Release notes for update package 1301-5242

This update package improves the detection capabilities of the Forcepoint NGFW system.

RELEASE DATE:	Tuesday December 08, 2020
MD5 CHECKSUM:	5f396247a13cb1f436bcdab2fdb341e0
SHA1 CHECKSUM:	8acee53210d0073815b2011798f424776cf0712c
SHA256 CHECKSUM:	7ea80a709dc3e73147bf1493ae860dec896f1125b10a797328c317e03d87cbb8

UPDATE CRITICALITY: HIGH

MINIMUM SOFTWARE VERSIONS

- Forcepoint NGFW Security Management Center:	6.5.1.10631
- Forcepoint NGFW:	5.5.1.9848

List of detected attacks in this update package:

Risk level	Description	Reference	Vulnerability
High	An attempt to exploit a vulnerability in Microsoft Windows detected	CVE-2020-17140	Microsoft-Windows-Vulnerability-CVE-2020-17140

Jump to: Detected Attacks Other Changes

DETECTED ATTACKS

New detected attacks:

TCP SMB Client Stream

Risk	Vulnerability/Situation	References	Related Fingerprint	Situation Type
High	Microsoft-Windows-Vulnerability-CVE-2020-17140	CVE-2020-17140	SMB-TCP_Microsoft-Windows-Vulnerability-CVE-2020-17140	Suspected Compromise

Updated detected attacks:

HTTP Normalized Request-Line

Risk

Vulnerability/Situation

References

Related Fingerprint

Situation Type

Change Description

High

TP-Link-Cloud-Cameras-NCXXX-Bonjour-Command-Injection

CVE-2020-12109

HTTP_CRL-TP-Link-Cloud-Cameras-NCXXX-Bonjour-Command-Injection

Suspected Compromise

Name: HTTP_CS-TP-Link-Cloud-Cameras-NCXXX-Bonjour-Command-Injection->HTTP_CRL-TP-Link-Cloud-Cameras-NCXXX-Bonjour-Command-Injection

Category tag group TCP Correlation Dependency Group removed

Context has changed from HTTP Client Stream to HTTP Normalized Request-Line

LIST OF OTHER CHANGES:

New objects:

Type	Name
Category	MS2020-12
IPList	Incapsula
Situation	IP_Incapsula

Updated objects:

