Signature update for May 2020

New signatures rules are generated for the vulnerabilities identified in the week 2020-05-26. You can download and configure these signature rules to protect your appliance from security vulnerable attacks.

Signature version

Signature version 45 applicable for NetScaler VPX 11.1, NetScaler 12.0, Citrix ADC 12.1, Citrix ADC 13.0 platforms.

Note:

Enabling Post body and Response body signature rules might affect Citrix ADC CPU. According to the latest Snort release, the signature rules with ID 1258, 1306, 2520, 2661, 5695, 10996, 11817, 12056, 15471, 17049 and 21634 have been removed.

Common Vulnerability Entry (CVE) insight

Following is a list of signature rules, CVE IDs, and its description.

Signature rule CVE ID Description
999666   WEB-WORDPRESS Duplicator Plugin Prior To 1.3.28 - Unauthenticated Arbitrary File Download Vulnerability
999667 CVE-2020-10220 WEB-MISC rConfig Through 3.94 - SQL Injection Vulnerability (CVE-2020-10220)
999668 CVE-2020-5844 WEB-MISC Artica Pandora FMS 7.0 - Execution of Arbitrary Files of Dangerous Type Via /attachment/files_repo/ (CVE-2020-5844)
999669 CVE-2020-8813 WEB-MISC Cacti Prior to 1.2.10 - Remote Code Execution Vulnerability Via graph_realtime.php (CVE-2020-8813)
999670 CVE-2020-8654 WEB-MISC EyesOfNetwork 5.3 - Remote Code Execution Vulnerability (CVE-2020-8654)
999671 CVE-2020-10196 WEB-WORDPRESS Sygnoos Popup Builder Plugin Prior to 3.64.1 - Unauthenticated XSS Vulnerability (CVE-2020-10196)
999672 CVE-2019-15949 WEB-MISC Nagios XI Prior To 5.6.6 - Remote Code Execution As Root Vulnerability (CVE-2019-15949)
999673 CVE-2020-10879 WEB-MISC RConfig 3.9.5 and Prior - Remote Code Execution Vulnerability Via search.crud.php (CVE-2020-10879)
999674 CVE-2020-8656 WEB-MISC EyesOfNetwork 5.3 - EyesOfNetwork API 2.4.2 SQL Injection Vulnerability (CVE-2020-8656)
999675 CVE-2020-10195 WEB-WORDPRESS Sygnoos Popup Builder Plugin Prior to 3.64.1 - Authenticated System Information Disclosure (CVE-2020-10195)
999676 CVE-2020-10195 WEB-WORDPRESS Sygnoos Popup Builder Plugin Prior to 3.64.1 - Authenticated Subscriber Information Disclosure (CVE-2020-10195)
999677 CVE-2020-10195 WEB-WORDPRESS Sygnoos Popup Builder Plugin Prior to 3.64.1 - Authenticated Settings Modification (CVE-2020-10195)
999678 CVE-2020-0646 Microsoft SharePoint Server - .NET Framework Workflow Remote Code Execution Vulnerability Via SOAP 1.2 (CVE-2020-0646)
999679 CVE-2020-0646 Microsoft SharePoint Server - .NET Framework Workflow Remote Code Execution Vulnerability Via SOAP 1.1 (CVE-2020-0646)
999680 CVE-2020-10221 WEB-MISC rConfig Through 3.94 - Remote Code Execution Vulnerability (CVE-2020-10221)
999681 CVE-2019-19134 WEB-WORDPRESS Hero Maps Premium Prior to 2.2.3 - Unauthenticated Reflected XSS Vulnerability (CVE-2019-19134)
999682 CVE-2020-10385 WEB-WORDPRESS WPForms Plugin Prior to 1.5.9 - Stored XSS Vulnerability (CVE-2020-10385)