23-005 (January 31, 2023)

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

IPSec-IKE
1011669 - Microsoft Windows Internet Key Exchange (IKE) Protocol Extensions Denial Of Service Vulnerability (CVE-2023-21547)


SNMP Server
1011663 - Net-SNMP NULL Pointer Dereference Vulnerability (CVE-2022-44793)


Web Application Common
1011206* - BillQuick Web Suite SQL Injection Vulnerability (CVE-2021-42258)
1005934* - Identified Suspicious Command Injection Attack


Web Application PHP Based
1011352* - WordPress 'Titan Labs Security Audit' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-24901)


Web Application Ruby Based
1011231* - Grafana Cross Site Scripting Vulnerability (CVE-2021-41174)


Web Client Common
1011656* - Adobe Acrobat And Reader Remote Code Execution Vulnerability (CVE-2023-21608)
1011666 - Adobe Acrobat And Reader Remote Code Execution Vulnerability (CVE-2023-21609)


Web Server HTTPS
1011659* - VMware vCenter Server Denial of Service Vulnerability (CVE-2022-31698)


Integrity Monitoring Rules:

1002775* - Microsoft Windows - Network configuration files modified
1002777* - Microsoft Windows - System configuration file modified


Log Inspection Rules:

1010002* - Microsoft PowerShell Command Execution (ATT&CK T1059.001)