The Cisco vulnerability database (VDB) is a database of known vulnerabilities to which hosts may be susceptible, as well as fingerprints for operating systems, clients, and applications. The system uses the VDB to help determine whether a particular host increases your risk of compromise.

Cisco issues periodic updates to the VDB. The time it takes to update the VDB and its associated mappings on the Firepower Management Center depends on the number of hosts in your network map. As a rule of thumb, divide the number of hosts by 1000 to determine the approximate number of minutes to perform the update.

You can find VDB updates on the VDB Software Downloads page on Cisco.com.

The Cisco Firepower Application Detector Reference contains the release notes and information about the application detectors supported in the VDB release. For each application listed in the reference, you can find the following information:

• Description—A brief description of the application.

• Categories—A general classification for the application that describes its most essential function. Example categories include web services provider, e-commerce, ad portal, and social networking.

• Tags—Predefined tags that provide additional information about the application. Example tags include webmail, SSL protocol, file sharing/transfer, and displays ads. An application can have zero, one, or more tags.

• Risk—The likelihood that the application is used for purposes that might be against your organization’s security policy. The risk levels are Very High, High, Medium, Low, and Very Low.

• Business Relevance—The likelihood that the application is used within the context of your organization’s business operations, as opposed to recreationally. The relevance levels are Very High, High, Medium, Low, and Very Low.

This guide relates to Vulnerability Database Updates installed via the following software versions on the following platforms:

Sourcefire 3D System/Firepower System Version 5.x:

• Cisco FireSIGHT Management Centers (formerly Defense Centers)

Firepower Version 6.x:

• Cisco Firepower Management Centers (formerly Defense Centers/FireSIGHT Management Centers)

The following Detector Types are supported:

• application protocol

• client

• web application

Cisco Vulnerability Database (VDB) Update 342 supports 3,628 applications.

This section describes the changes from VDB 341 (8:02:48 PM on January 29th, 2021 UTC) to VDB 342 (8:56:05 PM on March 29th, 2021 UTC).

Application Protocol Detectors

Client Detectors

Web Application Detectors

FireSIGHT/Firepower Detector Updates

Operating System Fingerprint Details

Operating System and Hardware Fingerprint Details

Vulnerability References

Fingerprint References

File Type Detectors

Operating System Fingerprint Details:

• no additions or modifications

Operating System and Hardware Fingerprint Details:

• no additions or modifications

Fingerprint Reference Details:

• no additions or modifications

Application Protocol Detectors:

• GRPC: Remote Procedure Call developed by Google. (Added)

• NDMP: Modified for added coverage (Updated)

• RTSP: Modified for added coverage (Updated)

• RADIUS: Modified for added coverage (Updated)

• QUIC: Modified for added coverage on UDP flows (Updated)

• IEC 104 End of Initialization: Updated app description (Updated)

• IEC 104 TESTFR CON: An IEC 104 Function of Test Frame Confirmation. (Added)

• IEC 104 TESTFR ACT: An IEC 104 Function of Test Frame Activation. (Added)

• IEC 104 STARTDT CON: An IEC 104 Function of Start Data Transfer Confirmation. (Added)

• IEC 104 STARTDT ACT: An IEC 104 Function of Start Data Transfer Activation. (Added)

• IEC 104 Double Point Info: An IEC 104 Type ID, M_DP_NA_1. Process information in monitor direction of Double point information. (Added)

• IEC 104 Monitor Bitstring 32 bit: An IEC 104 Type ID, M_BO_NA_1. Process information in monitor direction of Bit string of 32 bit. (Added)

• IEC 104 Measured Normalized: An IEC 104 Type ID, M_ME_NA_1. Process information in monitor direction of Measured value, normalized value. (Added)

• IEC 104 Measured Scaled: An IEC 104 Type ID, M_ME_NB_1. Process information in monitor direction of Measured value, scaled value. (Added)

• IEC 104 Integrated Totals: An IEC 104 Type ID, M_IT_NA_1. Process information in monitor direction of Integrated totals. (Added)

