This release contains 76 new rules, 14 modified rules and nine new shared object rules.
Tuesday's release provides coverage for two critical vulnerabilities in the 220 series of Cisco smart switches for small businesses. There is also protection against the exploitation of an arbitrary file disclosure vulnerability in Pulse Secure SSL VPN.
Talos has added and modified multiple rules in the browser-ie, browser-plugins, file-flash, file-image, file-office, file-other, indicator-compromise, os-linux, os-mobile, os-other, os-windows, policy-other, protocol-imap, protocol-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.
Here are two sets of rules we wish to specifically highlight:
- 51293 - 51295, 51298 - 51300, 51306 - 51307: These rules all provide coverage for two vulnerabilities in Cisco's 220 series of smart switches for small businesses. CVE-2019-1912 could allow an attacker to bypass security checks on the switch and upload arbitrary files. And CVE-2019-1913 opens the switches to a buffer overflow attack, which could be used to gain the ability to remotely execute code on the machine with root privileges. In addition to these Snort rules, Cisco has also released an update for these products.
- 51240 - 51243, 51288, 51289: Attackers are actively exploiting vulnerabilities in the Fortigate and Pulse VPN services to steal encryption keys, passwords and other sensitive data. These rules provide protection against the exploitation of CVE-2019-11539 and CVE-2019-11510, both in Pulse, that could allow an attacker to disclose sensitive files or inject arbitrary code into a victim machine. Joanne Kim wrote rules 51288 and 51289, and John Levy wrote rules 51240 - 51243.