SOPHOS IPS Signature Update Release Notes
Version : 9.17.48 Release Date : 24th September 2020 IPS Signature Update
Release Information
Upgrade Applicable on
IPS Signature Release Version 9.17.47 CR250i, CR300i, CR500i-4P, CR500i-6P, CR500i-8P, CR500ia, CR500ia-RP, CR500ia1F, CR500ia10F, CR750ia, CR750ia1F, CR750ia10F, CR1000i-11P, CR1000i-12P, CR1000ia, CR1000ia10F, CR1500i-11P, CR1500i-12P, CR1500ia, CR1500ia10F Sophos Appliance Models CR25iNG, CR25iNG-6P, CR35iNG, CR50iNG, CR100iNG, CR200iNG/XP, CR300iNG/XP, CR500iNG- XP, CR750iNG-XP, CR2500iNG, CR25wiNG, CR25wiNG-6P, CR35wiNG, CRiV1C, CRiV2C, CRiV4C, CRiV8C, CRiV12C, XG85 to XG450, SG105 to SG650
Upgrade Information Upgrade type: Automatic
Compatibility Annotations: None
Introduction The Release Note document for IPS Signature Database Version 9.17.48 includes support for the new signatures. The following sections describe the release in detail.
New IPS Signatures The Sophos Intrusion Prevention System shields the network from known attacks by matching the network traffic against the signatures in the IPS Signature Database. These signatures are developed to significantly increase detection performance and reduce the false alarms.
Report false positives at [email protected], along with the application details.
September 2020 Page 2 of 8 IPS Signature Update
This IPS Release includes Forty Nine(49) signatures to address Twenty Five(25) vulnerabilities. New signatures are added for the following vulnerabilities:
Name CVE–ID Category Severity
BROWSER-CHROME Google Chrome CVE- Browsers 1 2020-6418 Type Confusion
BROWSER-CHROME Google Chrome blink CVE-2019- Browsers 1 webaudio module use 13720 after free attempt
FILE-OTHER Microsoft Application Windows Type 1 font 1 and Software stack overflow attempt
FILE-OTHER Microsoft Windows fontdrvhost Application SetBlendDesignPosition 1 and Software s out of bounds write attempt
FILE-OTHER WECON LeviStudioU Alarm Application 3 Bitaddr Stack Buffer and Software Overflow
FILE-OTHER WECON LeviStudioU Alarm Application 5 Bitaddr Stack Buffer and Software Overflow
OS-WINDOWS Operating Microsoft Windows CVE-2020- System and 1 win32k type confusion 1426 Services attempt
CVE-2020- OS-WINDOWS Windows Operating 1 CVE-2020-1472 1472 System and
September 2020 Page 3 of 8 IPS Signature Update
Netlogon Elevation of Services Privilege Vulnerability
OS-WINDOWS Windows Operating CVE-2020-1472 CVE-2020- System and 5 Netlogon Elevation of 1472 Services Privilege Vulnerability
PROTOCOL-OTHER TurboVNC Fence CVE-2019- Misc 1 Message Stack-based 15683 Buffer Overflow
SERVER-APACHE Apache Spark auth-enabled CVE-2020- Apache HTTP standalone master 1 9480 Server (CVE-2020-9480) Command Execution
SERVER-APACHE Apache Spark auth-enabled CVE-2020- Apache HTTP standalone master 5 9480 Server (CVE-2020-9480) Command Execution
SERVER-OTHER Active Directory LDAP CVE-2020- Other Web addRequest crafted 2 0856 Server dnsRecord information leak attempt
SERVER-OTHER Intel CVE-2020- Other Web AMT HTTP invalid chunk 2 8758 Server size attempt
SERVER-OTHER Intel CVE-2020- Other Web AMT HTTP negative 2 8758 Server content-length attempt
Web Services SERVER-SAMBA Samba CVE-2020- and 2 LDAP AD DC Nested 10704 Filter CVE-2020-10704 Applications
September 2020 Page 4 of 8 IPS Signature Update
Denial of Service
SERVER-WEBAPP Cisco Web Services Data Center Network CVE-2019- and 1 Manager SQL injection 15984 Applications attempt
SERVER-WEBAPP Cisco Web Services RV Series Routers CVE-2020- and 1 authentication bypass 3144 Applications attempt
SERVER-WEBAPP Cisco Web Services RV Series Routers null CVE-2020- and 1 pointer dereference 3358 Applications attempt
SERVER-WEBAPP IBM Spectrum Protect Plus Web Services CVE-2020- hostname CVE-2020- and 1 4211 4211 Command Applications Injection
SERVER-WEBAPP Web Services Intellian Aptus Web CVE-2020- and 2 arbitrary command 7980 Applications execution attempt
SERVER-WEBAPP Web Services Zeroshell Linux Router CVE-2019- and 2 command injection 12725 Applications attempt
SERVER-WEBAPP rConfig Web Services compliancepolicyeleme CVE-2020- and 3 nts.inc.php CVE-2020- 10547 Applications 10547 SQL Injection (Decrypted Traffic)
SERVER-WEBAPP CVE-2020- Web Services rConfig 3 10547 and compliancepolicyeleme
September 2020 Page 5 of 8 IPS Signature Update
nts.inc.php CVE-2020- Applications 10547 SQL Injection
SERVER-WEBAPP Web Services rConfig snippets.inc.php CVE-2020- and 2 CVE-2020-10549 SQL 10549 Applications Injection
September 2020 Page 6 of 8 IPS Signature Update
Name: Name of the Signature
CVE–ID: CVE Identification Number - Common Vulnerabilities and Exposures (CVE) provides reference of CVE Identifiers for publicly known information security vulnerabilities.
Category: Class type according to threat
Severity: Degree of severity - The levels of severity are described in the table below:
Severity Level Severity Criteria
1 Low
2 Moderate
3 High
4 Critical
September 2020 Page 7 of 8 IPS Signature Update
Important Notice Sophos Technologies Pvt. Ltd. has supplied this Information believing it to be accurate and reliable at the time of printing, but is presented without warranty of any kind, expressed or implied. Users must take full responsibility for their application of any products. Sophos Technologies Pvt. Ltd. assumes no responsibility for any errors that may appear in this document. Sophos Technologies Pvt. Ltd. reserves the right, without notice to make changes in product design or specifications. Information is subject to change without notice.
RESTRICTED RIGHTS
©1997 - 2020 Sophos Ltd. All rights reserved. All rights reserved. Sophos, Sophos logo are trademark of Sophos Technologies Pvt. Ltd.
Corporate Headquarters Sophos Technologies Pvt. Ltd.
Registered in England and Wales No. 2096520,
The Pentagon, Abingdon Science Park,
Abingdon, OX14 3YP, UK Web site: www.sophos.com
September 2020 Page 8 of 8