• IEC 104 Packed Single Point: An IEC 104 Type ID, M_PS_NA_1. Process information in monitor direction of Packed single-point information with status change detection. (Added)

• IEC 104 Measured Normalized without Quality Descriptor: An IEC 104 Type ID, M_ME_ND_1. Process information in monitor direction of Measured value, normalized value without quality descriptor. (Added)

• IEC 104 Double Point Info with Long Time: An IEC 104 Type ID, M_DP_TB_1. Process telegrams of Double point information with time tag CP56Time2a. (Added)

• IEC 104 Step Position Info with Long Time: An IEC 104 Type ID, M_ST_TB_1. Process telegrams of Step position information with time tag CP56Time2a. (Added)

• IEC 104 Bitstring 32 bit with Long Time: An IEC 104 Type ID, M_BO_TB_1. Process telegrams of Bit string of 32 bit with time tag CP56Time2a. (Added)

• IEC 104 Measured Scaled with Long Time: An IEC 104 Type ID, M_ME_TE_1. Process telegrams of Measured value, scaled value with time tag CP56Time2a. (Added)

• IEC 104 Measured Short Float with Long Time: An IEC 104 Type ID, M_ME_TF_1. Process telegrams of Measured value, short floating-point value with time tag CP56Time2a. (Added)

• IEC 104 Integrated Totals with Long Time: An IEC 104 Type ID, M_IT_TB_1. Process telegrams of Integrated totals with time tag CP56Time2a. (Added)

• IEC 104 Event of Protection with Long Time: An IEC 104 Type ID, M_EP_TD_1. Process telegrams of Event of protection equipment with time tag CP56Time2a. (Added)

• IEC 104 Packed Start Event with Long Time: An IEC 104 Type ID, M_EP_TE_1. Process telegrams of Packed start events of protection equipment with time tag CP56Time2a. (Added)

• IEC 104 Packed Output Circuit Info with Long Time: An IEC 104 Type ID, M_EP_TF_1. Process telegrams of Packed output circuit information of protection equipment with time tag CP56Time2a. (Added)

• IEC 104 Single Command with Long Time: An IEC 104 Type ID, C_SC_TA_1. Command telegrams of Single command with time tag CP56Time2a. (Added)

• IEC 104 Double Command with Long Time: An IEC 104 Type ID, C_DC_TA_1. Command telegrams of Double command with time tag CP56Time2a. (Added)

• IEC 104 Regulating Step Command with Long Time: An IEC 104 Type ID, C_RC_TA_1. Command telegrams of Regulating step command with time tag CP56Time2a. (Added)

• IEC 104 Setpoint Command Normalized with Long Time: An IEC 104 Type ID, C_SE_TA_1. Command telegrams of Setpoint command, normalized value with time tag CP56Time2a. (Added)

• IEC 104 Setpoint Command Scaled with Long Time: An IEC 104 Type ID, C_SE_TB_1. Command telegrams of Setpoint command, scaled value with time tag CP56Time2a. (Added)

• IEC 104 Setpoint Command Short Float with Long Time: An IEC 104 Type ID, C_SE_TC_1. Command telegrams of Setpoint command, short floating point value with time tag CP56Time2a. (Added)

• IEC 104 Bitstring 32 bit Command with Long Time: An IEC 104 Type ID, C_BO_TA_1. Command telegrams of Bit string 32 bit with time tag CP56Time2a. (Added)

• IEC 104 Counter Interrogation Command: An IEC 104 Type ID, C_CI_NA_1. System information in control direction of Counter interrogation command. (Added)

• IEC 104 Read Command: An IEC 104 Type ID, C_RD_NA_1. System information in control direction of Read command. (Added)

• IEC 104 Clock Synchronization Command: An IEC 104 Type ID, C_CS_NA_1. System information in control direction of Clock synchronization command. (Added)

• IEC 104 Reset Process Command: An IEC 104 Type ID, C_RP_NC_1. System information in control direction of Reset process command. (Added)

