Release notes for update package 1559-5242

This update package improves the detection capabilities of the Forcepoint NGFW system.

RELEASE DATE:    Thursday February 23, 2023
MD5 CHECKSUM:    5a9c20126e645256d5bc6a1557da2953
SHA1 CHECKSUM:    bb2eddecc455b26788d7b0af77d1650ea32ad233
SHA256 CHECKSUM:    7d213b0a9ad5a5ace7eacc08e9c19b3ab3e2dc9ce353b03f5475eb3addd25154

UPDATE CRITICALITY:    HIGH

MINIMUM SOFTWARE VERSIONS
- Forcepoint NGFW Security Management Center:    6.5.1.10631
- Forcepoint NGFW:    6.3.1.19034

List of detected attacks in this update package:

Risk levelDescriptionReferenceVulnerability
High     An attempt to exploit a vulnerability in Netdata netdata detected     CVE-2023-22496     NetData-Streaming-Alert-Command-Injection
High     An attempt to exploit a vulnerability in Adobe ColdFusion detected.     CVE-2022-38418     Adobe-ColdFusion-Application-Server-CVE-2022-38418-Directory-Traversal
High     An attempt to exploit a vulnerability in Fortinet FortiNAC detected     CVE-2022-39952     Fortinet-Fortinac-Arbitrary-File-Write-CVE-2022-39952
High     An attempt to exploit a vulnerability in LibreNMS LibreNMS detected     CVE-2022-4069     LibreNMS-Devicegroupcontroller-Name-Stored-Cross-Site-Scripting
High     An attempt to exploit a vulnerability in Redis detected     CVE-2023-22458     Redis-Hrandfield-Zrandmember-Command-Integer-Overflow

Jump to: Detected Attacks Other Changes

DETECTED ATTACKS

New detected attacks:

HTTP Client Stream

RiskVulnerability/SituationReferencesRelated FingerprintSituation Type
High NetData-Streaming-Alert-Command-Injection CVE-2023-22496 HTTP_CS-NetData-Streaming-Alert-Command-Injection Suspected Compromise
High Adobe-ColdFusion-Application-Server-CVE-2022-38418-Directory-Traversal CVE-2022-38418 HTTP_CS-Adobe-ColdFusion-Application-Server-CVE-2022-38418-Directory-Traversal Suspected Compromise
High Fortinet-Fortinac-Arbitrary-File-Write-CVE-2022-39952 CVE-2022-39952 HTTP_CS-Fortinet-Fortinac-Arbitrary-File-Write-CVE-2022-39952 Suspected Compromise

TCP Client Stream Unknown

RiskVulnerability/SituationReferencesRelated FingerprintSituation Type
High Redis-Hrandfield-Zrandmember-Command-Integer-Overflow CVE-2023-22458 Generic_CS-Redis-Hrandfield-Zrandmember-Command-Integer-Overflow Suspected Compromise

HTTP Normalized Request-Line

RiskVulnerability/SituationReferencesRelated FingerprintSituation Type
High LibreNMS-Devicegroupcontroller-Name-Stored-Cross-Site-Scripting CVE-2022-4069 HTTP_CRL-LibreNMS-Devicegroupcontroller-Name-Stored-Cross-Site-Scripting Suspected Compromise

Updated detected attacks:

Other Binary File Stream

RiskVulnerability/SituationReferencesRelated FingerprintSituation TypeChange Description
High Rockwell-Automation-ISaGRAF-Workbench-7-ZIP-Directory-Traversal CVE-2022-2463 File-Binary_Rockwell-Automation-ISaGRAF-Workbench-7-ZIP-Directory-Traversal Suspected Compromise
Detection mechanism updated
High Ysoserial-Generated-Java-Serialized-Object No CVE/CAN File-Binary_Ysoserial-Generated-Java-Serialized-Object Suspected Compromise
Fingerprint regexp changed

LIST OF OTHER CHANGES:

