Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Update Details

Security Intelligence Center
Print

Update #3436 (11/16/2021)

4 new signatures:

HIGHRPC:DCERPC:ADVNTC-WEB-IOCTL-BO2RPC: Advantech WebAccess IOCTL 10001 BwImgExe Stack-based Buffer Overflow
HIGHHTTP:ADVANTECH-HMI-MEM-CORRUPTHTTP: Advantech WebAccess HMI Designer PM3 Memory Corruption
MEDIUMHTTP:CTS:SOLARWINDS-INSEC-DESERHTTP: SolarWinds Orion Platform RenderControl.aspx Insecure Deserialization
LOWHTTP:XSS:SONATYPE-NEXUS-RM-XSSHTTP: Sonatype Nexus Repository Manager CVE-2021-37152 Cross-Site Scripting


Details of the signatures included within this bulletin:

RPC:DCERPC:ADVNTC-WEB-IOCTL-BO2 - RPC: Advantech WebAccess IOCTL 10001 BwImgExe Stack-based Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Advantech WebAccess IOCTL 10001. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the current server.

Supported On:

idp-5.1.110161014, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, mx-16.1, srx-branch-19.2, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-12.1, srx-branch-12.1, idp-4.2.110100823, srx-19.4, idp-5.0.110130325, srx-branch-19.4, vsrx3bsd-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, srx-branch-19.1, vsrx-15.1, idp-4.1.110110609, srx-19.2, vsrx-19.4

References:

  • url: https://downloadt.advantech.com/download/downloadsr.aspx?File_Id=1-25DBSA9
  • url: http://www.zerodayinitiative.com/advisories/ZDI-21-778/

HTTP:ADVANTECH-HMI-MEM-CORRUPT - HTTP: Advantech WebAccess HMI Designer PM3 Memory Corruption

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Advantech WebAccess HMI Designer. A successful attack can lead to a Memory Corruption and arbitrary remote code execution within the context of the Advantech WebAccess HMI Designer.

Supported On:

idp-5.1.110161014, idp-4.1.0, mx-16.1, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, j-series-9.5, mx-11.4, srx-12.1, srx-branch-12.1, vsrx-12.1, vsrx-15.1

References:

  • cve: CVE-2021-33004

Affected Products:

  • Advantech webaccess/hmi_designer 2.1.9.95

HTTP:CTS:SOLARWINDS-INSEC-DESER - HTTP: SolarWinds Orion Platform RenderControl.aspx Insecure Deserialization

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against SolarWinds Orion Core Platform. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

  • cve: CVE-2021-35215
  • url: https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35215
  • url: http://www.zerodayinitiative.com/advisories/ZDI-21-1245/

Affected Products:

  • Solarwinds orion_platform 2020.2.5

HTTP:XSS:SONATYPE-NEXUS-RM-XSS - HTTP: Sonatype Nexus Repository Manager CVE-2021-37152 Cross-Site Scripting

Severity: LOW

Description:

This signature detects attempts to exploit a known cross-site scripting vulnerability against Sonatype Nexus Repository Manager. It is due to insufficient validation of user-supplied input. Attackers can steal cookie-based authentication credentials and launch other attacks.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

  • cve: CVE-2021-37152

Affected Products:

  • Sonatype nexus_repository_manager 3.0.0
Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out