Release Notes for Cisco Vulnerability Database (VDB) Update 307

About the Cisco Vulnerability Database

The Cisco vulnerability database (VDB) is a database of known vulnerabilities to which hosts may be susceptible, as well as fingerprints for operating systems, clients, and applications. The system uses the VDB to help determine whether a particular host increases your risk of compromise.

The Cisco Talos Security Intelligence and Research Group (Talos) issues periodic updates to the VDB. The time it takes to update the VDB and its associated mappings on the Firepower Management Center depends on the number of hosts in your network map. As a rule of thumb, divide the number of hosts by 1000 to determine the approximate number of minutes to perform the update.

You can find VDB updates on the VDB Software Downloads page on Cisco.com.

About the Cisco Firepower Application Detector Reference

The Cisco Firepower Application Detector Reference contains the release notes and information about the application detectors supported in the VDB release. For each application listed in the reference, you can find the following information:

  • Description—A brief description of the application.

  • Categories—A general classification for the application that describes its most essential function. Example categories include web services provider, e-commerce, ad portal, and social networking.

  • Tags—Predefined tags that provide additional information about the application. Example tags include webmail, SSL protocol, file sharing/transfer, and displays ads. An application can have zero, one, or more tags.

  • Risk—The likelihood that the application is used for purposes that might be against your organization’s security policy. The risk levels are Very High, High, Medium, Low, and Very Low.

  • Business Relevance—The likelihood that the application is used within the context of your organization’s business operations, as opposed to recreationally. The relevance levels are Very High, High, Medium, Low, and Very Low.

Supported Platforms and Software Versions

This guide relates to Vulnerability Database Updates installed via the following software versions on the following platforms:

Sourcefire 3D System/Firepower System Version 5.x:

  • Cisco FireSIGHT Management Centers (formerly Defense Centers)

Firepower Version 6.x:

  • Cisco Firepower Management Centers (formerly Defense Centers/FireSIGHT Management Centers)

Supported Detector Types

The following Detector Types are supported:

  • application protocol

  • client

  • web application

Total Applications Supported in Vulnerability Database Update 307

Cisco Vulnerability Database (VDB) Update 307 supports 3,608 applications.

Vulnerability Database Update 307 Changelog

This section describes the changes from VDB 305 (6:14:44 PM on October 22nd, 2018 UTC) to VDB 307 (8:30:45 PM on November 29th, 2018 UTC).

Application Protocol Detectors

Total Added:

0

Total Removed:

1

Total Updated

0

Client Detectors

Total Added:

0

Total Removed:

0

Total Updated

0

Web Application Detectors

Total Added:

5

Total Removed:

2

Total Updated

0

FireSIGHT/Firepower Detector Updates

Total Added:

3

Total Removed:

3

Total Updated

11

Operating System Fingerprint Details

Total Added:

0

Total Removed:

0

Total Updated

0

Operating System and Hardware Fingerprint Details

Total Added:

0

Total Removed:

0

Total Updated

0

Vulnerability References

Total Added:

0

Total Removed:

0

Total Updated

0

Fingerprint References

Total Added:

0

Total Removed:

0

Total Updated

0

File Type Detectors

Total Added:

0

Total Removed:

0

Total Updated

0

Operating System Fingerprint Details:

  • no additions or modifications

Operating System and Hardware Fingerprint Details:

  • no additions or modifications

Fingerprint Reference Details:

  • no additions or modifications

Application Protocol Detectors:

  • TURN Client: Obsolete in all product versions (removed)

Client Detectors:

  • no additions or modifications

Web Application Detectors:

  • Azure cloud portal: Microsoft Azure cloud service portal. (added)

  • Exchange Online: Traffic associated with Exchange Online, such as visiting outlook.com. (added)

  • Microsoft: Official Microsoft website. (added)

  • Microsoft Stream: Enterprise video streaming and sharing software. (added)

  • HTTP/SSL Tunnel: Obsolete in product version 6.4 (removed)

  • Office 365: Traffic generated by MS Office 365 applications and web services. (removed)

  • OneDrive: Microsoft cloud storage offering, successor to SkyDrive. (added)

FireSIGHT/Firepower Detector Updates:

  • Microsoft CRM Dynamics: Microsoft product for sales, marketing and service sector. (added)

  • Common VPN Traffic: Secondary, unidenfiable VPN traffic for either TurboVPN, VPN Master, ZenMate, or Kproxy. (added)

  • DAAP: Apple iTunes protocol. (added)

  • Azure cloud portal: Microsoft Azure cloud service portal. (removed)

  • Microsoft Dynamics CRM: Microsoft customer relations management software. (removed)

  • Skype Messenger: Skype instant messaging. (removed)

  • IBVPN: Improvements of the detection for the IBVPN application (updated)

  • Netweaver: Improvements on the detection for the Netweaver application (updated)

  • Viber: Improvements on the detection for the Viber application (updated)

  • Gmail: Improvements on the detection over Gmail where it was previous recognized as Google (updated)

  • Google Maps: Improvements on the detection over Google Maps where it was previous recognized as Google (updated)

  • FTP: Improvements over the FTP application protocol (updated)

  • iPerf: Improvements on the detection for the iPerf traffic (updated)

  • Zenmate: Improvements over the Zenmate VPN application (updated)

  • Onavo: Improvements over the Onavo VPN application (updated)

  • DAAP: Improvements on the recognition for the Digital Audio Access Protocol (DAAP). (updated)

  • Freegate: Improvements on the detection of the Freegate application (updated)

File Type Detector Details:

  • no additions or modifications

Snort ID Vulnerability Reference Details:

  • no additions or modifications

For Assistance

For information on obtaining documentation, using the Cisco Bug Search Tool (BST), submitting a service request, and gathering additional information about Cisco Firepower devices, see What's New in Cisco Product Documentation.

Subscribe to What's New in Cisco Product Documentation, which lists all new and revised Cisco technical documentation, as an RSS feed and deliver content directly to your desktop using a reader application. The RSS feeds are a free service. If you have any questions or require assistance with Cisco ASA devices, please contact Cisco Support:

  • Note: To open a TAC request, you must first register for a Cisco.com user ID

  • Once you have a Cisco.com user ID, you may initiate or check on the status of a service request online or contacting the TAC by phone:

  • For additional information on obtaining technical support through the TAC, please consult the Technical Support Reference Guide (PDF - 1 MB)

About Talos

The Talos Security Intelligence and Research Group (Talos) is made up of leading threat researchers supported by sophisticated systems to create threat intelligence for Cisco products that detects, analyzes and protects against both known and emerging threats. Talos maintains the official rule sets of Snort.org, ClamAV, SenderBase.org and SpamCop. The team's expertise spans software development, reverse engineering, vulnerability triage, malware investigation and intelligence gathering.