• IEC 104 Test Command with Long Time: An IEC 104 Type ID, C_TS_TA_1. System information in control direction of Test command with time tag CP56Time2a. (Added)

• IEC 104 Parameter of Measured Normalized: An IEC 104 Type ID, P_ME_NA_1. Parameter in control direction of measured value, normalized value. (Added)

• IEC 104 Parameter of Measured Scaled: An IEC 104 Type ID, P_ME_NB_1. Parameter in control direction of measured value, scaled value. (Added)

• IEC 104 Parameter of Measured Short Float: An IEC 104 Type ID, P_ME_NC_1. Parameter in control direction of measured value, short floating point value. (Added)

• IEC 104 Parameter Activation: An IEC 104 Type ID, P_AC_NA_1. Parameter in control direction of Parameter activation. (Added)

• IEC 104 File Ready: An IEC 104 Type ID, F_FR_NA_1. File ready in file transfer. (Added)

• IEC 104 Section Ready: An IEC 104 Type ID, F_SR_NA_1. Section ready in file transfer. (Added)

• IEC 104 Call directory Select File: An IEC 104 Type ID, F_SC_NA_1. Call directory, select file, call file, call section. (Added)

• IEC 104 Last Section Last Segment: An IEC 104 Type ID, F_LS_NA_1. Last section, last segment in file transfer. (Added)

• IEC 104 Ack File Ack Section: An IEC 104 Type ID, F_AF_NA_1. Act file, Act section in file transfer. (Added)

• IEC 104 List Segment: An IEC 104 Type ID, F_SG_NA_1. List Segment in file transfer. (Added)

• IEC 104 List Directory: An IEC 104 Type ID, F_DR_TA_1. List Directory in file transfer. (Added)

• IEC 104 Query Log: An IEC 104 Type ID, F_SC_NB_1. Query Log in file transfer. (Added)

• Modbus Read Coils: The Read Coils command is a function code in the Modbus Serial Communication Protocol. (Added)

• Modbus Read Discrete Inputs: The Read Discrete Inputs command is a function code in the Modbus Serial Communication Protocol. (Added)

• Modbus Read Holding Registers: The Read Holding Registers command is a function code in the Modbus Serial Communication Protocol. (Added)

• Modbus Read Input Registers: The Read Input Registers command is a function code in the Modbus Serial Communication Protocol. (Added)

• Modbus Write Single Coil: The Write Single Coil command is a function code in the Modbus Serial Communication Protocol. (Added)

• Modbus Write Single Register: The Write Single Register command is a function code in the Modbus Serial Communication Protocol. (Added)

• Modbus Write Multiple Coils: The Write Multiple Coils command is a function code in the Modbus Serial Communication Protocol. (Added)

• Modbus Write Multiple Registers: The Write Multiple Registers command is a function code in the Modbus Serial Communication Protocol. (Added)

• Modbus Read File Record: The Read File Record command is a function code in the Modbus Serial Communication Protocol. (Added)

• Modbus Write File Record: The Write File Record command is a function code in the Modbus Serial Communication Protocol. (Added)

• Modbus Mask Write Register: The Mask Write Register command is a function code in the Modbus Serial Communication Protocol. (Added)

• Modbus Read/Write Multiple Registers: The Read/Write Multiple Registers command is a function code in the Modbus Serial Communication Protocol. (Added)

• Modbus Read FIFO Queue: The Read FIFO Queue command is a function code in the Modbus Serial Communication Protocol. (Added)

• Modbus Encapsulated Interface Transport: The Modbus Encapsulated Interface Transport command is a function code in the Modbus Serial Communication Protocol. (Added)

Client Detectors:

• TextMe: Added patterns to cover web client (Updated)

Web Application Detectors:

• Hopster: A couponing site (Removed)

• J&R: Computer and electronics retailer. (Removed)

• Writeboard: Collaborative web based text editor. (Removed)

• Diamond Dash: Matching game for Facebook. (Removed)

• Family Tree: Family-oriented social networking app for facebook (Removed)

• Google Maps: Added the ‘decrypted traffic’ tag (Updated)

