Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Update Details

Security Intelligence Center
Print

Update #3039 (02/22/2018)

7 new signatures:

HIGHHTTP:STC:ADOBE:CVE-2018-4882RCEHTTP: Adobe Reader CVE-2018-4882 Remote Code Execution
HIGHHTTP:STC:ADOBE:CVE-2018-4905RCEHTTP: Acrobat Reader CVE-2018-4905 Remote Code Execution
HIGHHTTP:STC:ADOBE:CVE-2018-4891HTTP: Adobe Acrobat Reader CVE-2018-4891 Out of Bounds Remote Code Execution
HIGHHTTP:NETVAULT-AUTH-BYPSSHTTP: Quest NetVault Backup Multipart Request checksession Authentication Bypass
HIGHHTTP:CISCO:CVE-2018-0101-CEHTTP: Cisco Adaptive Security Appliance Webvpn XML Parser Double Free
HIGHHTTP:DIR:SCADA-WEBACCESS-DIRHTTP: Advantech WebAccess SCADA certUpdate.asp filename Directory Traversal
HIGHHTTP:STC:JAVA:HPE-JAVA-RCEHTTP: HPE Intelligent Management Center Insecure Deserialization

2 updated signatures:

MEDIUMSSL:VULN:CISCO-PRIME-FILEDELSSL: Cisco Prime Collaboration Provisioning Arbitrary File Deletion
HIGHHTTP:STC:ADOBE:CVE-2017-16418HTTP: Adobe Reader CVE-2017-16418 Remote Code Execution


Details of the signatures included within this bulletin:

HTTP:STC:ADOBE:CVE-2018-4882RCE - HTTP: Adobe Reader CVE-2018-4882 Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Adobe Reader. A successful attack can lead to Remote Code Execution.

Supported On:

isg-3.5.141652, idp-5.1.110161014, mx-11.4, idp-4.1.0, mx-16.1, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, j-series-9.5, srx-12.1, srx-branch-12.1, vsrx-12.1, vsrx-15.1

References:

  • cve: CVE-2018-4882

HTTP:STC:ADOBE:CVE-2017-16418 - HTTP: Adobe Reader CVE-2017-16418 Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Adobe Reader. A successful attack can lead to arbitrary code execution.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1

References:

  • cve: CVE-2017-16418
  • bugtraq: 102140

Affected Products:

  • Adobe acrobat_reader 17.011.30059
  • Adobe acrobat_reader_dc 15.006.30119
  • Adobe acrobat_dc 17.012.20093
  • Adobe acrobat_reader_dc 15.006.30280
  • Adobe acrobat_dc 15.006.30354
  • Adobe acrobat_dc 15.016.20045
  • Adobe acrobat_reader_dc 15.006.30306
  • Adobe acrobat_reader_dc 15.006.30352
  • Adobe acrobat 11.0.22
  • Adobe acrobat_dc 15.009.20077
  • Adobe acrobat_reader_dc 15.009.20071
  • Adobe acrobat_dc 15.006.30306
  • Adobe acrobat_dc 15.006.30119
  • Adobe acrobat_reader_dc 15.006.30060
  • Adobe acrobat_dc 15.006.30352
  • Adobe acrobat_reader_dc 15.006.30354
  • Adobe acrobat_reader_dc 15.020.20039
  • Adobe acrobat_reader_dc 15.006.30094
  • Adobe acrobat_dc 15.009.20071
  • Adobe acrobat_reader_dc 17.012.20095
  • Adobe acrobat_reader_dc 15.009.20077
  • Adobe acrobat_reader_dc 15.006.30096
  • Adobe acrobat_reader_dc 15.023.20053
  • Adobe acrobat_dc 15.006.30060
  • Adobe acrobat_dc 15.020.20039
  • Adobe acrobat_reader_dc 15.009.20079
  • Adobe acrobat_dc 15.023.20056
  • Adobe acrobat_dc 15.006.30096
  • Adobe acrobat_dc 15.006.30094
  • Adobe acrobat_dc 15.023.20053
  • Adobe acrobat_dc 15.009.20079
  • Adobe acrobat_dc 15.006.30244
  • Adobe acrobat_dc 15.010.20056
  • Adobe acrobat_reader_dc 15.006.30201
  • Adobe acrobat_reader_dc 15.006.30244
  • Adobe acrobat_reader_dc 15.010.20056
  • Adobe acrobat_reader_dc 17.012.20098
  • Adobe acrobat_reader 17.011.30065
  • Adobe acrobat_reader_dc 15.017.20053
  • Adobe acrobat_reader_dc 15.006.30279
  • Adobe acrobat_dc 15.006.30172
  • Adobe acrobat_reader_dc 15.006.30174
  • Adobe acrobat_dc 17.012.20098
  • Adobe acrobat 17.011.30066
  • Adobe acrobat_dc 15.006.30174
  • Adobe acrobat_dc 15.023.20070
  • Adobe acrobat_reader 11.0.22
  • Adobe acrobat_reader_dc 15.006.30172
  • Adobe acrobat_reader_dc 15.023.20070
  • Adobe acrobat_reader_dc 15.010.20060
  • Adobe acrobat_dc 15.006.30279
  • Adobe acrobat_dc 17.009.20044
  • Adobe acrobat_dc 15.017.20053
  • Adobe acrobat_dc 15.010.20060
  • Adobe acrobat_dc 15.006.30355
  • Adobe acrobat_reader_dc 17.009.20044
  • Adobe acrobat 17.011.30059
  • Adobe acrobat_reader_dc 15.008.20082
  • Adobe acrobat_reader_dc 15.017.20050
  • Adobe acrobat_reader_dc 15.006.30355
  • Adobe acrobat_dc 15.008.20082
  • Adobe acrobat_reader_dc 15.006.30121
  • Adobe acrobat_reader_dc 15.006.30097
  • Adobe acrobat_reader_dc 15.016.20039
  • Adobe acrobat_reader_dc 15.006.30173
  • Adobe acrobat_dc 15.006.30097
  • Adobe acrobat_dc 15.006.30201
  • Adobe acrobat_reader_dc 15.023.20056
  • Adobe acrobat_reader_dc 15.020.20042
  • Adobe acrobat_dc 15.006.30121
  • Adobe acrobat_reader_dc 17.009.20058
  • Adobe acrobat_dc 15.016.20039
  • Adobe acrobat_reader_dc 15.006.30243
  • Adobe acrobat_dc 15.006.30243
  • Adobe acrobat_reader_dc 15.009.20069
  • Adobe acrobat_dc 15.020.20042
  • Adobe acrobat_reader_dc 15.006.30198
  • Adobe acrobat_reader 17.011.30066
  • Adobe acrobat_dc 17.009.20058
  • Adobe acrobat_dc 15.009.20069
  • Adobe acrobat_reader_dc 15.010.20059
  • Adobe acrobat_dc 17.012.20095
  • Adobe acrobat_dc 15.006.30198
  • Adobe acrobat_dc 15.006.30173
  • Adobe acrobat_reader_dc 15.016.20045
  • Adobe acrobat_dc 15.010.20059
  • Adobe acrobat_dc 15.017.20050
  • Adobe acrobat 17.011.30065
  • Adobe acrobat_dc 15.016.20041
  • Adobe acrobat_dc 15.006.30280
  • Adobe acrobat_reader_dc 15.016.20041
  • Adobe acrobat_reader_dc 17.012.20093

