Cisco Threat Defense Bulletin S983 May 17, 2017

CSIO banner left
Globe banner right


In This Issue
News and Notes
Supported Sensor Software Versions
Release Summary
New Vulnerability and Exploit Protections
Retired Signatures
Sensor Update Information
Security Research Library

Cisco Security Intelligence Operations
Threat Map
Identify, Analyze, Defend
Comprehensive threat intelligence, analysis, and defense to help inform and protect organizations.


Your feedback makes our bulletin better! Please tell us what you love and what you would change at ips-news@cisco.com.

View the web version of this bulletin.

Download the S983 sensor package (sensor only).


Subscribe and Unsubscribe links are located at the bottom of the bulletin, or click here

News and Notes


End-of-Sale for Cisco Services for Intrusion Prevention System Support Program

Cisco announces the end-of-sale and end-of-life dates for the Cisco Services for Intrusion Prevention System (IPS) Support Program.
Please refer to the following link for Details:
End-of-Sale for Cisco Services for Intrusion Prevention System Support Program


To view the list of products already past the End of Signature Support, click here

Cisco Intrusion Prevention System (CIPS) Migration Path Awareness Communication for End of Life/End of Sale ASA/IPS Product Lines

Please refer to the following link for important information about the End of New Service Attach and End of Service 

Contract Renewal dates for ASA/IPS product lines:  click CIPS Migration Awareness Communication


 
Supported Sensor Software Versions

Signature updates are currently tested on the following sensor software releases according to the terms
defined in the End-of-Sale Policy for Signature File Release on Intrusion Detection and Prevention (IDS/IPS) Sensors:


7.1(11) (Released: 07/DEC/2015)

7.1(11p1) (Released: 11/APR/2016)

7.2(2) (Released: 05/FEB/2014)

7.3(5) (Released: 15/FEB/2016)


Please upgrade to the latest sensor software versions to ensure correct sensor operation and effective signature coverage.


Release S983 - May 17, 2017
Release Summary
Vulnerability CVE Severity Risk Rating Signature ID History Status
Adobe Acrobat Reader I... CVE-2017-3045 High 85 7924.0 New Enabled
Apache Struts Remote C... CVE-2017-5638 High 85 7872.2 New Enabled
Microsoft Windows SMB... High 85 7958.2 New Enabled
New Vulnerability and Exploit Protections
Apache Struts Remote C...
Vulnerability Disclosed: 3/8/2017
A vulnerability in the Jakarta multipart parser of Apache Struts could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. The vulnerability is due to improper handling of the Content-Length and Content-Disposition header values by the affected software when performing a file upload based on the Jakarta multipart parser. An attacker could exploit this vulnerability by persuading a targeted user to upload a malicious file. After the Jakarta multipart parser of the affected software uploads the file, the attacker could have the ability to execute arbitrary code.
Severity Description Protected Since Signature ID Event Action
High Apache Struts Remote Code Execution 7872.2 produce-alert

Adobe Acrobat Reader I...
Vulnerability Disclosed: 4/21/2017
A vulnerability in the JPEG 2000 parser, which is related to the palette box used in Adobe Acrobat Reader, could allow an attacker to access sensitive information. The vulnerability is due to improper parsing of user-supplied input by the affected software. An attacker could exploit this vulnerability by persuading a user on the local system to open a crafted document by using an affected application. A successful exploit could trigger a memory address leak that the attacker could leverage to access sensitive information.
Severity Description Protected Since Signature ID Event Action
High Adobe Reader Information Disclosure 7924.0 produce-alert

Microsoft Windows SMB ...
Vulnerability Disclosed: 3/16/2017
The WannaCry ransomware attack is an ongoing attack that targets the Microsoft Windows operating system and involves encrypting data and demanding ransom payments in the Bitcoin cryptocurrency. The WannaCry malware, also known as "WannaCrypt," "WanaCrypt0r 2.0," and "Wanna Decryptor," is reportedly spreading by exploiting vulnerabilities in the Microsoft Windows Server Message Block 1.0 (SMBv1) service. The WannaCry ransomware attack began on May 12, 2017 and, thus far, has infected more than 230,000 computers in more than 150 countries.
Severity Description Protected Since Signature ID Event Action
High Microsoft Windows SMB Remote Code Execution 7958.2 produce-alert
More Details:

    Retired Signatures

    Signature ID Previous Status Signature Name Threat Name
    7906.0 New EyesOfNetwork Command Injection EyesOfNetwork Command ...
    7906.1 New EyesOfNetwork Command Injection EyesOfNetwork Command ...
    7914.0 New Trend Micro SafeSync Command Injection Trend Micro SafeSync C...
    7678.0 New Trend Micro Smart Protection Command Injection Trend Micro Smart Prot...
    7935.0 New EyesOfNetwork Module Command Injection EyesOfNetwork Module C...
    7926.0 New Trend Micro Deep Discovery Inspector Command Injection Trend Micro Deep Disco...
    7947.0 New Trend Micro Threat Discovery Appliance Command Injection Trend Micro Threat Dis...
    7951.0 New Intel AMT Remote Administration Tool Authentication Bypass Intel AMT Remote Admin...
    7951.1 New Intel AMT Remote Administration Tool Authentication Bypass Intel AMT Remote Admin...

    * Inline sensor with Event Action Override set to "deny-packet-inline" at Risk Rating 90 (Cisco default configuration)

    Sensor Update Information

    Signature Updates

    Signature updates may be downloaded automatically by Cisco Security Manager (CSM), IPS Manager Express (IME) and Cisco Security Monitoring, Analysis, and Response System (CS-MARS). The following links are for manual downloads.

    Sensor Appliance Updates
    IPS 4300, and 4500 Series sensors, IDSM-2 Catalyst module, AIM-IPS module, ASA-AIP IPS module


    IOS IPS Updates
    IOS IPS in Mainline and T-Train Releases prior to 12.4(11)T (Includes NEW Basic and Advanced Set)
    IOS IPS in 12.4(11)T or later T-Train


    Cisco Security Manager
    Please click 
    here to download the latest Cisco Security Manager (CSM) signature update package.



    Security Research Library
    Increase your knowledge of today's vulnerabilities, tomorrow's threats, and the technology necessary to keep up.
    Cisco Security Intelligence Operations
    Comprehensive threat intelligence, analysis, and defense to help inform and protect organizations.
    Cyber Risk Reports
    Weekly strategic intelligence product that highlights current security activity and mid- to long-range perspectives, also available as a podcast.
    Listen
    Cisco IntelliShield Alerts
    Up-to-the-minute, actionable intelligence, in-depth vulnerability analysis, and highly reliable threat validation to assist in proactive prevention.
    Cisco Applied Mitigation Bulletins
    Techniques that use Cisco product abilities to detect and mitigate the most important security events and vulnerabilities.
    Security Multimedia Library
    Podcasts, video datasheets, webcasts and videos with solutions for today's problems.
    Cisco Security Intelligence Operations Tactical Resources
    Guidance on specific technologies and problem sets to help organizations secure business applications and processes by identifying, preventing, and adapting to threats.
    Cisco Security Services
    Professional services to support your Self-Defending Network.
    Cisco Security Solutions
    Discover the breadth of Cisco solutions available to solve your organization's security issues.
    Cisco Security Blog
    Collaborate with the Cisco Security Community and gain insights into emerging security threats, trends, and best practices.



    This document is provided on an "as is" basis and does not imply any kind of guarantee or warranty, including the warranties of merchantability or fitness for a particular use. Your use of the information on the document or materials linked from the document is at your own risk. Cisco reserves the right to change or update this document at any time.

    Contacts | Feedback | Subscribe | Unsubscribe
    Terms & Conditions | Privacy Statement | Trademarks of Cisco Systems Inc.

    © 1992-2014 Cisco Systems Inc. All rights reserved.

    Cisco Systems, Inc.
    Corporate Headquarters 
    170 West Tasman Dr.
    San Jose, CA 95134
    USA