Type	Name	Changes
IPList	Åland
IPList	Bulgaria
IPList	Mauritius
IPList	Iceland
IPList	India
IPList	Burkina Faso
IPList	Guinea-Bissau
IPList	Cyprus
IPList	Palau
IPList	France
IPList	Sint Maarten
IPList	Gabon
IPList	South Korea
IPList	Amazon AMAZON ap-south-1
IPList	Costa Rica
IPList	Belgium
IPList	Niue
IPList	Tanzania
IPList	Lebanon
IPList	Botswana
IPList	Turkey
IPList	Heard Island and McDonald Islands
IPList	Liberia
IPList	Mongolia
IPList	Amazon AMAZON us-west-1
IPList	Réunion
IPList	Slovakia
IPList	Ukraine
IPList	Kenya
IPList	Ethiopia
IPList	Morocco
IPList	Botnet IP Address List
IPList	Guernsey
IPList	United States
IPList	Republic of Lithuania
IPList	Belize
IPList	Germany
IPList	Gambia
IPList	Estonia
IPList	Marshall Islands
IPList	Cameroon
IPList	Bouvet Island
IPList	Grenada
IPList	Canada
IPList	St Kitts and Nevis
IPList	Rwanda
IPList	Eritrea
IPList	Equatorial Guinea
IPList	Nicaragua
IPList	Barbados
IPList	Madagascar
IPList	Bolivia
IPList	TOR relay nodes IP Address List
IPList	South Africa
IPList	U.S. Virgin Islands
IPList	East Timor
IPList	Saint Martin
IPList	Sri Lanka
IPList	Cambodia
IPList	Saint Helena
IPList	Cayman Islands
IPList	Argentina
IPList	Poland
IPList	Papua New Guinea
IPList	Japan
IPList	Mexico
IPList	Bermuda
IPList	Portugal
IPList	Sierra Leone
IPList	Uganda
IPList	Paraguay
IPList	Amazon EC2
IPList	Western Sahara
IPList	Fiji
IPList	Mayotte
IPList	Amazon AMAZON cn-north-1
IPList	Peru
IPList	North Korea
IPList	Tunisia
IPList	Latvia
IPList	Nauru
IPList	Luxembourg
IPList	Venezuela
IPList	Greenland
IPList	Akamai Servers
IPList	U.S. Minor Outlying Islands
IPList	Honduras
IPList	Svalbard and Jan Mayen
IPList	Tokelau
IPList	Bhutan
IPList	Indonesia
IPList	United Arab Emirates
IPList	Cuba
IPList	Spain
IPList	Puerto Rico
IPList	Montserrat
IPList	Guadeloupe
IPList	South Sudan
IPList	British Indian Ocean Territory
IPList	Nigeria
IPList	Thailand
IPList	Malicious Site IP Address List
IPList	Lesotho
IPList	Curaçao
IPList	Italy
IPList	North Macedonia
IPList	Ecuador
IPList	Libya
IPList	Guatemala
IPList	Maldives
IPList	Sudan
IPList	South Georgia and the South Sandwich Islands
IPList	Brazil
IPList	Dominica
IPList	Albania
IPList	Amazon AMAZON eu-central-1
IPList	Trinidad and Tobago
IPList	Egypt
IPList	Panama
IPList	Israel
IPList	Somalia
IPList	Russia
IPList	Chile
IPList	Austria
IPList	Myanmar
IPList	Antarctica
IPList	Anguilla
IPList	Hungary
IPList	Greece
IPList	Yemen
IPList	Haiti
IPList	Serbia
IPList	Turkmenistan
IPList	Georgia
IPList	New Caledonia
IPList	Algeria
IPList	Pakistan
IPList	Vatican City
IPList	Suriname
IPList	Angola
IPList	Kyrgyzstan
IPList	Finland
IPList	Dominican Republic
IPList	Amazon AMAZON sa-east-1
IPList	Congo Republic
IPList	Guyana
IPList	Saint Lucia
IPList	Iran
IPList	Niger
IPList	Cocos [Keeling] Islands
IPList	Bahamas
IPList	Bonaire, Sint Eustatius, and Saba
IPList	Azerbaijan
IPList	Switzerland
IPList	Bangladesh
IPList	Norfolk Island
IPList	Cabo Verde
IPList	Belarus
IPList	Oman
IPList	Ivory Coast
IPList	Kuwait
IPList	Vanuatu
IPList	Slovenia
IPList	El Salvador
IPList	Christmas Island
IPList	French Southern Territories
IPList	Kazakhstan
IPList	Martinique
IPList	Solomon Islands
IPList	Romania
IPList	Syria
IPList	Jamaica
IPList	Federated States of Micronesia
IPList	TOR exit nodes IP Address List
IPList	Amazon ROUTE53
IPList	Falkland Islands
IPList	Uzbekistan
IPList	Hong Kong
IPList	Croatia
IPList	Kosovo
IPList	DR Congo
IPList	Saint Vincent and the Grenadines
IPList	São Tomé and Príncipe
IPList	Iraq
IPList	Sweden
IPList	French Guiana
IPList	United Kingdom
IPList	Malta
IPList	Singapore
IPList	Burundi
IPList	Ghana
IPList	Malawi
IPList	Hashemite Kingdom of Jordan
IPList	Ireland
IPList	Nepal
IPList	Andorra
IPList	Macao
IPList	Vietnam
IPList	Jersey
IPList	China
IPList	Togo
IPList	Zimbabwe
IPList	Amazon AMAZON
IPList	Gibraltar
IPList	Netherlands
IPList	Benin
IPList	Bosnia and Herzegovina
IPList	Taiwan
IPList	Mozambique
IPList	Namibia
IPList	Facebook Servers
IPList	Australia
IPList	Zambia
IPList	Mauritania
IPList	Monaco
IPList	Comoros
IPList	British Virgin Islands
IPList	Saint Barthélemy
IPList	Armenia
IPList	Saint Pierre and Miquelon
IPList	Central African Republic
IPList	Isle of Man
IPList	Mali
IPList	Faroe Islands
IPList	Montenegro
IPList	Qatar
IPList	Chad
IPList	Denmark
IPList	Guinea
IPList	Colombia
IPList	Wallis and Futuna
IPList	Antigua and Barbuda
IPList	Norway
IPList	French Polynesia
IPList	Uruguay
IPList	Kiribati
IPList	Guam
IPList	Tuvalu
IPList	New Zealand
IPList	Eswatini
IPList	Malaysia
IPList	Republic of Moldova
IPList	Cook Islands
IPList	Pitcairn Islands
IPList	Czechia
IPList	Amazon EC2 cn-north-1
IPList	Samoa
IPList	Turks and Caicos Islands
IPList	Brunei
IPList	Djibouti
IPList	Bahrain
IPList	Afghanistan
IPList	Tajikistan
IPList	Palestine
IPList	Philippines
IPList	Aruba
IPList	San Marino
IPList	Laos
IPList	Senegal
IPList	Tonga
IPList	Seychelles
IPList	American Samoa
IPList	Saudi Arabia
IPList	Northern Mariana Islands
IPList	Liechtenstein

HOW TO IMPORT AND ACTIVATE THE DYNAMIC UPDATE PACKAGE

Download the dynamic update package, then make sure that the checksums for the original files and the files that you have downloaded match.
In the Management Client, select Menu > File > Import > Import Update Packages.
Browse to the file, select it, then click Import.
Select Configuration, then browse to Administration > Other Elements > Updates.
Right-click the imported dynamic update package, then select Activate.
When the activation is finished, refresh the policy on all NGFW Engines. If your policy uses a custom template, you might need to edit the policy.

DISCLAIMER AND COPYRIGHT

Copyright © 2020 Forcepoint
Forcepoint and the FORCEPOINT logo are trademarks of Forcepoint.

All other trademarks used in this document are the property of their respective owners.

Every effort has been made to ensure the accuracy of this document. However, Forcepoint makes no warranties with respect to this documentation and disclaims any implied warranties of merchantability and fitness for a particular purpose. Forcepoint shall not be liable for any error or for incidental or consequential damages in connection with the furnishing, performance, or use of this manual or the examples herein. The information in this documentation is subject to change without notice.