ruleUpdate
23-005 (31 de stycznia de 2023)
Publish Date: 31 de stycznia de 2023
DESCRIPTION
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
IPSec-IKE
1011669 - Microsoft Windows Internet Key Exchange (IKE) Protocol Extensions Denial Of Service Vulnerability (CVE-2023-21547)
SNMP Server
1011663 - Net-SNMP NULL Pointer Dereference Vulnerability (CVE-2022-44793)
Web Application Common
1011206* - BillQuick Web Suite SQL Injection Vulnerability (CVE-2021-42258)
1005934* - Identified Suspicious Command Injection Attack
Web Application PHP Based
1011352* - WordPress 'Titan Labs Security Audit' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-24901)
Web Application Ruby Based
1011231* - Grafana Cross Site Scripting Vulnerability (CVE-2021-41174)
Web Client Common
1011656* - Adobe Acrobat And Reader Remote Code Execution Vulnerability (CVE-2023-21608)
1011666 - Adobe Acrobat And Reader Remote Code Execution Vulnerability (CVE-2023-21609)
Web Server HTTPS
1011659* - VMware vCenter Server Denial of Service Vulnerability (CVE-2022-31698)
Integrity Monitoring Rules:
1002775* - Microsoft Windows - Network configuration files modified
1002777* - Microsoft Windows - System configuration file modified
Log Inspection Rules:
1010002* - Microsoft PowerShell Command Execution (ATT&CK T1059.001)
Deep Packet Inspection Rules:
IPSec-IKE
1011669 - Microsoft Windows Internet Key Exchange (IKE) Protocol Extensions Denial Of Service Vulnerability (CVE-2023-21547)
SNMP Server
1011663 - Net-SNMP NULL Pointer Dereference Vulnerability (CVE-2022-44793)
Web Application Common
1011206* - BillQuick Web Suite SQL Injection Vulnerability (CVE-2021-42258)
1005934* - Identified Suspicious Command Injection Attack
Web Application PHP Based
1011352* - WordPress 'Titan Labs Security Audit' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-24901)
Web Application Ruby Based
1011231* - Grafana Cross Site Scripting Vulnerability (CVE-2021-41174)
Web Client Common
1011656* - Adobe Acrobat And Reader Remote Code Execution Vulnerability (CVE-2023-21608)
1011666 - Adobe Acrobat And Reader Remote Code Execution Vulnerability (CVE-2023-21609)
Web Server HTTPS
1011659* - VMware vCenter Server Denial of Service Vulnerability (CVE-2022-31698)
Integrity Monitoring Rules:
1002775* - Microsoft Windows - Network configuration files modified
1002777* - Microsoft Windows - System configuration file modified
Log Inspection Rules:
1010002* - Microsoft PowerShell Command Execution (ATT&CK T1059.001)