TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
866
Signature ID: 34939
Cisco IOS Misformed BGP Packet Causes Reload vulnerability
Threat Level: Warning
Industry ID: CVE-2005-0196
Signature Description: The Border Gateway Protocol (BGP) is a routing protocol, it designed to manage IP routing in
large networks. Cisco devices running on Cisco Internetworking Operating System Software (IOS) versions 9.x, 10.x,
11.x and 12.x are vulnerable. These are could allow a remote attacker to execute arbitrary code, or cause a denial of
service attack. A remote attacker could send a malformed BGP packet, this malformed BGP packet is in queued on the
interface when a BGP neighbor change is logged. The device is not vulnerable unless either bgp log-neighbor-changes
is configured or snmp-server traps enable bgp is configured. The attacker to gain full control of the affected router or
cause the device to reload. Patches are available at Cisco website.
Signature ID: 34945
Cisco Wireless Control System Administrative Default Password vulnerability
Threat Level: Severe
Industry ID: CVE-2007-5382 Bugtraq: 26000
Signature Description: Cisco WCS is the industry leading platform for wireless LAN planning, configuration,
management, troubleshooting, and mobility services for the Cisco Unified Wireless Network. It provides a powerful
foundation upon which IT managers can design, control, and monitor Cisco wireless networks from a centralized
location, simplifying operations and reducing total cost of ownership. Cisco, Wireless Control System 4.1.91.0 and
prior versions, Cisco, Wireless LAN Solution Engine 4.1.91.0 and prior versions are vulnerable. The conversion utility
creates and uses administrative accounts with default passwords during the conversion of the CiscoWorks Wireless
LAN Solution Engine (WLSE). A (malicious user)remote attacker with knowledge of the default passwords could gain
complete control over an affected system. This signature detects 'p' character in user's password, and give generate log.
Signature ID: 34956
Cisco Application Velocity System Default Passwords access vulnerability
Threat Level: Severe
Industry ID: CVE-2008-0029 Bugtraq: 27421
Signature Description: The Cisco Application Velocity System(AVS) offers state-of-the-art dynamic content
acceleration. AVS contains of software component are Condenser, AppScreen, Management Console. The Cisco AVS
3180 Management Station runs the Management console that includes device management, database, reporting
features, including Appscope reporting. Cisco, Application Velocity System 5.0.1, Cisco, Application Velocity System
3110, Cisco, Application Velocity System 3120 Cisco, Application Velocity System 3180, Cisco, Application Velocity
System 3180a versions are vulnerable. These vulnerable versions have a hard coded user name and password, the AVS
software uses administrative accounts with default(hard coded) passwords and then fail to prompt the admin to change
the password, which allows remote attackers to add new users, modify existing users, and change configuration. A
malicious user(remote attacker) by using the default password, could gain complete control over these systems. This
signature detects 'd' character in user's password, then set track-state to check next pattern.
Signature ID: 35004
Tumbleweed SecureTransport FileTransfer ActiveX BOF Exploit
Threat Level: Warning
Industry ID: CVE-2008-1724
Bugtraq: 28662
Signature Description: Tumbleweed SecureTransport is the industry's most secure Managed File Transfer solution for
moving financial transactions, critical business files, large documents, XML, and EDI transactions over the Internet and
private IP networks. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
Tumbleweed Communications SecureTransport FileTransfer ActiveX Control (vcst_eu.dll 1.0.0.5) with CLSID of
38681fbd-d4cc-4a59-a527-b3136db711d3. By persuading a victim to visit a malicious Web page, a remote attacker