This SRU number: 2020-07-15-001
Previous SRU number: 2020-07-13-001
Applies to:
This SEU number: 2186
Previous SEU: 2185
Applies to:
This is the complete list of rules added in SRU 2020-07-15-001 and SEU 2186.
The format of the file is:
GID - SID - Rule Group - Rule Message - Policy State
The Policy State refers to each default Cisco Talos policy, Connectivity, Balanced, Security, and Maximum Detection.
The default passive policy state is the same as the Balanced policy state with the exception of alert being used instead of drop.
Note: Unless stated explicitly, the rules are for the series of products listed above.
| GID | SID | Rule Group | Rule Message | Policy State | |||
|---|---|---|---|---|---|---|---|
| Con. | Bal. | Sec. | Max. | ||||
| 1 | 54536 | MALWARE-OTHER | Win.Malware.Netwire-8821558-0 download attempt | off | off | off | drop |
| 1 | 54537 | MALWARE-OTHER | Win.Malware.Netwire-8821558-0 download attempt | off | off | off | drop |
| 3 | 54538 | SERVER-WEBAPP | Cisco RV Series Routers command injection attempt | off | off | drop | drop |
| 3 | 54539 | SERVER-WEBAPP | Cisco RV Series Routers command injection attempt | off | off | drop | drop |
| 3 | 54540 | SERVER-WEBAPP | Cisco RV Series Routers command injection attempt | off | off | drop | drop |
| 3 | 54541 | SERVER-WEBAPP | Cisco RV Series Routers command injection attempt | off | off | drop | drop |
| 3 | 54542 | SERVER-WEBAPP | Cisco RV Series Routers heap buffer overflow attempt | off | off | drop | drop |
| 3 | 54543 | SERVER-WEBAPP | Cisco RV Series Routers heap buffer overflow attempt | off | off | drop | drop |
| 3 | 54544 | POLICY-OTHER | Cisco RV110W Router default credential login detected | off | off | off | off |
| 3 | 54545 | SERVER-WEBAPP | Cisco SD-WAN vManage arbitrary Java object deserialization attempt | off | off | drop | drop |
| 3 | 54546 | SERVER-WEBAPP | Cisco SD-WAN vManage cypher query language injection attempt | off | off | drop | drop |
| 3 | 54547 | SERVER-WEBAPP | Cisco SD-WAN vManage cypher query language injection attempt | off | off | drop | drop |
| 3 | 54548 | SERVER-WEBAPP | Cisco RV Series Routers stack buffer overflow attempt | off | off | drop | drop |
| 3 | 54549 | SERVER-WEBAPP | Cisco RV Series Routers stack buffer overflow attempt | off | off | drop | drop |
| 3 | 54550 | SERVER-WEBAPP | Cisco RV Series Routers stack buffer overflow attempt | off | off | drop | drop |
| 3 | 54551 | SERVER-WEBAPP | Cisco RV Series Routers stack buffer overflow attempt | off | off | drop | drop |
| 3 | 54553 | POLICY-OTHER | Cisco SD-WAN vManage file upload detected | off | off | off | off |
| 1 | 54554 | MALWARE-CNC | Win.Trojan.Ursnif variant payload download attempt | off | off | drop | drop |
| 1 | 54555 | MALWARE-CNC | Win.Trojan.Ursnif variant payload download attempt | off | off | drop | drop |
| 3 | 54557 | SERVER-WEBAPP | Cisco RV Series Routers authentication bypass attempt | off | off | drop | drop |
| 1 | 54558 | SERVER-WEBAPP | Park Ticketing Management System SQL injection attempt | off | drop | drop | drop |
| 1 | 54559 | SERVER-WEBAPP | Park Ticketing Management System SQL injection attempt | off | drop | drop | drop |
| 3 | 54560 | SERVER-WEBAPP | Cisco RV Series Routers stack buffer overflow attempt | off | off | drop | drop |
| 3 | 54561 | SERVER-WEBAPP | Cisco RV Series Routers stack buffer overflow attempt | off | off | drop | drop |
| 3 | 54562 | SERVER-WEBAPP | Cisco RV Series Routers stack buffer overflow attempt | off | off | drop | drop |
| 3 | 54563 | SERVER-WEBAPP | Cisco RV Series Routers stack buffer overflow attempt | off | off | drop | drop |
| 3 | 54564 | POLICY-OTHER | Cisco RV Series Routers configuration download detected | off | off | off | off |
| 1 | 54565 | SERVER-WEBAPP | Park Ticketing Management System SQL injection attempt | off | drop | drop | drop |
| 1 | 54566 | SERVER-WEBAPP | Park Ticketing Management System SQL injection attempt | off | drop | drop | drop |
| 1 | 54567 | SERVER-WEBAPP | Park Ticketing Management System SQL injection attempt | off | drop | drop | drop |
| 3 | 54568 | POLICY-OTHER | Cisco Prime License Manager password reset detected | off | off | off | off |
| 1 | 54569 | SERVER-WEBAPP | Barangay Management System SQL injection attempt | off | drop | drop | drop |
| 1 | 54570 | SERVER-WEBAPP | Barangay Management System SQL injection attempt | off | drop | drop | drop |
| 1 | 54571 | SERVER-WEBAPP | SAP NetWeaver AS LM Configuration Wizard directory traversal attempt | off | drop | drop | drop |
| 1 | 54572 | SERVER-WEBAPP | SAP NetWeaver AS LM Configuration Wizard directory traversal attempt | off | drop | drop | drop |
| 1 | 54573 | POLICY-OTHER | SAP NetWeaver AS LM Configuration Wizard access detected | off | off | drop | drop |
| 1 | 54574 | POLICY-OTHER | SAP NetWeaver AS LM Configuration Wizard access detected | off | off | drop | drop |
| GID | SID | Rule Group | Rule Message | Policy State | |||
|---|---|---|---|---|---|---|---|
| Con. | Bal. | Sec. | Max. | ||||
| 3 | 54552 | SERVER-WEBAPP | Cisco RV Series Routers null pointer dereference attempt | off | off | drop | drop |
| 1 | 54556 | SERVER-WEBAPP | BSA Radar local file inclusion attempt | off | drop | drop | drop |