Release notes for update package 1627-5242

This update package improves the detection capabilities of the Forcepoint NGFW system.

RELEASE DATE:    Monday September 04, 2023
MD5 CHECKSUM:    984c16ff1e5ebe1097ad0e4ce6a7df56
SHA1 CHECKSUM:    eb86b2485fd464508ab9e277215463b746482d2c
SHA256 CHECKSUM:    9b0dd34b003490da41bf31d8c5804f89ffe6c41c7f524e5a2e07ea2228550e5f

UPDATE CRITICALITY:    HIGH

MINIMUM SOFTWARE VERSIONS
- Forcepoint NGFW Security Management Center:    6.5.1.10631
- Forcepoint NGFW:    6.5.1.21108

List of detected attacks in this update package:

Risk levelDescriptionReferenceVulnerability
High     An attempt to exploit a vulnerability in Ivanti Avalanche detected     CVE-2023-28128     Ivanti-Avalanche-Filestoreconfig-Validatefilestoreuncpath-Arbitrary-File-Upload
High     An attempt to exploit a vulnerability in LG N1A1 NAS detected     CVE-2018-14839     LG-N1A1-NAS-Remote-Command-Execution-CVE-2018-14839
High     An attempt to exploit a vulnerability in Ivanti Avalanche detected     CVE-2023-32560     Ivanti-Avalanche-Wlavalancheservice.exe-Stack-Buffer-Overflow
High     An attempt to exploit a vulnerability in Rockwell Automation ThinManager ThinServer detected     CVE-2023-2914     Rockwell-Automation-Thinmanager-Type-13-Synchronization-Integer-Overflow
High     An attempt to exploit a vulnerability in D-Link Systems DIR-2640 detected     CVE-2023-32150     D-Link-Dir-2640-HNAP-Prefixlen-Command-Injection-Vulnerability

Jump to: Detected Attacks Other Changes

DETECTED ATTACKS

New detected attacks:

TCP Client Stream Unknown

RiskVulnerability/SituationReferencesRelated FingerprintSituation Type
High Ivanti-Avalanche-Wlavalancheservice.exe-Stack-Buffer-Overflow CVE-2023-32560 Generic_CS-Ivanti-Avalanche-Wlavalancheservice.exe-Stack-Buffer-Overflow Potential Compromise
High Rockwell-Automation-Thinmanager-Type-13-Synchronization-Integer-Overflow CVE-2023-2914 Generic_CS-Rockwell-Automation-Thinmanager-Type-13-Synchronization-Integer-Overflow Potential Compromise

HTTP Normalized Request-Line

RiskVulnerability/SituationReferencesRelated FingerprintSituation Type
High Ivanti-Avalanche-Filestoreconfig-Validatefilestoreuncpath-Arbitrary-File-Upload CVE-2023-28128 HTTP_CRL-Ivanti-Avalanche-Filestoreconfig-Validatefilestoreuncpath-Arbitrary-File-Upload Suspected Compromise
High LG-N1A1-NAS-Remote-Command-Execution-CVE-2018-14839 CVE-2018-14839 HTTP_CRL-LG-N1A1-NAS-Remote-Command-Execution-CVE-2018-14839 Suspected Compromise

Identified Text File Stream

RiskVulnerability/SituationReferencesRelated FingerprintSituation Type
High D-Link-Dir-2640-HNAP-Prefixlen-Command-Injection-Vulnerability CVE-2023-32150 File-TextId_D-Link-Dir-2640-HNAP-Prefixlen-Command-Injection-Vulnerability Suspected Compromise

Updated detected attacks:

TFTP Client Stream

RiskVulnerability/SituationReferencesRelated FingerprintSituation TypeChange Description
Low TFTP-FutureSoft-TFTP-Server-Directory-Traversal CVE-2005-1813 TFTP_Trivial-File-Transfer-Protocol-Directory-Traversal Potential Disclosure
Description has changed
Category tag group CVE2023 added

HTTP Normalized Request-Line

RiskVulnerability/SituationReferencesRelated FingerprintSituation TypeChange Description
High Ivanti-Avalanche-Filestoreconfig-CVE-2023-32562-Arbitrary-File-Upload CVE-2023-32562 HTTP_CRL-Ivanti-Avalanche-Filestoreconfig-CVE-2023-32562-Arbitrary-File-Upload Suspected Compromise
Fingerprint regexp changed
High Ivanti-Avalanche-Enterprise-Service-Central-Filestore-Arbitrary-File-Upload CVE-2021-42125 HTTP_CRL-Ivanti-Avalanche-Enterprise-Service-Central-Filestore-Arbitrary-File-Upload Suspected Compromise
Fingerprint regexp changed

LIST OF OTHER CHANGES:

New objects:

TypeName
CategoryD-Link D-View
CategoryLG N1A1 NAS

Updated objects:

TypeNameChanges
IPListNordVPN Servers IP Address List
SituationHTTP_CSH-Shared-Variables
Fingerprint regexp changed

HOW TO IMPORT AND ACTIVATE THE DYNAMIC UPDATE PACKAGE

  1. Download the dynamic update package, then make sure that the checksums for the original files and the files that you have downloaded match.
  2. In the Management Client, select Menu > File > Import > Import Update Packages.
  3. Browse to the file, select it, then click Import.
  4. Select  Configuration, then browse to Administration > Other Elements > Updates.
  5. Right-click the imported dynamic update package, then select Activate.
  6. When the activation is finished, refresh the policy on all NGFW Engines. If your policy uses a custom template, you might need to edit the policy.

DISCLAIMER AND COPYRIGHT

Copyright © 2023 Forcepoint
Forcepoint and the FORCEPOINT logo are trademarks of Forcepoint.

All other trademarks used in this document are the property of their respective owners.

Every effort has been made to ensure the accuracy of this document. However, Forcepoint makes no warranties with respect to this documentation and disclaims any implied warranties of merchantability and fitness for a particular purpose. Forcepoint shall not be liable for any error or for incidental or consequential damages in connection with the furnishing, performance, or use of this manual or the examples herein. The information in this documentation is subject to change without notice.