Release notes for update package 1629-5242

This update package improves the detection capabilities of the Forcepoint NGFW system.

RELEASE DATE:    Monday September 11, 2023
MD5 CHECKSUM:    e66ce282b73141d0869e641ed822ca76
SHA1 CHECKSUM:    35357318fa6784cc11dafeedc0e7e17198c47aec
SHA256 CHECKSUM:    797f36a7e7d17ac744cb471bf13cdf52bc52d8a2ec07a3c9c934e7b6848225fd

UPDATE CRITICALITY:    HIGH

MINIMUM SOFTWARE VERSIONS
- Forcepoint NGFW Security Management Center:    6.5.1.10631
- Forcepoint NGFW:    6.5.1.21108

List of detected attacks in this update package:

Risk levelDescriptionReferenceVulnerability
High     An attempt to exploit a vulnerability in WordPress Kadence Blocks Plugin detected     No CVE/CAN Wordpress-Kadence-Blocks-Plugin-Advanced-Form-Unrestricted-File-Upload
High     An attempt to exploit a vulnerability in mySCADA myPRO detected     CVE-2023-28716     mySCADA-myPRO-CVE-2023-28716-Command-Injection
High     An attempt to exploit a vulnerability in XWiki.org XWiki detected     CVE-2023-37462     Xwiki.org-Xwiki-Skinscode.xwikiskinssheet-Code-Injection
High     An attempt to exploit a vulnerability in Junos OS detected     CVE-2023-36846     Junos-OS-J-Web-Arbitrary-File-Upload-CVE-2023-36846
High     An attempt to exploit a vulnerability in Rockwell Automation ThinManager ThinServer detected     CVE-2023-2917     Rockwell-Automation-Thinmanager-Type-38-Synchronization-Directory-Traversal

Jump to: Detected Attacks Other Changes

DETECTED ATTACKS

New detected attacks:

HTTP Client Stream

RiskVulnerability/SituationReferencesRelated FingerprintSituation Type
High Wordpress-Kadence-Blocks-Plugin-Advanced-Form-Unrestricted-File-Upload No CVE/CAN HTTP_CS-Wordpress-Kadence-Blocks-Plugin-Advanced-Form-Unrestricted-File-Upload Suspected Compromise

TCP Client Stream Unknown

RiskVulnerability/SituationReferencesRelated FingerprintSituation Type
High Rockwell-Automation-Thinmanager-Type-38-Synchronization-Directory-Traversal CVE-2023-2917 Generic_CS-Rockwell-Automation-Thinmanager-Type-38-Synchronization-Directory-Traversal Suspected Compromise

HTTP Normalized Request-Line

RiskVulnerability/SituationReferencesRelated FingerprintSituation Type
High Xwiki.org-Xwiki-Skinscode.xwikiskinssheet-Code-Injection CVE-2023-37462 HTTP_CRL-Xwiki.org-Xwiki-Skinscode.xwikiskinssheet-Code-Injection Suspected Compromise
High Junos-OS-J-Web-Arbitrary-File-Upload-CVE-2023-36846 CVE-2023-36846 HTTP_CRL-Junos-OS-J-Web-Arbitrary-File-Upload-CVE-2023-36846 Suspected Compromise

Text File Stream

RiskVulnerability/SituationReferencesRelated FingerprintSituation Type
High mySCADA-myPRO-CVE-2023-28716-Command-Injection CVE-2023-28716 File-Text_mySCADA-myPRO-CVE-2023-28716-Command-Injection Suspected Compromise

Updated detected attacks:

HTTP Normalized Request-Line

RiskVulnerability/SituationReferencesRelated FingerprintSituation TypeChange Description
High Xwiki.org-Xwiki-Invitationguestactions-Code-Injection CVE-2023-35150 HTTP_CSU-Xwiki.org-Xwiki-Invitationguestactions-Code-Injection Suspected Compromise
Fingerprint regexp changed
High LibreNMS-Ports-List.inc.php-Reflected-Cross-Site-Scripting CVE-2023-4347 HTTP_CRL-LibreNMS-Ports-List.inc.php-Reflected-Cross-Site-Scripting Suspected Compromise
Comment has changed

LIST OF OTHER CHANGES:

New objects:

TypeName
SituationFTP_HOST
SituationFTP_HOST-Invalid
SituationFTP_HOST-Success
SituationSMB-TCP_CHS-SMB2-Compounded-Negotiate-Session_Setup-Or-Echo-Request

Updated objects:

