This release contains 56 new rules, four modified rules, 14 new shared object rules and 25 modified shared object rules.
Thursday's release provides coverage for two vulnerabilities Cisco recently disclosed — one of which is rated "critical."
Talos has added and modified multiple rules in the browser-ie, file-image, file-office, file-other, file-pdf, indicator-compromise, indicator-shellcode, os-linux, os-windows, policy-other, server-mail and server-webapp rule sets to provide coverage for emerging threats from these technologies.
Here are two rules we wish to specific highlight:
- 51164, 51180, 51187 - 51189, 51193, 51194, 51198: These rules provide coverage for CVE-2019-12634, a denial-of-service vulnerability in Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data. This bug exists in the software's web-based management interface and could allow an attacker to cause a denial-of-service condition. An attacker could exploit this vulnerability by sending a specially crafted request to an affected system, forcing all currently authenticated users to be logged off. If exploited again, the attacker could prevent users from maintaining a session in the web-based management portal. Tim Muniz wrote rule 51164. Kristen Houser wrote rule 51180. Marcos Rodriguez wrote rules 51193 - 51195, and Joanne Kim wrote rules 51198 and 51199.