• Babylon: Removed from ‘search engine’ category (Updated)

• Yellow Pages: Removed the tag ‘share video’ and ‘multimedia (TV/video)’ (Updated)

• Yandex: Removed the ‘webmail’ tag (Updated)

• Redbox Instant: Rental and online movie/game. (Removed)

• Microsoft Excel: Modified for added coverage (Updated)

• Boxoh: A site that aggregates shipment tracking from different shipping providers. (Removed)

• Adenin: Removed from ‘search engine’ category (Updated)

• Squidoo: Social blogging site. (Removed)

• Wikispaces: Wiki hosting site. (Removed)

• 24/7 Media: Advertisement site. (Removed)

• Effective Measure: App renamed to Narratiive (Updated)

• Nugg: Advertisement site. (Removed)

• Yabuka: Advertisement site. (Removed)

• X Plus One: Advertisement site. (Removed)

• DC Storm: Advertisement site. (Removed)

• Ultrasurf: Modified to fix false positives on traffic from Firefox browser (Updated)

• PointRoll: Advertising company. (Removed)

• ESPN Video: Modified for added coverage (Updated)

• Amazon Cloud Drive: Modified for added coverage (Updated)

• Amazon Cloud Drive Upload: Modified for added coverage (Updated)

• Myspace Music: Modified for added coverage (Updated)

• Mgoon: Korean Entertainment web portal. (Removed)

• Seterus: Loan servicing company. (Removed)

• Cassandra: Free and open-source NoSQL database management system. (Added)

• Yum: Package management tool for RPM based Linux operating systems. (Added)

• TeamViewer: Modified for added coverage (Updated)

• Facebook: Modified for added coverage (Updated)

• Google: Modified for added coverage (Updated)

• Microsoft: Modified for added coverage (Updated)

• Microsoft Azure: Modified for added coverage (Updated)

• VPN Monster: Modified for added UDP coverage (Updated)

• Orange: Added coverage for decryption patterns. (Updated)

FireSIGHT/Firepower Detector Updates:

• no additions or modifications

File Type Detector Details:

• no additions or modifications

Snort ID Vulnerability Reference Details:

• CVE 2013-2028 - Snort Reference ID 108,16,8 (Added)

• CVE 2014-3120 - Snort Reference ID 33830,36256,44690,57129,57130,57131 (Added)

• CVE 2015-0050 - Snort Reference ID 33053,33358 (Added)

• CVE 2017-0199 - Snort Reference ID 42189, 42190, 42229, 42230, 42231, 45519, 45520, 52481, 52482, 57063, 57064, 57065, 57066 (Added)

• CVE 2017-8965 - Snort Reference ID 57188 (Added)

• CVE 2017-11882 - Snort Reference ID 44989, 44990, 45132, 45133, 45134, 45135, 45466, 45467, 45511, 45512, 49775, 49776, 50684, 50685, 53090, 54620, 54621, 57054, 57055 (Added)

• CVE 2017-18344 - Snort Reference ID 57156,57157 (Added)

• CVE 2018-1156 - Snort Reference ID 57176,57177 (Added)

• CVE 2018-11472 - Snort Reference ID 57126,57127 (Added)

• CVE 2018-11473 - Snort Reference ID 57178,57179 (Added)

• CVE 2019-5544 - Snort Reference ID 57111,57112 (Added)

• CVE 2019-11707 - Snort Reference ID 50518,50519,57180,57181 (Added)

• CVE 2019-19781 - Snort Reference ID 300001,52512,52513,52603,52620,52662 (Added)

• CVE 2020-4006 - Snort Reference ID 57182,57183,57184,57185 (Added)

• CVE 2020-6088 - Snort Reference ID 53126 (Added)

• CVE 2020-13546 - Snort Reference ID 55991,55992 (Added)

• CVE 2020-13548 - Snort Reference ID 56063,56064 (Added)

• CVE 2020-13550 - Snort Reference ID 56048,56049,56050 (Added)

