Cisco Talos Update for FireSIGHT Management Center

Date: 2018-06-07

This SRU number: 2018-06-07-001
Previous SRU number: 2018-06-04-001

Applies to:

This SEU number: 1859
Previous SEU: 1857

Applies to:

This is the complete list of rules added in SRU 2018-06-07-001 and SEU 1859.

The format of the file is:

GID - SID - Rule Group - Rule Message - Policy State

The Policy State refers to each default Cisco Talos policy, Connectivity, Balanced, Security, and Maximum Detection.

The default passive policy state is the same as the Balanced policy state with the exception of alert being used instead of drop.

Note: Unless stated explicitly, the rules are for the series of products listed above.

New Rules:

High Priority
GIDSIDRule GroupRule MessagePolicy State
Con.Bal.Sec.Max.
146884DELETEDMALWARE-CNC Win.Trojan.Joanap variant outbound connectionoffoffoffoff
146885MALWARE-CNCWin.Trojan.Joanap variant outbound connectionoffdropdropdrop
146886SERVER-WEBAPPQuest KACE Systems Management Appliance ajax_email_connection_test.php command injection attemptoffoffdropdrop
346887SERVER-WEBAPPCisco Network Services Orchestrator arbitrary command execution attemptoffoffdropdrop
346888SERVER-WEBAPPCisco Network Services Orchestrator arbitrary command execution attemptoffoffdropdrop
346889SERVER-WEBAPPCisco Prime Collaboration Provisioning SQL injection attemptoffoffdropdrop
346890SERVER-WEBAPPCisco Prime Collaboration Provisioning SQL injection attemptoffoffdropdrop
346891SERVER-WEBAPPCisco Prime Collaboration Provisioning SQL injection attemptoffoffdropdrop
346892SERVER-WEBAPPCisco Prime Collaboration Provisioning SQL injection attemptoffoffdropdrop
346893SERVER-OTHERCisco Prime Collaboration Provisioning Java remote method invocation attemptoffoffdropdrop
146894MALWARE-CNCVbs.Worm.SysinfY2X outbound beaconoffdropdropdrop
146895MALWARE-CNCWin.Trojan.Nocturnal outbound connectionoffdropdropdrop
146896SERVER-WEBAPPJoomla component GeoContent typename parameter cross site scripting attemptoffoffoffoff
346897SERVER-WEBAPPCisco Adaptive Security Appliance directory traversal attemptoffoffdropdrop
146898SERVER-WEBAPPAtlassian OAuth plugin multiple versions server side request forgery attemptoffoffdropdrop
346899POLICY-OTHERCisco Prime Collaboration Provisioning access control group modification request detectedoffoffoffoff
146903INDICATOR-COMPROMISEMicrosoft Windows SYSTEM token stealing attemptoffoffoffoff
146904INDICATOR-COMPROMISEMicrosoft Windows SYSTEM token stealing attemptoffoffoffoff
146905INDICATOR-COMPROMISEMicrosoft Windows malicious CONTEXT structure creation attemptoffoffoffoff
146906INDICATOR-COMPROMISEMicrosoft Windows malicious CONTEXT structure creation attemptoffoffoffoff
146907INDICATOR-COMPROMISEMicrosoft Windows processor modification return to user-mode attemptoffoffoffoff
146908INDICATOR-COMPROMISEMicrosoft Windows processor modification return to user-mode attemptoffoffoffoff
146909INDICATOR-COMPROMISEMicrosoft Windows Interrupt Service Routine stack rollback attemptoffoffoffoff
146910INDICATOR-COMPROMISEMicrosoft Windows Interrupt Service Routine stack rollback attemptoffoffoffoff
346911SERVER-WEBAPPCisco Prime Collaboration Provisioning potentially unauthenticated administrator password change attemptoffoffdropdrop
146912BROWSER-FIREFOXMozilla multiple products JavaScript string replace buffer overflow attemptoffoffoffdrop
146913BROWSER-FIREFOXMozilla multiple products JavaScript string replace buffer overflow attemptoffoffoffdrop
346914SERVER-WEBAPPCisco Prime Collaboration Provisioning password recovery field reuse attemptoffoffdropdrop
146915FILE-MULTIMEDIAVideoLAN VLC Media Player abc file parts heap integer overflow attemptoffoffoffoff
146916FILE-MULTIMEDIAVideoLAN VLC Media Player abc file parts heap integer overflow attemptoffoffoffoff
146917FILE-FLASHAdobe Flash Player out of bounds write attemptoffdropdropdrop
146918FILE-FLASHAdobe Flash Player out of bounds write attemptoffdropdropdrop
146919FILE-FLASHAdobe Flash Player out of bounds write attemptoffdropdropdrop
146920FILE-FLASHAdobe Flash Player out of bounds write attemptoffdropdropdrop
Low Priority
GIDSIDRule GroupRule MessagePolicy State
Con.Bal.Sec.Max.
346900BROWSER-OTHERinvalid final chunk size evasion attemptoffoffoffdrop
346901BROWSER-OTHERhttp chunked transfer encoding flowbit attemptoffoffoffalert
346902BROWSER-OTHERinvalid final chunk size evasion attemptoffoffoffdrop