Cisco Talos Update for FireSIGHT Management Center

Date: 2019-02-28

This SRU number: 2019-02-28-001
Previous SRU number: 2019-02-26-001

Applies to:

This SEU number: 1981
Previous SEU: 1979

Applies to:

This is the complete list of rules added in SRU 2019-02-28-001 and SEU 1981.

The format of the file is:

GID - SID - Rule Group - Rule Message - Policy State

The Policy State refers to each default Cisco Talos policy, Connectivity, Balanced, Security, and Maximum Detection.

The default passive policy state is the same as the Balanced policy state with the exception of alert being used instead of drop.

Note: Unless stated explicitly, the rules are for the series of products listed above.

New Rules:

High Priority
GIDSIDRule GroupRule MessagePolicy State
Con.Bal.Sec.Max.
349293NETBIOSCisco WebEx WebExService.exe remote code execution attemptoffdropdropdrop
149294FILE-PDFAdobe Acrobat out of bounds read attemptoffdropdropdrop
149295FILE-PDFAdobe Acrobat out of bounds read attemptoffdropdropdrop
349296SERVER-WEBAPPCisco RV Series Routers stack buffer overflow attemptoffoffdropdrop
149297FILE-OTHERIBM Lotus Notes LZH Attachment Viewer buffer overflow attemptoffoffoffoff
149298SERVER-WEBAPPNoneCms V1.3 PHP code execution attemptoffoffdropdrop
149299FILE-OFFICEMicrosoft Access arbitrary code execution attemptoffoffoffoff
149300FILE-OFFICEMicrosoft Access arbitrary code execution attemptoffoffoffoff
149301SERVER-WEBAPPTrend Micro Smart Protection Server SQL injection attemptoffoffdropdrop
149302SERVER-WEBAPPTrend Micro Smart Protection Server SQL injection attemptoffoffdropdrop
149303SERVER-WEBAPPTrend Micro Smart Protection Server SQL injection attemptoffoffdropdrop
149304SERVER-OTHERGoogle Golang GET command injection attemptoffoffdropdrop
149305FILE-PDFAdobe Acrobat Reader PostScript file out of bounds read attemptoffdropdropdrop
149306FILE-PDFAdobe Acrobat Reader PostScript file out of bounds read attemptoffdropdropdrop
149307FILE-PDFAdobe Acrobat malformed PDF out of bounds read attemptoffdropdropdrop
149308FILE-PDFAdobe Acrobat malformed PDF out of bounds read attemptoffdropdropdrop
149309FILE-PDFAdobe Acrobat malformed PDF objects use after free attemptoffdropdropdrop
149310FILE-PDFAdobe Acrobat malformed PDF objects use after free attemptoffdropdropdrop
149311FILE-FLASHAdobe Flash Player writeExternal type confusion attemptoffdropdropdrop
149312FILE-FLASHAdobe Flash Player writeExternal type confusion attemptoffdropdropdrop
149313FILE-PDFAdobe Acrobat XFA JavaScript manipulation out of bounds read attemptoffdropdropdrop
149314FILE-PDFAdobe Acrobat XFA JavaScript manipulation out of bounds read attemptoffdropdropdrop
149315FILE-PDFAdobe Acrobat out of bounds read attemptoffdropdropdrop
149316FILE-PDFAdobe Acrobat out of bounds read attemptoffdropdropdrop
149317FILE-PDFAdobe Acrobat out of bounds read attemptoffdropdropdrop
149318FILE-PDFAdobe Acrobat out of bounds read attemptoffdropdropdrop
149319SERVER-WEBAPPCentOS Web Panel persistent cross site scripting attemptoffoffoffoff
149320SERVER-WEBAPPCentOS Web Panel persistent cross site scripting attemptoffoffoffoff
149321SERVER-WEBAPPCentOS Web Panel persistent cross site scripting attemptoffoffoffoff
149322SERVER-WEBAPPCentOS Web Panel persistent cross site scripting attemptoffoffoffoff
149323FILE-OFFICEMicrosoft Office Excel Lel record memory corruption attemptoffoffoffoff
149324FILE-OFFICEMicrosoft Office Excel Lel record memory corruption attemptoffoffoffoff
149325FILE-OTHERMicrosoft Windows Avast Anti-Virus local credentials disclosure attemptoffoffoffoff

Updated Rules:

Updated rules can be found at this link.