Cisco Talos Update for FireSIGHT Management Center

Date: 2019-08-22

This SRU number: 2019-08-21-001
Previous SRU number: 2019-08-19-001

Applies to:

3D Sensor versions: 5.x / 6.x
Cisco FireSIGHT Management Center versions: 5.x / 6.x

This SEU number: 2056
Previous SEU: 2055

Applies to:

3D Sensor Versions: 4.10
Cisco FireSIGHT Management Center versions: 4.10

This is the complete list of rules added in SRU 2019-08-21-001 and SEU 2056.

The format of the file is:

GID - SID - Rule Group - Rule Message - Policy State

The Policy State refers to each default Cisco Talos policy, Connectivity, Balanced, Security, and Maximum Detection.

The default passive policy state is the same as the Balanced policy state with the exception of alert being used instead of drop.

Note: Unless stated explicitly, the rules are for the series of products listed above.

New Rules:

**High Priority**
GID	SID	Rule Group	Rule Message	Policy State
GID	SID	Rule Group	Rule Message	Con.	Bal.	Sec.	Max.
3	50903	SERVER-WEBAPP	Cisco UCS Director command injection attempt	off	off	drop	drop
1	51138	SERVER-WEBAPP	PHP phpinfo function cross site scripting attempt	off	off	off	drop
1	51139	SERVER-WEBAPP	PHP phpinfo function cross site scripting attempt	off	off	off	drop
1	51141	SERVER-OTHER	Oracle Tuxedo Jolt server heap overflow attempt	off	off	off	drop
1	51142	SERVER-WEBAPP	Moodle 3.x PHP code injection attempt	off	off	drop	drop
1	51143	SERVER-WEBAPP	Moodle 3.x PHP code injection attempt	off	off	drop	drop
1	51145	SERVER-OTHER	HPE Intelligent Management Center 10001 buffer overflow attempt	off	off	off	drop
1	51146	SERVER-WEBAPP	FasterXML Jackson Databind unsafe deserialization attempt	off	off	off	drop
1	51148	SERVER-WEBAPP	ManageEngine Desktop Central cross site scripting attempt	off	off	off	drop
1	51149	SERVER-WEBAPP	ManageEngine Desktop Central cross site scripting attempt	off	off	off	drop
1	51150	SERVER-OTHER	DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt	off	off	off	drop
1	51151	SERVER-OTHER	DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt	off	off	off	drop
1	51152	SERVER-OTHER	DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt	off	off	off	drop
1	51153	SERVER-OTHER	DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt	off	off	off	drop
1	51154	SERVER-OTHER	DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt	off	off	off	drop
1	51155	SERVER-OTHER	DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt	off	off	off	drop
1	51156	SERVER-OTHER	DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt	off	off	off	drop
1	51157	SERVER-OTHER	DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt	off	off	off	drop
1	51158	SERVER-OTHER	DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt	off	off	off	drop
1	51159	OS-WINDOWS	Microsoft Windows DHCP client Domain Search response memory corruption attempt	off	off	off	drop
1	51160	FILE-IMAGE	Microsoft GDI crafted EMF file information disclosure attempt	off	off	off	drop
1	51161	FILE-IMAGE	Microsoft GDI crafted EMF file information disclosure attempt	off	off	off	drop
3	51164	SERVER-WEBAPP	Cisco Integrated Management Controller Redfish API command injection attempt	off	off	drop	drop
1	51165	FILE-OFFICE	Microsoft Office Excel SxView heap overflow attempt	off	off	off	drop
1	51166	FILE-OFFICE	Microsoft Office Excel SxView heap overflow attempt	off	off	off	drop
1	51167	FILE-OFFICE	Microsoft Office Excel SxView heap overflow attempt	off	off	off	drop
1	51168	FILE-OFFICE	Microsoft Office Excel SxView heap overflow attempt	off	off	off	drop
1	51169	FILE-OFFICE	Microsoft Office Excel SxView heap overflow attempt	off	off	off	drop
1	51170	FILE-OFFICE	Microsoft Office Excel SxView heap overflow attempt	off	off	off	drop
1	51171	FILE-OFFICE	Microsoft Office Excel SxView heap overflow attempt	off	off	off	drop
1	51172	FILE-OFFICE	Microsoft Office Excel SxView heap overflow attempt	off	off	off	drop
3	51173	SERVER-WEBAPP	Cisco UCS Director authentication bypass attempt	off	off	drop	drop
1	51174	SERVER-WEBAPP	vCard Create Card cross site scripting attempt	off	off	off	drop
1	51175	SERVER-WEBAPP	vCard Create Card cross site scripting attempt	off	off	off	drop
1	51176	SERVER-WEBAPP	vCard Toprated cross site scripting attempt	off	off	off	drop
1	51177	SERVER-WEBAPP	vCard Toprated cross site scripting attempt	off	off	off	drop
1	51178	SERVER-WEBAPP	vCard New Card cross site scripting attempt	off	off	off	drop
1	51179	SERVER-WEBAPP	vCard New Card cross site scripting attempt	off	off	off	drop
3	51180	SERVER-OTHER	Cisco Integrated Management Controller IPMI command injection attempt	off	off	drop	drop
1	51181	SERVER-OTHER	NTPsec 1.1.2 ntp_control out-of-bounds read attempt	off	off	off	drop
1	51182	FILE-OFFICE	Microsoft Excel Jet Database Engine code execution attempt	off	off	off	drop
1	51183	FILE-OFFICE	Microsoft Excel Jet Database Engine code execution attempt	off	off	off	drop
1	51184	SERVER-WEBAPP	Xalan-Java secure processing bypass attempt	off	off	off	drop
3	51187	SERVER-WEBAPP	Cisco Integrated Management Controller buffer overflow attempt	off	off	drop	drop
3	51188	SERVER-WEBAPP	Cisco Integrated Management Controller command injection attempt	off	off	drop	drop
3	51189	SERVER-WEBAPP	Cisco Integrated Management Controller command injection attempt	off	off	drop	drop
1	51190	SERVER-WEBAPP	Novell iManager buffer overflow attempt	off	off	off	drop
1	51191	FILE-OTHER	OMRON CX-One MCI file stack buffer overflow attempt	off	off	off	drop
1	51192	FILE-OTHER	OMRON CX-One MCI file stack buffer overflow attempt	off	off	off	drop
3	51193	SERVER-WEBAPP	Cisco Integrated Management Controller command injection attempt	off	off	drop	drop
3	51194	SERVER-WEBAPP	Cisco Integrated Management Controller command injection attempt	off	off	drop	drop
3	51195	SERVER-WEBAPP	Cisco Integrated Management Controller command injection attempt	off	off	drop	drop
1	51196	SERVER-WEBAPP	FLIR AX8 Camera arbitrary file download attempt	off	off	off	drop
1	51197	SERVER-WEBAPP	FLIR AX8 Camera arbitrary file download attempt	off	off	off	drop
3	51200	POLICY-OTHER	Cisco UCS Director Intersight API unauthenticated request detected	off	off	off	off
3	51201	SERVER-WEBAPP	Cisco Integrated Management Controller authentication bypass attempt	off	off	drop	drop
1	51202	INDICATOR-COMPROMISE	Dana IRC stack buffer overflow attempt	off	off	off	drop
1	51203	FILE-IMAGE	Microsoft Office PNG tEXt chunk buffer overflow attempt	off	off	off	drop
1	51204	FILE-IMAGE	Microsoft Office PNG tEXt chunk buffer overflow attempt	off	off	off	drop
1	51205	FILE-IMAGE	Microsoft Office PNG tEXt chunk buffer overflow attempt	off	off	off	drop
1	51206	FILE-IMAGE	Microsoft Office PNG tEXt chunk buffer overflow attempt	off	off	off	drop

