This SRU number: 2020-05-06-001
Previous SRU number: 2020-05-04-001
Applies to:
This SEU number: 2162
Previous SEU: 2161
Applies to:
This is the complete list of rules added in SRU 2020-05-06-001 and SEU 2162.
The format of the file is:
GID - SID - Rule Group - Rule Message - Policy State
The Policy State refers to each default Cisco Talos policy, Connectivity, Balanced, Security, and Maximum Detection.
The default passive policy state is the same as the Balanced policy state with the exception of alert being used instead of drop.
Note: Unless stated explicitly, the rules are for the series of products listed above.
| GID | SID | Rule Group | Rule Message | Policy State | |||
|---|---|---|---|---|---|---|---|
| Con. | Bal. | Sec. | Max. | ||||
| 1 | 53844 | BROWSER-CHROME | Google Chromium ImageCapture use after free attempt | off | off | drop | drop |
| 1 | 53845 | BROWSER-CHROME | Google Chromium ImageCapture use after free attempt | off | off | drop | drop |
| 1 | 53846 | MALWARE-OTHER | Win.Trojan.Ursnif malicious outbound connection attempt - gravity generated detection | off | drop | drop | drop |
| 1 | 53848 | MALWARE-OTHER | Win.Packed.Clipbanker-7764305-0 download attempt | off | off | off | drop |
| 1 | 53849 | MALWARE-OTHER | Win.Packed.Clipbanker-7764305-0 download attempt | off | off | off | drop |
| 3 | 53851 | SERVER-WEBAPP | Cisco ASA and FTD directory traversal attempt | off | drop | drop | drop |
| 1 | 53852 | MALWARE-OTHER | Win.Packed.Razy-7767366-0 download attempt | off | off | off | drop |
| 1 | 53853 | MALWARE-OTHER | Win.Packed.Razy-7767366-0 download attempt | off | off | off | drop |
| 1 | 53854 | MALWARE-OTHER | Win.Packed.Zusy-7759444-0 download attempt | off | off | drop | drop |
| 1 | 53855 | MALWARE-OTHER | Win.Packed.Zusy-7759444-0 download attempt | off | off | drop | drop |
| 1 | 53856 | MALWARE-CNC | Embedded.Exploit.Hoaxcalls variant outbound connection | off | drop | drop | drop |
| 1 | 53857 | SERVER-WEBAPP | Grandstream UCM6202 series SQL injection attempt | off | drop | drop | drop |
| 1 | 53858 | SERVER-WEBAPP | Grandstream UCM6202 series SQL injection attempt | off | drop | drop | drop |
| 1 | 53859 | SERVER-WEBAPP | Grandstream UCM6202 series SQL injection attempt | off | drop | drop | drop |
| 1 | 53860 | SERVER-WEBAPP | Centurylink router unauthenticated administrator account disable attempt | off | drop | drop | drop |
| 1 | 53861 | MALWARE-CNC | Win.Trojan.Astaroth outbound beacon | off | drop | drop | drop |
| 1 | 53862 | SERVER-WEBAPP | D-Link DIR-859 UPnP subscribe command injection attempt | off | off | drop | drop |
| 1 | 53863 | SERVER-WEBAPP | D-Link DIR-859 UPnP subscribe command injection attempt | off | off | drop | drop |
| 3 | 53864 | POLICY-OTHER | Cisco Firepower User Agent Service default MySQL credentials detected | off | off | off | off |
| 1 | 53866 | SERVER-WEBAPP | Microsoft SharePoint TypeConverter remote code execution attempt | off | drop | drop | drop |
| 3 | 53867 | PROTOCOL-DNS | Cisco ASA and FTD IPv6 DNS request stack buffer overflow attempt | off | off | drop | drop |
| GID | SID | Rule Group | Rule Message | Policy State | |||
|---|---|---|---|---|---|---|---|
| Con. | Bal. | Sec. | Max. | ||||
| 3 | 53847 | PROTOCOL-OTHER | Cisco ASA and FTD malformed OSPF denial of service attempt | off | off | drop | drop |
| 3 | 53850 | SERVER-WEBAPP | Cisco ASA and FTD memory disclosure attempt | off | off | drop | drop |
| 1 | 53865 | SERVER-OTHER | Memcached read command denial of service attempt | off | off | off | drop |
| 3 | 53868 | SERVER-OTHER | Cisco ASA and FTD MGCP denial of service attempt | off | off | drop | drop |
| 3 | 53869 | SERVER-OTHER | Cisco ASA and FTD MGCP denial of service attempt | off | off | drop | drop |
| 3 | 53870 | SERVER-OTHER | Cisco ASA and FTD MGCP denial of service attempt | off | off | drop | drop |
| 3 | 53871 | SERVER-OTHER | Cisco ASA and FTD MGCP denial of service attempt | off | off | drop | drop |