TypeNameChanges
Certificate AuthoritySSL.com EV Root Certification Authority RSA R2 (1)
Marked for removal
Certificate AuthoritySSL.com Root Certification Authority RSA (1)
Marked for removal
IPListIran
IPListCyprus
IPListArmenia
IPListKenya
IPListSeychelles
IPListJordan
IPListLebanon
IPListUnited Arab Emirates
IPListIsrael
IPListTurkey
IPListEgypt
IPListGreece
IPListEstonia
IPListLatvia
IPListAzerbaijan
IPListLithuania
IPListGeorgia
IPListMoldova
IPListFinland
IPListUkraine
IPListHungary
IPListBulgaria
IPListAlbania
IPListPoland
IPListRomania
IPListZambia
IPListSouth Africa
IPListPakistan
IPListSri Lanka
IPListBhutan
IPListIndia
IPListMaldives
IPListMyanmar
IPListUzbekistan
IPListKazakhstan
IPListPalau
IPListVietnam
IPListThailand
IPListIndonesia
IPListTaiwan
IPListPhilippines
IPListMalaysia
IPListChina
IPListHong Kong
IPListMacao
IPListCambodia
IPListSouth Korea
IPListJapan
IPListNorth Korea
IPListSingapore
IPListCook Islands
IPListTimor-Leste
IPListRussia
IPListMongolia
IPListAustralia
IPListNew Zealand
IPListPortugal
IPListGhana
IPListSpain
IPListDenmark
IPListIceland
IPListUnited Kingdom
IPListSwitzerland
IPListSweden
IPListNetherlands
IPListAustria
IPListBelgium
IPListGermany
IPListLuxembourg
IPListIreland
IPListFrance
IPListLiechtenstein
IPListSlovakia
IPListCzechia
IPListNorway
IPListItaly
IPListSlovenia
IPListCroatia
IPListBosnia and Herzegovina
IPListGreenland
IPListBrazil
IPListDominican Republic
IPListGuatemala
IPListCosta Rica
IPListVenezuela
IPListEcuador
IPListColombia
IPListArgentina
IPListChile
IPListPeru
IPListMexico
IPListFrench Polynesia
IPListWallis and Futuna
IPListNorthern Mariana Islands
IPListGuam
IPListCanada
IPListUnited States
IPListSerbia
IPListTOR exit nodes IP Address List
IPListAmazon AMAZON
IPListAmazon EC2
IPListTOR relay nodes IP Address List
IPListAmazon AMAZON ap-northeast-2
IPListAmazon EC2 ap-northeast-2
IPListLine Messenger IP Address List
IPListMalicious Site IP Address List
IPListNordVPN Servers IP Address List
IPListAmazon AMAZON ca-central-1
IPListAmazon AMAZON eu-central-1
IPListAmazon AMAZON us-east-1
IPListAmazon AMAZON us-gov-east-1
IPListAmazon EC2 us-gov-east-1
SituationHTTP_CSU-Shared-Variables
SituationSMB-TCP_CHS-SMB2-Oplock-Break-Request
Fingerprint regexp changed
SituationSMB-TCP_CHS-SMB2-Set-Info-Request
Fingerprint regexp changed
SituationSMB-TCP_CHS-SMB2-Query-Info-Request
Fingerprint regexp changed
SituationSMB-TCP_CHS-SMB2-Change-Notify-Request
Fingerprint regexp changed
SituationSMB-TCP_CHS-SMB2-Query-Directory-Request
Fingerprint regexp changed
SituationSMB-TCP_CHS-SMB2-Echo-Request
Fingerprint regexp changed
SituationSMB-TCP_CHS-SMB2-Cancel-Request
Fingerprint regexp changed
SituationSMB-TCP_CHS-SMB2-IOCTL-Request
Fingerprint regexp changed
SituationSMB-TCP_CHS-SMB2-Lock-Request
Fingerprint regexp changed
SituationSMB-TCP_CHS-SMB2-Write-Request
Fingerprint regexp changed
SituationSMB-TCP_CHS-SMB2-Read-Request
Fingerprint regexp changed
SituationSMB-TCP_CHS-SMB2-Flush-Request
Fingerprint regexp changed
SituationSMB-TCP_CHS-SMB2-Close-Request
Fingerprint regexp changed
SituationSMB-TCP_CHS-SMB2-Create-Request
Fingerprint regexp changed
SituationSMB-TCP_CHS-SMB2-Tree-Disconnect-Request
Fingerprint regexp changed
SituationSMB-TCP_CHS-SMB2-Tree-Connect-Request
Fingerprint regexp changed
SituationSMB-TCP_CHS-SMB2-Logoff-Request
Fingerprint regexp changed
SituationSMB-TCP_CHS-SMB2-Session-Setup-Request
Fingerprint regexp changed
SituationSMB-TCP_CHS-SMB2-Negotiate-Request
Fingerprint regexp changed
ApplicationTLS
Application detection context content changed

HOW TO IMPORT AND ACTIVATE THE DYNAMIC UPDATE PACKAGE

  1. Download the dynamic update package, then make sure that the checksums for the original files and the files that you have downloaded match.
  2. In the Management Client, select Menu > File > Import > Import Update Packages.
  3. Browse to the file, select it, then click Import.
  4. Select  Configuration, then browse to Administration > Other Elements > Updates.
  5. Right-click the imported dynamic update package, then select Activate.
  6. When the activation is finished, refresh the policy on all NGFW Engines. If your policy uses a custom template, you might need to edit the policy.

DISCLAIMER AND COPYRIGHT

Copyright © 2023 Forcepoint
Forcepoint and the FORCEPOINT logo are trademarks of Forcepoint.

All other trademarks used in this document are the property of their respective owners.

Every effort has been made to ensure the accuracy of this document. However, Forcepoint makes no warranties with respect to this documentation and disclaims any implied warranties of merchantability and fitness for a particular purpose. Forcepoint shall not be liable for any error or for incidental or consequential damages in connection with the furnishing, performance, or use of this manual or the examples herein. The information in this documentation is subject to change without notice.