HTTP:CISCO:CVE-2018-0101-CE - HTTP: Cisco Adaptive Security Appliance Webvpn XML Parser Double Free

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Cisco Adaptive Security Appliance. A successful attack can lead to arbitrary code execution

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

  • bugtraq: 102845
  • cve: CVE-2018-0101

HTTP:DIR:SCADA-WEBACCESS-DIR - HTTP: Advantech WebAccess SCADA certUpdate.asp filename Directory Traversal

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Advantech WebAccess SCADA. Successful exploitation could lead to arbitrary code execution on the target application with privileges of the web application process.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1

References:

  • cve: CVE-2018-5445

HTTP:STC:ADOBE:CVE-2018-4891 - HTTP: Adobe Acrobat Reader CVE-2018-4891 Out of Bounds Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Adobe Reader.A successful attack can lead to Remote Code Execution.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

  • cve: CVE-2018-4891
  • bugtraq: 102996

HTTP:STC:ADOBE:CVE-2018-4905RCE - HTTP: Acrobat Reader CVE-2018-4905 Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Adobe Reader. A successful attack can lead to remote code execution.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

  • cve: CVE-2018-4905

HTTP:STC:JAVA:HPE-JAVA-RCE - HTTP: HPE Intelligent Management Center Insecure Deserialization

Severity: HIGH

Description:

An insecure deserialization vulnerability has been reported in HPE Intelligent Management Center. A remote, unauthenticated attacker can exploit this vulnerability by sending a maliciously crafted serialized object. Successful exploitation results in arbitrary code execution under the context of the SYSTEM or root user.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1

References:

  • url: http://www.zerodayinitiative.com/advisories/zdi-17-855/
  • url: https://support.hpe.com/hpsc/doc/public/display?docid=emr_na-hpesbhf03787en_us
  • cve: CVE-2017-8962

HTTP:NETVAULT-AUTH-BYPSS - HTTP: Quest NetVault Backup Multipart Request checksession Authentication Bypass

Severity: HIGH

Description:

This signature attempts to detect an authentication bypass vulnerability which has been reported in the web interface component of Quest NetVault Backup. A remote, unauthenticated attacker could exploit this vulnerability by sending a maliciously crafted request to the target server. Successful exploitation allows for bypass of the authentication mechanism and, in conjunction with other vulnerabilities, allows for the execution of arbitrary code as the SYSTEM user.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

  • cve: CVE-2018-1163
  • cve: CVE-2018-1162

SSL:VULN:CISCO-PRIME-FILEDEL - SSL: Cisco Prime Collaboration Provisioning Arbitrary File Deletion

Severity: MEDIUM

Description:

An arbitrary file deletion vulnerability has been reported in Cisco Prime Collaboration Provisioning. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted request to the target system. Successful exploitation results in the deletion of arbitrary files from the target system.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1

References:

  • url: https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170517-pcp5
  • cve: CVE-2017-6637

Affected Products:

  • Cisco prime_collaboration_provisioning 10.5.1
  • Cisco prime_collaboration_provisioning 9.0.0
  • Cisco prime_collaboration_provisioning 10.0.0
  • Cisco prime_collaboration_provisioning 10.6.2
  • Cisco prime_collaboration_provisioning 11.0.0
  • Cisco prime_collaboration_provisioning 9.5.0
  • Cisco prime_collaboration_provisioning 10.5.0
  • Cisco prime_collaboration_provisioning 10.6.0
Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out