This SRU number: 2019-03-27-001
Previous SRU number: 2019-03-25-001
Applies to:
This SEU number: 1993
Previous SEU: 1992
Applies to:
This is the complete list of rules added in SRU 2019-03-27-001 and SEU 1993.
The format of the file is:
GID - SID - Rule Group - Rule Message - Policy State
The Policy State refers to each default Cisco Talos policy, Connectivity, Balanced, Security, and Maximum Detection.
The default passive policy state is the same as the Balanced policy state with the exception of alert being used instead of drop.
Note: Unless stated explicitly, the rules are for the series of products listed above.
| GID | SID | Rule Group | Rule Message | Policy State | |||
|---|---|---|---|---|---|---|---|
| Con. | Bal. | Sec. | Max. | ||||
| 1 | 49573 | FILE-MULTIMEDIA | RealNetworks RealPlayer mpeg width integer memory underflow attempt | off | off | off | off |
| 1 | 49574 | FILE-MULTIMEDIA | RealNetworks RealPlayer mpeg width integer memory underflow attempt | off | off | off | off |
| 1 | 49575 | FILE-IMAGE | SketchUp BMP RLE8 parsing buffer overflow attempt | off | off | off | off |
| 1 | 49576 | FILE-IMAGE | SketchUp BMP RLE8 parsing buffer overflow attempt | off | off | off | off |
| 1 | 49577 | SERVER-WEBAPP | ElectronJS Exodus remote code execution attempt | off | off | off | drop |
| 1 | 49578 | SERVER-WEBAPP | ElectronJS Exodus remote code execution attempt | off | off | off | drop |
| 1 | 49579 | SERVER-WEBAPP | ElectronJS Exodus remote code execution attempt | off | off | off | drop |
| 1 | 49580 | SERVER-WEBAPP | ElectronJS Exodus remote code execution attempt | off | off | off | drop |
| 1 | 49581 | SERVER-WEBAPP | ElectronJS Exodus remote code execution attempt | off | off | off | drop |
| 1 | 49582 | SERVER-WEBAPP | ElectronJS Exodus remote code execution attempt | off | off | off | drop |
| 1 | 49583 | FILE-FLASH | Adobe Flash Player byteArray inflate information disclosure attempt | off | off | off | off |
| 1 | 49584 | FILE-FLASH | Adobe Flash Player byteArray inflate information disclosure attempt | off | off | off | off |
| 1 | 49585 | FILE-FLASH | Adobe Flash Player byteArray uncompress information disclosure attempt | off | off | off | off |
| 1 | 49586 | FILE-FLASH | Adobe Flash Player byteArray uncompress information disclosure attempt | off | off | off | off |
| 1 | 49587 | SERVER-WEBAPP | CMSsite 1.0 SQL injection attempt | off | off | drop | drop |
| 3 | 49588 | SERVER-WEBAPP | Cisco IOS XE webui debugBundle command injection attempt | off | off | drop | drop |
| 3 | 49589 | SERVER-WEBAPP | Cisco IOS XE webui debugBundle command injection attempt | off | off | drop | drop |
| 3 | 49590 | SERVER-WEBAPP | Cisco IOS XE webui debugBundle command injection attempt | off | off | drop | drop |
| 3 | 49591 | SERVER-WEBAPP | Cisco IOS XE webui directory traversal attempt | off | off | drop | drop |
| 1 | 49592 | MALWARE-CNC | Win.Trojan.SectorA05 outbound connection attempt | off | drop | drop | drop |
| 1 | 49593 | MALWARE-CNC | Win.Trojan.SectorA05 outbound connection attempt | off | drop | drop | drop |
| 1 | 49594 | MALWARE-CNC | Win.Trojan.SectorA05 outbound connection attempt | off | drop | drop | drop |
| 1 | 49595 | MALWARE-CNC | Win.Trojan.SectorA05 outbound connection attempt | off | drop | drop | drop |
| 1 | 49596 | MALWARE-CNC | Win.Trojan.GlobeImposter malicious executable download attempt | off | drop | drop | drop |
| 1 | 49597 | MALWARE-CNC | Win.Trojan.GlobeImposter malicious executable download attempt | off | drop | drop | drop |
| 1 | 49598 | SERVER-WEBAPP | Fiberhome AN5506-04-F RP2669 cross site scripting attempt | off | off | drop | drop |
| 1 | 49599 | FILE-PDF | Adobe Acrobat Reader untrusted pointer dereference attempt detected | off | drop | drop | drop |
| 1 | 49600 | FILE-PDF | Adobe Acrobat Reader untrusted pointer dereference attempt detected | off | drop | drop | drop |
| 1 | 49601 | SERVER-OTHER | Century Star SCADA directory traversal attempt | off | off | off | off |
| 1 | 49602 | SERVER-OTHER | Century Star SCADA directory traversal attempt | off | off | off | off |
| 1 | 49603 | SERVER-WEBAPP | Trend Micro Control Manager SQL injection attempt | off | off | drop | drop |
| 1 | 49604 | SERVER-WEBAPP | Trend Micro Control Manager SQL injection attempt | off | off | drop | drop |
| 1 | 49605 | SERVER-WEBAPP | Trend Micro Control Manager SQL injection attempt | off | off | drop | drop |
| 3 | 49608 | SERVER-WEBAPP | Cisco IOS XE webui execPython access attempt | off | off | drop | drop |
| 3 | 49609 | SERVER-WEBAPP | Cisco IOS XE webui cdp resource command injection attempt | off | off | drop | drop |
| 3 | 49610 | SERVER-WEBAPP | Cisco IOS XE webui dhcp resource command injection attempt | off | off | drop | drop |
| 3 | 49612 | POLICY-OTHER | Cisco Virtual Switching System standby interested message detected | off | off | off | off |
| 3 | 49613 | POLICY-OTHER | Cisco Virtual Switching System master request message detected | off | off | off | off |
| 3 | 49614 | SERVER-WEBAPP | Cisco IOS XE webui rathrottler command injection attempt | off | drop | drop | drop |
| 3 | 49615 | SERVER-WEBAPP | Cisco IOS XE webui rathrottler command injection attempt | off | drop | drop | drop |
| 3 | 49616 | SERVER-WEBAPP | Cisco IOS XE webui rathrottler command injection attempt | off | drop | drop | drop |
| GID | SID | Rule Group | Rule Message | Policy State | |||
|---|---|---|---|---|---|---|---|
| Con. | Bal. | Sec. | Max. | ||||
| 3 | 49606 | PROTOCOL-VOIP | Cisco IOS SIP calling display name denial of service attempt | off | off | off | off |
| 3 | 49607 | PROTOCOL-VOIP | Cisco IOS SIP calling display name denial of service attempt | off | off | off | off |
| 3 | 49611 | SERVER-WEBAPP | Cisco IOS XE webui information disclosure attempt | off | off | drop | drop |
Updated rules can be found at this link.