Thursday, August 22, 2019

Snort rule update for Aug. 22, 2019

Cisco Talos just released the latest SNORT® rule update for all users. Talos urges all users to implement these rules as soon as possible to keep their networks and machines protected.

This release contains 56 new rules, four modified rules, 14 new shared object rules and 25 modified shared object rules.

Thursday's release provides coverage for two vulnerabilities Cisco recently disclosed — one of which is rated "critical."
Talos has added and modified multiple rules in the browser-ie, file-image, file-office, file-other, file-pdf, indicator-compromise, indicator-shellcode, os-linux, os-windows, policy-other, server-mail and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Here are two rules we wish to specific highlight:
  • 51164, 51180, 51187 - 51189, 51193, 51194, 51198: These rules provide coverage for CVE-2019-12634, a denial-of-service vulnerability in Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data. This bug exists in the software's web-based management interface and could allow an attacker to cause a denial-of-service condition. An attacker could exploit this vulnerability by sending a specially crafted request to an affected system, forcing all currently authenticated users to be logged off. If exploited again, the attacker could prevent users from maintaining a session in the web-based management portal. Tim Muniz wrote rule 51164. Kristen Houser wrote rule 51180. Marcos Rodriguez wrote rules 51193 - 51195, and Joanne Kim wrote rules 51198 and 51199.
You can subscribe to Talos' newest rule detection functionality for as low as $29 a year with a personal account. Be sure and see our business pricing as well here. Make sure and stay up to date to catch the most emerging threats.