New objects:

TypeName
CategoryFortinet FortiNAC
CategoryNetData
IPListGoogle Cloud IP Address List for europe-west12
IPListGoogle Cloud IP Address List for me-central1
IPListMicrosoft Azure service for AzureSpringCloud

Updated objects:

TypeNameChanges
IPListRwanda
IPListIraq
IPListSaudi Arabia
IPListCyprus
IPListTanzania
IPListSyria
IPListArmenia
IPListKenya
IPListDR Congo
IPListSeychelles
IPListJordan
IPListKuwait
IPListOman
IPListQatar
IPListBahrain
IPListUnited Arab Emirates
IPListIsrael
IPListTurkey
IPListGreece
IPListEstonia
IPListLatvia
IPListLithuania
IPListGeorgia
IPListMoldova
IPListBelarus
IPListFinland
IPListUkraine
IPListHungary
IPListBulgaria
IPListPoland
IPListRomania
IPListKosovo
IPListSouth Africa
IPListAfghanistan
IPListPakistan
IPListBangladesh
IPListTurkmenistan
IPListTajikistan
IPListIndia
IPListMyanmar
IPListUzbekistan
IPListKazakhstan
IPListKyrgyzstan
IPListFrench Southern Territories
IPListVietnam
IPListThailand
IPListIndonesia
IPListLaos
IPListTaiwan
IPListPhilippines
IPListMalaysia
IPListChina
IPListHong Kong
IPListMacao
IPListSouth Korea
IPListJapan
IPListSingapore
IPListRussia
IPListAustralia
IPListNew Zealand
IPListPortugal
IPListGhana
IPListNigeria
IPListChad
IPListSpain
IPListDenmark
IPListIceland
IPListUnited Kingdom
IPListSwitzerland
IPListSweden
IPListNetherlands
IPListAustria
IPListBelgium
IPListGermany
IPListLuxembourg
IPListIreland
IPListFrance
IPListAndorra
IPListLiechtenstein
IPListSlovakia
IPListCzechia
IPListNorway
IPListItaly
IPListSlovenia
IPListCroatia
IPListBosnia and Herzegovina
IPListBarbados
IPListFrench Guiana
IPListUruguay
IPListBrazil
IPListJamaica
IPListDominican Republic
IPListCuba
IPListMartinique
IPListBahamas
IPListAnguilla
IPListTrinidad and Tobago
IPListSt Kitts and Nevis
IPListDominica
IPListAntigua and Barbuda
IPListSaint Lucia
IPListTurks and Caicos Islands
IPListBritish Virgin Islands
IPListSt Vincent and Grenadines
IPListSaint Martin
IPListSaint Barthélemy
IPListGrenada
IPListCayman Islands
IPListBelize
IPListEl Salvador
IPListGuatemala
IPListHonduras
IPListNicaragua
IPListCosta Rica
IPListVenezuela
IPListEcuador
IPListColombia
IPListPanama
IPListHaiti
IPListArgentina
IPListChile
IPListPeru
IPListMexico
IPListGuam
IPListPuerto Rico
IPListU.S. Virgin Islands
IPListCanada
IPListUnited States
IPListPalestine
IPListSerbia
IPListSint Maarten
IPListCuraçao
IPListTOR exit nodes IP Address List
IPListAmazon AMAZON
IPListAmazon EC2
IPListAkamai Servers
IPListMicrosoft Azure datacenter for australiaeast
IPListMicrosoft Azure datacenter for brazilsouth
IPListTOR relay nodes IP Address List
IPListMicrosoft Azure datacenter for eastasia
IPListMicrosoft Azure datacenter for eastus2euap
IPListMicrosoft Azure datacenter for eastus
IPListMicrosoft Azure datacenter for centralfrance
IPListMicrosoft Azure datacenter for northeurope
IPListMicrosoft Azure datacenter for southcentralus
IPListMicrosoft Azure datacenter for southeastasia
IPListMicrosoft Azure datacenter for westeurope
IPListMicrosoft Azure datacenter for westus2
IPListAmazon API_GATEWAY
IPListMicrosoft Azure datacenter for westus
IPListMicrosoft Azure datacenter
IPListAmazon DYNAMODB
IPListAmazon AMAZON ap-northeast-1
IPListAmazon EC2 ap-northeast-1
