Cisco Threat Defense Bulletin S1018 May 21, 2018

CSIO banner left
Globe banner right


In This Issue
News and Important Notices
Release Summary
New Vulnerability and Exploit Protections
Retired Signatures
Security Research Library

Cisco Security
Threat Map
Identify, Analyze, Defend
Comprehensive threat intelligence, analysis, and defense to help inform and protect organizations.


 
View the web version of this bulletin.

Download the S1018 sensor package (sensor only).


Click
here to subscribe or unsubscribe; you can also use the links at the end of the bulletin.

News and Important Notices


Signature Updates for all legacy Cisco IPS Systems ceased April 26. 2018.

CIPS End of Sale Announcement, please visit:
End-of-Sale for Cisco Services for Intrusion Prevention System Support Program

For the list of products currently past their End of Support Date, please visit:
End of Service/End of Life for Signature Services for Intrusion Detection and Prevention

For information about migration options from legacy IPS products to the Firepower line, please visit:
Cisco Intrusion Prevention System (CIPS) Migration Path Awareness Communication for End of Life/End of Sale ASA/IPS Product Lines

Cisco IPS Signature Service End-Of-Service FAQ





Release S1018 - May 21, 2018
Release Summary
Vulnerability CVE Severity Risk Rating Signature ID History Status
Linksys WVBR0-25 Wirel... CVE-2017-17411 High 85 8233.0 New Enabled
Adobe Acrobat Reader H... CVE-2015-3050 High 85 6643.0 Enabled Retired
Adobe Flash Player Mem... CVE-2015-3088 High 85 6631.0 Enabled Retired
Adobe Flash Player Sam... CVE-2015-3098 High 80 6576.0 Enabled Retired
Microsoft Internet Exp... CVE-2015-2401 High 80 6617.0 Enabled Retired
Microsoft Internet Exp... CVE-2015-2391 High 85 6618.0 Enabled Retired
Microsoft Internet Exp... CVE-2015-2414 High 85 6632.0 Enabled Retired
Microsoft Internet Exp... CVE-2015-2411 High 85 6624.0 Enabled Retired
Microsoft Internet Exp... CVE-2015-2406 High 85 6625.0 Enabled Retired
Microsoft Internet Exp... CVE-2015-2421 High 85 6626.0 Enabled Retired
Microsoft Internet Exp... CVE-2015-2389 High 85 6616.0 Enabled Retired
Microsoft Internet Exp... CVE-2015-2386 High 85 6615.0 Enabled Retired
Microsoft Windows Adob... CVE-2015-2426 High 80 6635.0 Enabled Retired
Adobe Flash Player Byt... CVE-2015-3105 Medium 60 6575.0 Enabled Retired
Adobe Flash Player Fil... CVE-2015-3083 Medium 60 6568.0 Enabled Retired
Adobe Flash Player Sta... CVE-2015-3100 Medium 60 6578.0 Enabled Retired
New Vulnerability and Exploit Protections
Linksys WVBR0-25 Wirel...
Vulnerability Disclosed: 4/20/2018
A vulnerability in the web management portal of Linksys WVBRO-25 wireless video bridge devices could allow an unauthenticated, remote attacker to conduct a command injection attack on a targeted device. The vulnerability is due to the affected software improperly validating user-supplied input in the User-Agent header before the software executes a system call. An attacker could exploit this vulnerability by submitting a GET request that submits malicious input to a targeted device. A successful exploit could allow the attacker to execute arbitrary code with root privileges on the targeted device.
Severity Description Protected Since Signature ID Event Action
High Linksys WVBR0-25 Wireless Video Bridge Command Injection 8233.0 produce-alert

Retired Signatures

Signature ID Previous Status Signature Name Threat Name
6568.0 Enabled Adobe Flash Player File System Access Bypass Adobe Flash Player Fil...
6575.0 Enabled Adobe Flash Player ByteArray Code Execution Adobe Flash Player Byt...
6576.0 Enabled Adobe Flash Player Same Origin Policy Bypass Adobe Flash Player Sam...
6578.0 Enabled Adobe Flash Player Stack Buffer Overflow Vulnerability Adobe Flash Player Sta...
6615.0 Enabled Microsoft Internet Explorer Control Flow Guard Mitigation Bypass Microsoft Internet Exp...
6616.0 Enabled Microsoft Internet Explorer Memory Corruption Microsoft Internet Exp...
6617.0 Enabled Microsoft Internet Explorer Code Execution Microsoft Internet Exp...
6618.0 Enabled Microsoft Internet Explorer Code Execution Microsoft Internet Exp...
6624.0 Enabled Microsoft Internet Explorer Memory Corruption Microsoft Internet Exp...
6625.0 Enabled Microsoft Internet Explorer Memory Corruption Microsoft Internet Exp...
6626.0 Enabled Microsoft Internet Explorer Memory Corruption Microsoft Internet Exp...
6631.0 Enabled Adobe Flash Player Memory Corruption Adobe Flash Player Mem...
6632.0 Enabled Microsoft Internet Explorer Information Disclosure Microsoft Internet Exp...
6635.0 Enabled Microsoft Windows Kernel Buffer Overflow Microsoft Windows Adob...
6643.0 Enabled Adobe Acrobat Reader Heap Buffer Overflow Adobe Acrobat Reader H...
8212.0 New Zoho ManageEngine Applications Manager showActionProfiles.do SQL Injection Zoho ManageEngine Appl...

* Inline sensor with Event Action Override set to "deny-packet-inline" at Risk Rating 90 (Cisco default configuration)


Security Research Library
Increase your knowledge of today's vulnerabilities, tomorrow's threats, and the technology necessary to keep up.
Cisco Security
Comprehensive threat intelligence, analysis, and defense to help inform and protect organizations.

Cisco Multivendor Security Alerts
Up-to-the-minute, actionable intelligence, in-depth vulnerability analysis, and highly reliable threat validation to assist in proactive prevention.

Cisco Security Tactical Resources
Guidance on specific technologies and problem sets to help organizations secure business applications and processes by identifying, preventing, and adapting to threats.
Cisco Security Services
Professional services to support your self-defending network.
Cisco Security Blog
Collaborate with the Cisco Security Community and gain insights into emerging security threats, trends, and best practices.


This document is provided on an "as is" basis and does not imply any kind of guarantee or warranty, including the warranties of merchantability or fitness for a particular use. Your use of the information on the document or materials linked from the document is at your own risk. Cisco reserves the right to change or update this document at any time.

Contacts | Feedback | Subscribe | Unsubscribe
Terms & Conditions | Privacy Statement | Trademarks of Cisco Systems Inc.

© 1992-2018 Cisco Systems Inc. All rights reserved.

Cisco Systems, Inc.
Corporate Headquarters 
170 West Tasman Dr.
San Jose, CA 95134
USA