SOPHOS IPS Signature Update Release Notes

Version : 9.17.48 Release Date : 24th September 2020 IPS Signature Update

Release Information

Upgrade Applicable on

IPS Signature Release Version 9.17.47 CR250i, CR300i, CR500i-4P, CR500i-6P, CR500i-8P, CR500ia, CR500ia-RP, CR500ia1F, CR500ia10F, CR750ia, CR750ia1F, CR750ia10F, CR1000i-11P, CR1000i-12P, CR1000ia, CR1000ia10F, CR1500i-11P, CR1500i-12P, CR1500ia, CR1500ia10F Sophos Appliance Models CR25iNG, CR25iNG-6P, CR35iNG, CR50iNG, CR100iNG, CR200iNG/XP, CR300iNG/XP, CR500iNG- XP, CR750iNG-XP, CR2500iNG, CR25wiNG, CR25wiNG-6P, CR35wiNG, CRiV1C, CRiV2C, CRiV4C, CRiV8C, CRiV12C, XG85 to XG450, SG105 to SG650

Upgrade Information Upgrade type: Automatic

Compatibility Annotations: None

Introduction The Release Note document for IPS Signature Database Version 9.17.48 includes support for the new signatures. The following sections describe the release in detail.

New IPS Signatures The Sophos Intrusion Prevention System shields the network from known attacks by matching the network traffic against the signatures in the IPS Signature Database. These signatures are developed to significantly increase detection performance and reduce the false alarms.

Report false positives at [email protected], along with the application details.

September 2020 Page 2 of 8 IPS Signature Update

This IPS Release includes Forty Nine(49) signatures to address Twenty Five(25) vulnerabilities. New signatures are added for the following vulnerabilities:

Name CVE–ID Category Severity

BROWSER-CHROME Google Chrome CVE- Browsers 1 2020-6418 Type Confusion

BROWSER-CHROME Google Chrome blink CVE-2019- Browsers 1 webaudio module use 13720 after free attempt

FILE-OTHER Microsoft Application Windows Type 1 font 1 and Software stack overflow attempt

FILE-OTHER Microsoft Windows fontdrvhost Application SetBlendDesignPosition 1 and Software s out of bounds write attempt

FILE-OTHER WECON LeviStudioU Alarm Application 3 Bitaddr Stack Buffer and Software Overflow

FILE-OTHER WECON LeviStudioU Alarm Application 5 Bitaddr Stack Buffer and Software Overflow

OS-WINDOWS Operating Microsoft Windows CVE-2020- System and 1 win32k type confusion 1426 Services attempt

CVE-2020- OS-WINDOWS Windows Operating 1 CVE-2020-1472 1472 System and

September 2020 Page 3 of 8 IPS Signature Update

Netlogon Elevation of Services Privilege Vulnerability

OS-WINDOWS Windows Operating CVE-2020-1472 CVE-2020- System and 5 Netlogon Elevation of 1472 Services Privilege Vulnerability

PROTOCOL-OTHER TurboVNC Fence CVE-2019- Misc 1 Message Stack-based 15683 Buffer Overflow

SERVER-APACHE Apache Spark auth-enabled CVE-2020- Apache HTTP standalone master 1 9480 Server (CVE-2020-9480) Command Execution

SERVER-APACHE Apache Spark auth-enabled CVE-2020- Apache HTTP standalone master 5 9480 Server (CVE-2020-9480) Command Execution

SERVER-OTHER Active Directory LDAP CVE-2020- Other Web addRequest crafted 2 0856 Server dnsRecord information leak attempt

SERVER-OTHER Intel CVE-2020- Other Web AMT HTTP invalid chunk 2 8758 Server size attempt

SERVER-OTHER Intel CVE-2020- Other Web AMT HTTP negative 2 8758 Server content-length attempt

Web Services SERVER-SAMBA Samba CVE-2020- and 2 LDAP AD DC Nested 10704 Filter CVE-2020-10704 Applications

September 2020 Page 4 of 8 IPS Signature Update

Denial of Service

SERVER-WEBAPP Cisco Web Services Data Center Network CVE-2019- and 1 Manager SQL injection 15984 Applications attempt

SERVER-WEBAPP Cisco Web Services RV Series Routers CVE-2020- and 1 authentication bypass 3144 Applications attempt

SERVER-WEBAPP Cisco Web Services RV Series Routers null CVE-2020- and 1 pointer dereference 3358 Applications attempt

SERVER-WEBAPP IBM Spectrum Protect Plus Web Services CVE-2020- hostname CVE-2020- and 1 4211 4211 Command Applications Injection

SERVER-WEBAPP Web Services Intellian Aptus Web CVE-2020- and 2 arbitrary command 7980 Applications execution attempt

SERVER-WEBAPP Web Services Zeroshell Linux Router CVE-2019- and 2 command injection 12725 Applications attempt

SERVER-WEBAPP rConfig Web Services compliancepolicyeleme CVE-2020- and 3 nts.inc.php CVE-2020- 10547 Applications 10547 SQL Injection (Decrypted Traffic)

SERVER-WEBAPP CVE-2020- Web Services rConfig 3 10547 and compliancepolicyeleme

September 2020 Page 5 of 8 IPS Signature Update

nts.inc.php CVE-2020- Applications 10547 SQL Injection

SERVER-WEBAPP Web Services rConfig snippets.inc.php CVE-2020- and 2 CVE-2020-10549 SQL 10549 Applications Injection

September 2020 Page 6 of 8 IPS Signature Update

 Name: Name of the Signature

 CVE–ID: CVE Identification Number - Common Vulnerabilities and Exposures (CVE) provides reference of CVE Identifiers for publicly known information security vulnerabilities.

 Category: Class type according to threat

 Severity: Degree of severity - The levels of severity are described in the table below:

Severity Level Severity Criteria

1 Low

2 Moderate

3 High

4 Critical

September 2020 Page 7 of 8 IPS Signature Update

Important Notice Sophos Technologies Pvt. Ltd. has supplied this Information believing it to be accurate and reliable at the time of printing, but is presented without warranty of any kind, expressed or implied. Users must take full responsibility for their application of any products. Sophos Technologies Pvt. Ltd. assumes no responsibility for any errors that may appear in this document. Sophos Technologies Pvt. Ltd. reserves the right, without notice to make changes in product design or specifications. Information is subject to change without notice.

RESTRICTED RIGHTS

©1997 - 2020 Sophos Ltd. All rights reserved. All rights reserved. Sophos, Sophos logo are trademark of Sophos Technologies Pvt. Ltd.

Corporate Headquarters Sophos Technologies Pvt. Ltd.

Registered in England and Wales No. 2096520,

The Pentagon, Abingdon Science Park,

Abingdon, OX14 3YP, UK Web site: www.sophos.com

September 2020 Page 8 of 8