• CVE 2020-13561 - Snort Reference ID 56158,56159,56160,56161 (Added)

• CVE 2020-13562 - Snort Reference ID 56145,56146 (Added)

• CVE 2020-13563 - Snort Reference ID 56143,56144 (Added)

• CVE 2020-13564 - Snort Reference ID 56145,56146 (Added)

• CVE 2020-13565 - Snort Reference ID 56152,56153 (Added)

• CVE 2020-13572 - Snort Reference ID 56365,56366 (Added)

• CVE 2020-13574 - Snort Reference ID 56211,56275 (Added)

• CVE 2020-13575 - Snort Reference ID 56507,56508 (Added)

• CVE 2020-13576 - Snort Reference ID 56509,56510 (Added)

• CVE 2020-13577 - Snort Reference ID 56307,56308 (Added)

• CVE 2020-13578 - Snort Reference ID 56297,56298 (Added)

• CVE 2020-13579 - Snort Reference ID 56226,56227,56228,56229 (Added)

• CVE 2020-13580 - Snort Reference ID 56212,56213 (Added)

• CVE 2020-13581 - Snort Reference ID 56209,56210 (Added)

• CVE 2020-13582 - Snort Reference ID 56199 (Added)

• CVE 2020-13585 - Snort Reference ID 56451,56452 (Added)

• CVE 2020-13586 - Snort Reference ID 56389,56390 (Added)

• CVE 2020-13942 - Snort Reference ID 56990 (Added)

• CVE 2020-13951 - Snort Reference ID 56989 (Added)

• CVE 2020-14343 - Snort Reference ID 56223,56224 (Added)

• CVE 2020-16846 - Snort Reference ID 57048,57049 (Added)

• CVE 2020-25159 - Snort Reference ID 57155 (Added)

• CVE 2020-27247 - Snort Reference ID 56526,56527 (Added)

• CVE 2020-27248 - Snort Reference ID 56526,56527 (Added)

• CVE 2020-27249 - Snort Reference ID 56526,56527 (Added)

• CVE 2020-27250 - Snort Reference ID 56526,56527 (Added)

• CVE 2020-28595 - Snort Reference ID 56727,56728 (Added)

• CVE 2021-1138 - Snort Reference ID 56955 (Added)

• CVE 2021-1139 - Snort Reference ID 56953 (Added)

• CVE 2021-1140 - Snort Reference ID 56938,56939,56940,56941 (Added)

• CVE 2021-1141 - Snort Reference ID 56945 (Added)

• CVE 2021-1142 - Snort Reference ID 56955 (Added)

• CVE 2021-1247 - Snort Reference ID 56947 (Added)

• CVE 2021-1248 - Snort Reference ID 56954 (Added)

• CVE 2021-1264 - Snort Reference ID 56950 (Added)

• CVE 2021-1272 - Snort Reference ID 56956 (Added)

• CVE 2021-1280 - Snort Reference ID 56893,56894 (Added)

• CVE 2021-1289 - Snort Reference ID 57087,57093 (Added)

• CVE 2021-1290 - Snort Reference ID 57091 (Added)

• CVE 2021-1291 - Snort Reference ID 57094 (Added)

• CVE 2021-1292 - Snort Reference ID 57088,57089 (Added)

• CVE 2021-1293 - Snort Reference ID 57097 (Added)

• CVE 2021-1294 - Snort Reference ID 57076 (Added)

• CVE 2021-1295 - Snort Reference ID 57092 (Added)

• CVE 2021-1296 - Snort Reference ID 57074 (Added)

• CVE 2021-1297 - Snort Reference ID 57072 (Added)

• CVE 2021-1298 - Snort Reference ID 56946 (Added)

• CVE 2021-1299 - Snort Reference ID 56942,56943,56944 (Added)

• CVE 2021-1302 - Snort Reference ID 56957 (Added)

• CVE 2021-1304 - Snort Reference ID 56958,56959,56960,56961,56962 (Added)

• CVE 2021-1305 - Snort Reference ID 56963 (Added)

• CVE 2021-1314 - Snort Reference ID 57086 (Added)