**Medium Priority**
GID	SID	Rule Group	Rule Message	Policy State
GID	SID	Rule Group	Rule Message	Con.	Bal.	Sec.	Max.
1	51140	SERVER-OTHER	Splashtop Streamer Personal random data stream denial of service attempt	off	off	off	drop
1	51144	SERVER-OTHER	ISC BIND multiple ENDS Key Tag options denial of service attempt	off	off	off	drop
1	51147	FILE-OTHER	World of Warcraft local denial of service attempt	off	off	off	drop
1	51185	SERVER-OTHER	Memcached lru temp_ttl NULL dereference attempt	off	off	off	drop
1	51186	SERVER-OTHER	Memcached lru mode NULL dereference attempt	off	off	off	drop
3	51198	SERVER-WEBAPP	Cisco Integrated Management Controller denial of service attempt	off	off	drop	drop
3	51199	SERVER-WEBAPP	Cisco Integrated Management Controller denial of service attempt	off	off	drop	drop

**Low Priority**
GID	SID	Rule Group	Rule Message	Policy State
GID	SID	Rule Group	Rule Message	Con.	Bal.	Sec.	Max.
1	51162	FILE-PDF	Adobe Acrobat Reader RGB color table out of bounds read attempt	off	off	off	drop
1	51163	FILE-PDF	Adobe Acrobat Reader RGB color table out of bounds read attempt	off	off	off	drop