* Talos combines our security experts from TRAC, SecApps, and VRT teams.
This SRU number: 2018-03-29-001
Previous SRU number: 2018-03-26-001
Applies to:
This SEU number: 1817
Previous SEU: 1815
Applies to:
This is the complete list of rules added in SRU 2018-03-29-001 and SEU 1817.
The format of the file is:
GID - SID - Rule Group - Rule Message - Policy State
The Policy State refers to each default Cisco Talos policy, Connectivity, Balanced, Security, and Maximum Detection.
The default passive policy state is the same as the Balanced policy state with the exception of alert being used instead of drop.
Note: Unless stated explicitly, the rules are for the series of products listed above.
| GID | SID | Rule Group | Rule Message | Policy State | |||
|---|---|---|---|---|---|---|---|
| Con. | Bal. | Sec. | Max. | ||||
| 3 | 46095 | POLICY-OTHER | Cisco IOS XE default one-time password login detected | off | off | alert | alert |
| 3 | 46096 | SERVER-OTHER | Cisco SMI invalid discovery init message memory corruption or denial of service attempt | off | drop | drop | drop |
| 1 | 46099 | MALWARE-CNC | Win.Trojan.Modimer Trojanized MediaGet outbound connection | off | drop | drop | drop |
| 1 | 46100 | SERVER-WEBAPP | Laerdal SimMan-3G arbitrary file upload attempt | off | off | drop | drop |
| 3 | 46102 | POLICY-OTHER | Flash file external url request attempt | off | off | off | off |
| 3 | 46103 | POLICY-OTHER | Flash file external url request attempt | off | off | off | off |
| 3 | 46104 | SERVER-OTHER | Cisco IOS DHCP relay agent information memory corruption attempt | off | off | drop | drop |
| 1 | 46106 | FILE-OFFICE | Microsoft Office Equation Editor RTF evasion attempt | off | off | drop | drop |
| 1 | 46107 | FILE-OFFICE | Microsoft Office Equation Editor RTF evasion attempt | off | off | drop | drop |
| 3 | 46108 | SERVER-WEBAPP | Cisco Prime Collaboration Provisioning writable file privilege escalation attempt | off | off | off | off |
| 3 | 46109 | SERVER-WEBAPP | Cisco Prime Collaboration Provisioning writable file privilege escalation attempt | off | off | off | off |
| 3 | 46110 | SERVER-OTHER | Cisco ASR1001 IKEv2 memory leak attempt | off | drop | drop | drop |
| 3 | 46111 | SERVER-OTHER | Cisco IOS Adaptive QoS message parsing stack buffer overflow attempt | off | off | drop | drop |
| 1 | 46112 | SERVER-WEBAPP | Advantech WebAccess directory traversal attempt | off | off | off | off |
| 1 | 46113 | SERVER-WEBAPP | Advantech WebAccess directory traversal attempt | off | off | off | off |
| 1 | 46114 | SERVER-WEBAPP | Advantech WebAccess directory traversal attempt | off | off | off | off |
| 1 | 46115 | SERVER-APACHE | FrontPage privilege escalation attempt | off | off | off | off |
| 1 | 46116 | SERVER-APACHE | FrontPage privilege escalation attempt | off | off | off | off |
| 1 | 46117 | FILE-OTHER | Adobe Acrobat Pro JPEG embedded XPS file heap overflow attempt | off | off | off | drop |
| 1 | 46118 | FILE-OTHER | Adobe Acrobat Pro JPEG embedded XPS file heap overflow attempt | off | off | off | drop |
| 3 | 46119 | SERVER-OTHER | Cisco IOS DHCP relay reply integer underflow attempt | off | off | drop | drop |
| 3 | 46120 | SERVER-OTHER | Cisco IOS DHCP relay integer underflow attempt | off | off | drop | drop |
| GID | SID | Rule Group | Rule Message | Policy State | |||
|---|---|---|---|---|---|---|---|
| Con. | Bal. | Sec. | Max. | ||||
| 3 | 46097 | SERVER-OTHER | Cisco SMI invalid discovery init message denial of service attempt | off | drop | drop | drop |
| 1 | 46098 | PROTOCOL-OTHER | Routing Information Protocol version 1 potential amplified distributed denial of service attempt | off | off | off | off |
| 3 | 46101 | PROTOCOL-SNMP | Cisco IOS SNMP ciscoFlashFileEntry OID denial of service attempt | off | off | drop | drop |
| 3 | 46105 | PROTOCOL-SNMP | Cisco IOS SNMP natPoolRange OID denial of service attempt | off | off | drop | drop |
| 3 | 46125 | SERVER-OTHER | Cisco IOS invalid IKEv1 payload denial of service attempt | off | off | drop | drop |
| 3 | 46126 | SERVER-OTHER | Cisco IOS XE IGMP denial of service attempt | off | off | off | off |
| 3 | 46127 | SERVER-OTHER | Cisco IOS XE IGMP denial of service attempt | off | off | off | off |
| 3 | 46128 | SERVER-OTHER | Cisco IOS XE IGMP denial of service attempt | off | off | off | off |
| GID | SID | Rule Group | Rule Message | Policy State | |||
|---|---|---|---|---|---|---|---|
| Con. | Bal. | Sec. | Max. | ||||
| 1 | 46121 | PROTOCOL-OTHER | use of undocumented ScMM test interface in Cisco small business devices detected | off | off | off | off |
| 1 | 46122 | PROTOCOL-OTHER | use of undocumented ScMM test interface in Cisco small business devices detected | off | off | off | off |
| 1 | 46123 | PROTOCOL-OTHER | use of undocumented ScMM test interface in Cisco small business devices detected | off | off | off | off |
| 1 | 46124 | PROTOCOL-OTHER | use of undocumented ScMM test interface in Cisco small business devices detected | off | off | off | off |