Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Update Details

Security Intelligence Center
Print

Update #3330 (11/17/2020)

1 new signature:

MEDIUMHTTP:STC:DL:NITRO-CSPACE-SC-BOFHTTP: Nitro Pro PDF ICCBased ColorSpace Stroke Color Heap-based Buffer Overflow

2 updated signatures:

HIGHHTTP:CTS:NAGIOSXI-CMD-INJHTTP: Nagios XI multiple Command Injection
MEDIUMHTTP:STC:ADOBE:CVE2020-24430UAFHTTP: Adobe Acrobat and Reader CVE-2020-24430 Use-after-free


Details of the signatures included within this bulletin:


HTTP:CTS:NAGIOSXI-CMD-INJ - HTTP: Nagios XI multiple Command Injection

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Nagios XI. A successful attack can lead to command injection and arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

  • cve: CVE-2020-15901
  • cve: CVE-2020-5791
  • url: https://www.nagios.com/downloads/nagios-xi/change-log/

Affected Products:

  • nagios nagios_xi

HTTP:STC:DL:NITRO-CSPACE-SC-BOF - HTTP: Nitro Pro PDF ICCBased ColorSpace Stroke Color Heap-based Buffer Overflow

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Nitro Pro PDF. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the user.

Supported On:

idp-5.1.110161014, idp-4.1.0, mx-16.1, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, j-series-9.5, mx-11.4, srx-12.1, srx-branch-12.1, vsrx-12.1, vsrx-15.1

References:

  • url: https://www.gonitro.com/nps/security/updates
  • cve: CVE-2020-6146

Affected Products:

  • gonitro nitro_pro 13.16.2.300
  • gonitro nitro_pro 13.13.2.242

HTTP:STC:ADOBE:CVE2020-24430UAF - HTTP: Adobe Acrobat and Reader CVE-2020-24430 Use-after-free

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Adobe Acrobat and Reader. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.1.0, mx-16.1, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, j-series-9.5, mx-11.4, srx-12.1, srx-branch-12.1, vsrx-12.1, vsrx-15.1

References:

  • cve: CVE-2020-24430
  • url: https://helpx.adobe.com/security/products/acrobat/apsb20-67.html
Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out