Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Update Details

Security Intelligence Center
Print

Update #3327 (11/05/2020)

8 new signatures:

HIGHHTTP:STC:ADOBE:CVE2020-24426-OBHTTP: Adobe Acrobat Reader CVE-2020-24426 Out-Of-Bounds Read
HIGHHTTP:STC:DL:CVE-2020-16998-PEHTTP: Microsoft Windows DXG Kernel Driver CVE-2020-16698 Privilege Escalation
CRITICALHTTP:MISC:RUCKUS-IOT-AUTH-BYPASHTTP: Ruckus IoT Controller Web UI Authentication Bypass
HIGHHTTP:STC:IE:CVE-2020-17052-MCHTTP: Microsoft Internet Explorer Scripting Engine CVE-2020-17052 Memory Corruption
HIGHHTTP:STC:ADOBE:CVE-2020-24438HTTP: Adobe Acrobat Reader CVE-2020-24438 Use After Free
CRITICALHTTP:ORACLE:WLOGIC-UNAUTH-RCEHTTP: Oracle Weblogic Server CVE-2020-14882 Remote Code Execution
MEDIUMHTTP:TEAMVIEWER-RCEHTTP: Teamviewer CVE-2020-13699 Remote Code Execution
HIGHHTTP:STC:DL:CVE-2020-17038-EOPHTTP: Microsoft Windows Win32K Kernel Driver CVE-2020-17038 Elevation of Privilege

7 new application2 signatures:

Infrastructure:YOKOGAWA-PROTOCOLThis layer classifies only a limited number of protocols known to be used by Yokogowa hardware.
Infrastructure:MT-SICSStandard Interface Command Set (SICS) is a protocol to control Mettler Toledo industrial scales.
Infrastructure:KEYENCE-BARECODEThis plugin classifies the control protocol of Keyence Barecode scanners, that is also used by AutoID Network Navigator, their setup software.
Infrastructure:SCHNEIDER-IONIntegrated Object Network (ION) is a proprietary SCADA protocol for Schneider Electrics smart meters.
Infrastructure:EQUIP-COMMANDThis layer classifies EquipCommand protocol from TotalTrax equipment (SX/VX series), it solely handles the non-ciphered part of this protocol.
Infrastructure:SIEMENS-APOGEEThis plugin classifies the main data protocol used by Siemens Apogee HVAC product line. This device also uses BACnet and other control protocols that are not covered here.
Infrastructure:FANUC-GENThis layer gathers signatures of protocols used by Fanuc equipments. This layer does not cover ALL protocols generated by Fanuc equipments.

3 updated signatures:

HIGHHTTP:DIR:ADVTECH-WA-NMS-DIRTRVHTTP: Advantech WebAccess NMS Multiple Arbitrary Directory Traversal
CRITICALHTTP:CTS:ADVTECH-NMS-ARB-UPLOADHTTP: Advantech WebAccess NMS SupportDeviceaddAction Arbitrary File Upload
MEDIUMHTTP:STC:ENCODING-TYPE-EVASIONHTTP: HTTP Illegal Chars After Encoding Type Evasion Attempt


Details of the signatures included within this bulletin:

HTTP:STC:ADOBE:CVE2020-24426-OB - HTTP: Adobe Acrobat Reader CVE-2020-24426 Out-Of-Bounds Read

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Adobe Acrobat Reader. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.1.0, mx-16.1, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, j-series-9.5, mx-11.4, srx-12.1, srx-branch-12.1, vsrx-12.1, vsrx-15.1

References:

  • cve: CVE-2020-24426

HTTP:DIR:ADVTECH-WA-NMS-DIRTRV - HTTP: Advantech WebAccess NMS Multiple Arbitrary Directory Traversal

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Advantech WebAccess NMS. A successful attack can lead to directory traversal and arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

  • url: http://www.zerodayinitiative.com/advisories/ZDI-20-379/
  • cve: CVE-2020-10619
  • url: http://www.zerodayinitiative.com/advisories/ZDI-20-384/
  • cve: CVE-2020-10631

HTTP:STC:DL:CVE-2020-16998-PE - HTTP: Microsoft Windows DXG Kernel Driver CVE-2020-16698 Privilege Escalation

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Windows DXG Kernel Driver. A successful attack can lead to elevation of privilege and arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

