rule Group	Rule Message	Con.	Bal.	Sec.	Max.
3	48946	SERVER-WEBAPP	Cisco RV Series Routers command injection attempt	off	off	drop	drop
3	48947	SERVER-WEBAPP	Cisco RV Series Routers command injection attempt	off	off	drop	drop
3	48948	SERVER-WEBAPP	Cisco RV Series Routers command injection attempt	off	off	drop	drop
3	48950	FILE-OTHER	Cisco WebEx Network Recording Player memory corruption attempt	off	off	drop	drop
3	48951	FILE-OTHER	Cisco WebEx Network Recording Player memory corruption attempt	off	off	drop	drop
3	48952	FILE-OTHER	Cisco WebEx Network Recording Player memory corruption attempt	off	off	drop	drop
3	48953	FILE-OTHER	Cisco WebEx Network Recording Player memory corruption attempt	off	off	drop	drop
3	48954	FILE-OTHER	Cisco WebEx Network Recording Player memory corruption attempt	off	off	drop	drop
3	48955	FILE-OTHER	Cisco WebEx Network Recording Player memory corruption attempt	off	off	drop	drop
3	48956	FILE-OTHER	Cisco WebEx Network Recording Player memory corruption attempt	off	off	drop	drop
3	48957	FILE-OTHER	Cisco WebEx Network Recording Player memory corruption attempt	off	off	drop	drop
3	48958	FILE-OTHER	Cisco WebEx Network Recording Player memory corruption attempt	off	off	drop	drop
3	48959	FILE-OTHER	Cisco WebEx Network Recording Player memory corruption attempt	off	off	drop	drop
3	48960	BROWSER-OTHER	Cisco Webex Teams URI scheme remote code execution attempt	off	off	drop	drop
3	48961	BROWSER-OTHER	Cisco Webex Teams URI scheme remote code execution attempt	off	off	drop	drop
1	48963	OS-WINDOWS	Microsoft Windows Task Scheduler privileged file overwrite attempt	off	drop	drop	drop
1	48964	OS-WINDOWS	Microsoft Windows Task Scheduler privileged file overwrite attempt	off	drop	drop	drop
1	48965	FILE-PDF	Adobe Reader PPKLite security handler memory corruption vulnerability attempt	off	off	off	off
1	48966	FILE-PDF	Adobe Reader PPKLite security handler memory corruption vulnerability attempt	off	off	off	off
1	48967	FILE-PDF	Adobe Reader PPKLite security handler memory corruption vulnerability attempt	off	off	off	off
1	48968	FILE-PDF	Adobe Reader PPKLite security handler memory corruption vulnerability attempt	off	off	off	off
1	48969	FILE-OTHER	Microsoft Windows Contact file remote code execution attempt	off	off	off	drop
1	48970	FILE-OTHER	Microsoft Windows VCF file remote code execution attempt	off	off	off	drop
1	48971	FILE-OTHER	Microsoft Windows Contact file remote code execution attempt	off	off	off	drop
1	48972	FILE-OTHER	Microsoft Windows VCF file remote code execution attempt	off	off	off	drop
1	48973	FILE-PDF	Adobe Acrobat PDF calculate tag use-after-free attempt	off	drop	drop	drop
1	48974	FILE-PDF	Adobe Acrobat PDF calculate tag use-after-free attempt	off	drop	drop	drop

**Medium Priority**
GID	SID	Rule Group	Rule Message	Policy State
GID	SID	Rule Group	Rule Message	Con.	Bal.	Sec.	Max.
3	48949	SERVER-WEBAPP	Cisco RV Series Routers information disclosure attempt	off	off	drop	drop
3	48962	SERVER-OTHER	Cisco IoT Field Network Director UDP flood attempt	off	off	off	drop

Updated Rules:

Updated rules can be found at this link.