IPListAmazon DYNAMODB ap-southeast-3
IPListAmazon AMAZON ap-northeast-3
IPListBotnet IP Address List
IPListMalicious Site IP Address List
IPListAmazon AMAZON ap-south-1
IPListAmazon AMAZON ap-southeast-1
IPListMicrosoft Azure service for Dynamics365BusinessCentral
IPListAmazon EC2 ap-southeast-1
IPListAmazon AMAZON ap-southeast-2
IPListAmazon AMAZON eu-central-1
IPListAmazon AMAZON eu-west-1
IPListAmazon API_GATEWAY eu-west-1
IPListAmazon AMAZON eu-west-2
IPListAmazon AMAZON sa-east-1
IPListAmazon AMAZON us-east-1
IPListAmazon EC2 us-east-1
IPListAmazon AMAZON us-west-1
IPListAmazon EC2 us-west-1
IPListAmazon AMAZON us-west-2
IPListAmazon EC2 us-west-2
IPListAmazon AMAZON ap-southeast-3
IPListMicrosoft Azure datacenter for southafricawest
IPListMicrosoft Azure service for AppService
IPListMicrosoft Azure service for AzureActiveDirectory_ServiceEndpoint
IPListMicrosoft Azure service for AzureCloud
IPListMicrosoft Azure service for AzureCosmosDB
IPListMicrosoft Azure service for AzureMonitor
IPListMicrosoft Azure service for Sql
IPListMicrosoft Azure datacenter for swedencentral
IPListMicrosoft Azure datacenter for qatarcentral
IPListMicrosoft Azure service for M365ManagementActivityApi
IPListMicrosoft Azure service for M365ManagementActivityApiWebhook
IPListGoogle Cloud IP Address List for asia-southeast2
IPListGoogle Cloud IP Address List for europe-west1
IPListGoogle Cloud IP Address List for europe-west8
IPListGoogle Cloud IP Address List for northamerica-northeast2
IPListMicrosoft Azure service for ChaosStudio
SituationHTTP_CSU-Shared-Variables
SituationSSH_Shared-Variables
Fingerprint regexp changed
SituationSSH_Solarwinds-Serv-U-FTP-Server
Fingerprint regexp changed
SituationGeneric_CS-Shared-Variable-Fingerprints
Fingerprint regexp changed
SituationFiles Containing Passwords
Comment has changed
Description has changed

HOW TO IMPORT AND ACTIVATE THE DYNAMIC UPDATE PACKAGE

  1. Download the dynamic update package, then make sure that the checksums for the original files and the files that you have downloaded match.
  2. In the Management Client, select Menu > File > Import > Import Update Packages.
  3. Browse to the file, select it, then click Import.
  4. Select  Configuration, then browse to Administration > Other Elements > Updates.
  5. Right-click the imported dynamic update package, then select Activate.
  6. When the activation is finished, refresh the policy on all NGFW Engines. If your policy uses a custom template, you might need to edit the policy.

DISCLAIMER AND COPYRIGHT

Copyright © 2023 Forcepoint
Forcepoint and the FORCEPOINT logo are trademarks of Forcepoint.

All other trademarks used in this document are the property of their respective owners.

Every effort has been made to ensure the accuracy of this document. However, Forcepoint makes no warranties with respect to this documentation and disclaims any implied warranties of merchantability and fitness for a particular purpose. Forcepoint shall not be liable for any error or for incidental or consequential damages in connection with the furnishing, performance, or use of this manual or the examples herein. The information in this documentation is subject to change without notice.