• CVE 2021-1315 - Snort Reference ID 57086 (Added)

• CVE 2021-1316 - Snort Reference ID 57086 (Added)

• CVE 2021-1317 - Snort Reference ID 57095,57096 (Added)

• CVE 2021-1318 - Snort Reference ID 57084,57085 (Added)

• CVE 2021-1319 - Snort Reference ID 57090 (Added)

• CVE 2021-1320 - Snort Reference ID 57069 (Added)

• CVE 2021-1321 - Snort Reference ID 57069 (Added)

• CVE 2021-1322 - Snort Reference ID 57101 (Added)

• CVE 2021-1323 - Snort Reference ID 57068 (Added)

• CVE 2021-1324 - Snort Reference ID 57068 (Added)

• CVE 2021-1325 - Snort Reference ID 57090 (Added)

• CVE 2021-1327 - Snort Reference ID 57082 (Added)

• CVE 2021-1328 - Snort Reference ID 57077 (Added)

• CVE 2021-1329 - Snort Reference ID 57113 (Added)

• CVE 2021-1330 - Snort Reference ID 57114 (Added)

• CVE 2021-1331 - Snort Reference ID 57099 (Added)

• CVE 2021-1332 - Snort Reference ID 57098 (Added)

• CVE 2021-1333 - Snort Reference ID 57073 (Added)

• CVE 2021-1334 - Snort Reference ID 57073 (Added)

• CVE 2021-1335 - Snort Reference ID 57113 (Added)

• CVE 2021-1336 - Snort Reference ID 57110 (Added)

• CVE 2021-1337 - Snort Reference ID 57109 (Added)

• CVE 2021-1338 - Snort Reference ID 57075 (Added)

• CVE 2021-1339 - Snort Reference ID 57102 (Added)

• CVE 2021-1340 - Snort Reference ID 57102 (Added)

• CVE 2021-1341 - Snort Reference ID 57105 (Added)

• CVE 2021-1342 - Snort Reference ID 57077 (Added)

• CVE 2021-1343 - Snort Reference ID 57078,57079,57080,57081 (Added)

• CVE 2021-1344 - Snort Reference ID 57113 (Added)

• CVE 2021-1345 - Snort Reference ID 57114 (Added)

• CVE 2021-1346 - Snort Reference ID 57083 (Added)

• CVE 2021-1347 - Snort Reference ID 57100 (Added)

• CVE 2021-1348 - Snort Reference ID 57113 (Added)

• CVE 2021-1648 - Snort Reference ID 57061,57062 (Added)

• CVE 2021-2109 - Snort Reference ID 57158,57159 (Added)

• CVE 2021-21017 - Snort Reference ID 57137,57138 (Added)

• CVE 2021-25274 - Snort Reference ID 57161 (Added)

For information on obtaining documentation, using the Cisco Bug Search Tool (BST), submitting a service request, and gathering additional information about Cisco Firepower devices, see What's New in Cisco Product Documentation.

Subscribe to What's New in Cisco Product Documentation, which lists all new and revised Cisco technical documentation, as an RSS feed and deliver content directly to your desktop using a reader application. The RSS feeds are a free service. If you have any questions or require assistance with Cisco ASA devices, please contact Cisco Support:

• Note: To open a TAC request, you must first register for a Cisco.com user ID

• Once you have a Cisco.com user ID, you may initiate or check on the status of a service request online or contacting the TAC by phone:

  • U.S. - 1-800-553-2447 Toll Free

  • International support numbers

• For additional information on obtaining technical support through the TAC, please consult the Technical Support Reference Guide (PDF - 1 MB)

The Talos Security Intelligence and Research Group (Talos) is made up of leading threat researchers supported by sophisticated systems to create threat intelligence for Cisco products that detects, analyzes and protects against both known and emerging threats. Talos maintains the official rule sets of Snort.org, ClamAV, SenderBase.org and SpamCop. The team's expertise spans software development, reverse engineering, vulnerability triage, malware investigation and intelligence gathering.