  • cve: CVE-2020-16998

HTTP:STC:ENCODING-TYPE-EVASION - HTTP: HTTP Illegal Chars After Encoding Type Evasion Attempt

Severity: MEDIUM

Description:

This signature detects HTTP illegal characters after encoding type evasion attempt.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

HTTP:MISC:RUCKUS-IOT-AUTH-BYPAS - HTTP: Ruckus IoT Controller Web UI Authentication Bypass

Severity: CRITICAL

Description:

This signature detects attempts to exploit a known vulnerability against Ruckus IoT Controller Web UI. A successful attack can lead to security bypass.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

  • cve: CVE-2020-26879
  • url: https://support.ruckuswireless.com/security_bulletins/305

HTTP:STC:IE:CVE-2020-17052-MC - HTTP: Microsoft Internet Explorer Scripting Engine CVE-2020-17052 Memory Corruption

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Internet Explorer. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

  • cve: CVE-2020-17052

HTTP:STC:ADOBE:CVE-2020-24438 - HTTP: Adobe Acrobat Reader CVE-2020-24438 Use After Free

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Adobe Acrobat Reader. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.1.0, mx-16.1, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, j-series-9.5, mx-11.4, srx-12.1, srx-branch-12.1, vsrx-12.1, vsrx-15.1

References:

  • url: https://helpx.adobe.com/security/products/acrobat/apsb20-67.html
  • cve: CVE-2020-24438

HTTP:ORACLE:WLOGIC-UNAUTH-RCE - HTTP: Oracle Weblogic Server CVE-2020-14882 Remote Code Execution

Severity: CRITICAL

Description:

This signature detects attempts to exploit a known vulnerability against Oracle WebLogic Server. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

  • cve: CVE-2020-14750
  • cve: CVE-2020-14882

Infrastructure:FANUC-GEN - FANUC-GEN

Description:

This layer gathers signatures of protocols used by Fanuc equipments. This layer does not cover ALL protocols generated by Fanuc equipments.

Supported On:

mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1

HTTP:CTS:ADVTECH-NMS-ARB-UPLOAD - HTTP: Advantech WebAccess NMS SupportDeviceaddAction Arbitrary File Upload

Severity: CRITICAL

Description:

This signature detects attempts to exploit a known vulnerability against Advantech WebAccess NMS. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

  • url: http://www.zerodayinitiative.com/advisories/ZDI-20-385/
  • cve: CVE-2020-10621
  • url: http://www.zerodayinitiative.com/advisories/zdi-20-397/

Infrastructure:YOKOGAWA-PROTOCOL - YOKOGAWA-PROTOCOL

Description:

This layer classifies only a limited number of protocols known to be used by Yokogowa hardware.

Supported On:

mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1

HTTP:TEAMVIEWER-RCE - HTTP: Teamviewer CVE-2020-13699 Remote Code Execution

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Teamviewer. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

  • cve: CVE-2020-13699
  • url: https://security-tracker.debian.org/tracker/CVE-2020-13699

Infrastructure:MT-SICS - MT-SICS

Description:

Standard Interface Command Set (SICS) is a protocol to control Mettler Toledo industrial scales.

Supported On:

mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1

Infrastructure:KEYENCE-BARECODE - KEYENCE-BARECODE

Description:

This plugin classifies the control protocol of Keyence Barecode scanners, that is also used by AutoID Network Navigator, their setup software.

Supported On:

mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1

Infrastructure:SCHNEIDER-ION - SCHNEIDER-ION

Description:

Integrated Object Network (ION) is a proprietary SCADA protocol for Schneider Electrics smart meters.

Supported On:

mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1

Infrastructure:EQUIP-COMMAND - EQUIP-COMMAND

Description:

This layer classifies EquipCommand protocol from TotalTrax equipment (SX/VX series), it solely handles the non-ciphered part of this protocol.

Supported On:

mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1

Infrastructure:SIEMENS-APOGEE - SIEMENS-APOGEE

Description:

This plugin classifies the main data protocol used by Siemens Apogee HVAC product line. This device also uses BACnet and other control protocols that are not covered here.

Supported On:

mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1

HTTP:STC:DL:CVE-2020-17038-EOP - HTTP: Microsoft Windows Win32K Kernel Driver CVE-2020-17038 Elevation of Privilege

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Windows Win32K Kernel Driver. A successful attack can lead to elevation of privilege and arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

  • cve: CVE-2020-17038
Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out