This SRU number: 2020-04-15-001
Previous SRU number: 2020-04-13-001
Applies to:
This SEU number: 2153
Previous SEU: 2152
Applies to:
This is the complete list of rules added in SRU 2020-04-15-001 and SEU 2153.
The format of the file is:
GID - SID - Rule Group - Rule Message - Policy State
The Policy State refers to each default Cisco Talos policy, Connectivity, Balanced, Security, and Maximum Detection.
The default passive policy state is the same as the Balanced policy state with the exception of alert being used instead of drop.
Note: Unless stated explicitly, the rules are for the series of products listed above.
| GID | SID | Rule Group | Rule Message | Policy State | |||
|---|---|---|---|---|---|---|---|
| Con. | Bal. | Sec. | Max. | ||||
| 3 | 53660 | FILE-OTHER | Cisco Webex Network Recording Player memory corruption attempt | off | off | drop | drop |
| 3 | 53661 | FILE-OTHER | Cisco Webex Network Recording Player memory corruption attempt | off | off | drop | drop |
| 1 | 53662 | MALWARE-OTHER | Win.Trojan.MedusaLocker malicious executable download attempt | off | off | off | drop |
| 1 | 53663 | MALWARE-OTHER | Win.Trojan.MedusaLocker malicious executable download attempt | off | off | drop | drop |
| 1 | 53664 | MALWARE-OTHER | Win.Trojan.MedusaLocker malicious executable download attempt | off | off | drop | drop |
| 1 | 53665 | MALWARE-OTHER | Win.Trojan.MedusaLocker malicious executable download attempt | off | off | drop | drop |
| 3 | 53666 | SERVER-OTHER | Cisco Wireless Lan Controller CAPWAP out of bounds access attempt | off | off | drop | drop |
| 3 | 53667 | POLICY-OTHER | Cisco Unified Communications Manager TAPS RMI method lookup detected | off | off | off | off |
| 3 | 53669 | SERVER-WEBAPP | Cisco IP Phone libHTTPService.so stack buffer overflow attempt | off | off | drop | drop |
| 3 | 53670 | SERVER-WEBAPP | Cisco IP Phone libHTTPService.so stack buffer overflow attempt | off | off | drop | drop |
| 3 | 53671 | SERVER-WEBAPP | Cisco UCS Director authentication bypass attempt | off | drop | drop | drop |
| 3 | 53672 | SERVER-WEBAPP | Cisco UCS Director REST API directory traversal attempt | off | drop | drop | drop |
| 3 | 53673 | SERVER-WEBAPP | Cisco UCS Director REST API directory traversal attempt | off | drop | drop | drop |
| 3 | 53674 | SERVER-WEBAPP | Cisco UCS Director REST API directory traversal attempt | off | drop | drop | drop |
| 3 | 53675 | SERVER-WEBAPP | Cisco UCS Director LargeFileUploadServlet directory traversal attempt | off | drop | drop | drop |
| 3 | 53676 | SERVER-WEBAPP | Cisco UCS Director LargeFileUploadServlet directory traversal attempt | off | drop | drop | drop |
| 3 | 53677 | SERVER-WEBAPP | Cisco UCS Director ClientServlet directory traversal attempt | off | drop | drop | drop |
| 3 | 53678 | SERVER-WEBAPP | Cisco UCS Director ClientServlet directory traversal attempt | off | drop | drop | drop |
| 3 | 53679 | SERVER-WEBAPP | Cisco UCS Director ClientServlet directory traversal attempt | off | drop | drop | drop |
| 3 | 53680 | SERVER-WEBAPP | Cisco UCS Director filename directory traversal attempt | off | drop | drop | drop |
| 3 | 53681 | SERVER-WEBAPP | Cisco UCS Director arbitrary JSP file upload attempt | off | drop | drop | drop |
| 3 | 53682 | SERVER-WEBAPP | Cisco Mobility Express cross site request forgery attempt | off | off | drop | drop |
| 3 | 53683 | SERVER-WEBAPP | Cisco Mobility Express cross site request forgery attempt | off | off | drop | drop |
| 3 | 53684 | FILE-OTHER | TRUFFLEHUNTER TALOS-2020-1047 attack attempt | off | off | drop | drop |
| 3 | 53685 | FILE-OTHER | TRUFFLEHUNTER TALOS-2020-1047 attack attempt | off | off | drop | drop |
| GID | SID | Rule Group | Rule Message | Policy State | |||
|---|---|---|---|---|---|---|---|
| Con. | Bal. | Sec. | Max. | ||||
| 3 | 53668 | SERVER-OTHER | Cisco Unified Communications Manager TAPS RMI directory traversal attempt | off | drop | drop | drop |