Cisco Talos Update for FireSIGHT Management Center

Date: 2020-06-18

This SRU number: 2020-06-17-001
Previous SRU number: 2020-06-15-001

Applies to:

This SEU number: 2177
Previous SEU: 2176

Applies to:

This is the complete list of rules added in SRU 2020-06-17-001 and SEU 2177.

The format of the file is:

GID - SID - Rule Group - Rule Message - Policy State

The Policy State refers to each default Cisco Talos policy, Connectivity, Balanced, Security, and Maximum Detection.

The default passive policy state is the same as the Balanced policy state with the exception of alert being used instead of drop.

Note: Unless stated explicitly, the rules are for the series of products listed above.

New Rules:

High Priority
GIDSIDRule GroupRule MessagePolicy State
Con.Bal.Sec.Max.
154316MALWARE-OTHERWin.Downloader.Jqht-8069377-0 download attemptoffoffoffdrop
154317MALWARE-OTHERWin.Downloader.Jqht-8069377-0 download attemptoffoffoffdrop
154318MALWARE-CNCWin.Trojan.Azorult variant outbound connection attemptoffdropdropdrop
154319SERVER-WEBAPPVMWare Cloud Director Java expression language injection attemptoffdropdropdrop
354320SERVER-WEBAPPCisco RV Series Routers command injection attemptoffoffdropdrop
354321SERVER-WEBAPPCisco RV Series Routers command injection attemptoffoffdropdrop
354322SERVER-WEBAPPCisco RV Series Routers command injection attemptoffoffdropdrop
354323SERVER-WEBAPPCisco RV Series Routers command injection attemptoffoffdropdrop
354324SERVER-WEBAPPCisco RV Series Routers command injection attemptoffoffdropdrop
354325SERVER-WEBAPPCisco RV Series Routers command injection attemptoffoffdropdrop
354326SERVER-WEBAPPCisco RV Series Routers command injection attemptoffoffdropdrop
354327SERVER-WEBAPPCisco RV Series Routers command injection attemptoffoffdropdrop
354328SERVER-WEBAPPCisco RV Series Routers command injection attemptoffoffdropdrop
354329SERVER-WEBAPPCisco RV Series Routers command injection attemptoffoffdropdrop
354330SERVER-WEBAPPCisco RV Series Routers command injection attemptoffoffdropdrop
354331SERVER-WEBAPPCisco RV Series Routers command injection attemptoffoffdropdrop
354332POLICY-OTHERCisco TelePresence API SoftwareUpgrade SystemUnit command detectedoffoffoffoff
354333SERVER-WEBAPPCisco RV Series Routers stack buffer overflow attemptoffoffdropdrop
354334SERVER-WEBAPPCisco RV Series Routers stack buffer overflow attemptoffoffdropdrop
354335SERVER-WEBAPPCisco RV Series Routers stack buffer overflow attemptoffoffdropdrop
354336SERVER-WEBAPPCisco RV Series Routers stack buffer overflow attemptoffoffdropdrop
354337SERVER-WEBAPPCisco RV Series Routers stack buffer overflow attemptoffoffdropdrop
354338SERVER-WEBAPPCisco RV Series Routers stack buffer overflow attemptoffoffdropdrop
354339SERVER-WEBAPPCisco RV Series Routers stack buffer overflow attemptoffoffdropdrop
354340SERVER-WEBAPPCisco RV Series Routers stack buffer overflow attemptoffoffdropdrop
354341SERVER-WEBAPPCisco RV Series Routers stack buffer overflow attemptoffoffdropdrop
354342SERVER-WEBAPPCisco RV Series Routers stack buffer overflow attemptoffoffdropdrop
354343SERVER-WEBAPPCisco RV Series Routers command injection attemptoffoffdropdrop
354344SERVER-WEBAPPCisco RV Series Routers command injection attemptoffoffdropdrop
354345SERVER-WEBAPPCisco RV Series Routers command injection attemptoffoffdropdrop
354346SERVER-WEBAPPCisco RV Series Routers command injection attemptoffoffdropdrop
354347SERVER-WEBAPPCisco RV Series Routers stack buffer overflow attemptoffoffdropdrop
354348SERVER-WEBAPPCisco RV Series Routers stack buffer overflow attemptoffoffdropdrop
354349SERVER-WEBAPPCisco RV Series Routers stack buffer overflow attemptoffoffdropdrop
354350SERVER-WEBAPPCisco RV Series Routers stack buffer overflow attemptoffoffdropdrop
354351SERVER-WEBAPPCisco RV Series Routers stack buffer overflow attemptoffoffdropdrop
354352SERVER-WEBAPPCisco RV Series Routers stack buffer overflow attemptoffoffdropdrop
354353SERVER-WEBAPPCisco RV Series Routers stack buffer overflow attemptoffoffdropdrop
354354SERVER-WEBAPPCisco RV Series Routers stack buffer overflow attemptoffoffdropdrop
354355SERVER-WEBAPPCisco RV Series Routers stack buffer overflow attemptoffoffdropdrop
354356SERVER-WEBAPPCisco RV Series Routers stack buffer overflow attemptoffoffdropdrop
154357MALWARE-CNCWin.Trojan.Delf variant outbound connectionoffdropdropdrop
354358BROWSER-OTHERCisco Webex Meetings Desktop App arbitrary program execution attemptoffoffdropdrop
354359BROWSER-OTHERCisco Webex Meetings Desktop App arbitrary program execution attemptoffoffdropdrop
354360BROWSER-OTHERCisco Webex Meetings Desktop App arbitrary program execution attemptoffoffdropdrop
354361BROWSER-OTHERCisco Webex Meetings Desktop App arbitrary program execution attemptoffoffdropdrop
354362BROWSER-OTHERCisco Webex Meetings Desktop App arbitrary program execution attemptoffoffdropdrop
354363BROWSER-OTHERCisco Webex Meetings Desktop App arbitrary program execution attemptoffoffdropdrop
354364BROWSER-OTHERCisco Webex Meetings Desktop App arbitrary program execution attemptoffoffdropdrop
354365BROWSER-OTHERCisco Webex Meetings Desktop App arbitrary program execution attemptoffoffdropdrop
354366BROWSER-OTHERCisco Webex Meetings Desktop App arbitrary program execution attemptoffoffdropdrop
354367BROWSER-OTHERCisco Webex Meetings Desktop App arbitrary program execution attemptoffoffdropdrop
354368BROWSER-OTHERCisco Webex Meetings Desktop App arbitrary program execution attemptoffoffdropdrop
354369BROWSER-OTHERCisco Webex Meetings Desktop App arbitrary program execution attemptoffoffdropdrop
354370BROWSER-OTHERCisco Webex Meetings Desktop App arbitrary program execution attemptoffoffdropdrop
354371BROWSER-OTHERCisco Webex Meetings Desktop App arbitrary program execution attemptoffoffdropdrop
354372BROWSER-OTHERCisco Webex Meetings Desktop App arbitrary program execution attemptoffoffdropdrop