Release notes for update package 1680-5242

This update package improves the detection capabilities of the Forcepoint NGFW system.

RELEASE DATE:    Friday January 26, 2024
MD5 CHECKSUM:    1a8b97e959f266d39970a36f6c50e554
SHA1 CHECKSUM:    f88fd124de3413db651c18d0a6d7e7e7d5825174
SHA256 CHECKSUM:    daca1535cac4074d0784e1f8234eac3df5cd3060c397234240437d0f4b69c309

UPDATE CRITICALITY:    MODERATE

MINIMUM SOFTWARE VERSIONS
- Forcepoint NGFW Security Management Center:    6.5.1.10631
- Forcepoint NGFW:    6.5.1.21108

Jump to: Detected Attacks Other Changes

DETECTED ATTACKS

Updated detected attacks:

HTTP Request URI

RiskVulnerability/SituationReferencesRelated FingerprintSituation TypeChange Description
High Novell-Groupwise-HTTP-Interfaces-Arbitrary-File-Retrieval CVE-2012-0419 HTTP_CSU-Novell-Groupwise-HTTP-Interfaces-Arbitrary-File-Retrieval Suspected Compromise
Description has changed

HTTP Normalized Request-Line

RiskVulnerability/SituationReferencesRelated FingerprintSituation TypeChange Description
High F5-Networks-Big-IP-TMUI-Directory-Traversal-CVE-2020-5902 CVE-2020-5902 HTTP_CRL-F5-Networks-Big-IP-TMUI-Directory-Traversal-CVE-2020-5902 Suspected Compromise
Description has changed

LIST OF OTHER CHANGES:

New objects:

TypeName
IPListMicrosoft Azure service for Storage_EastUS
SituationURLList 3211307
SituationURLList 3211308
SituationURLList 3211309

Updated objects:

TypeNameChanges
SituationURL_List-DNS-Over-HTTPS
Detection mechanism updated
IPListRwanda
IPListIraq
IPListSaudi Arabia
IPListIran
IPListCyprus
IPListTanzania
IPListArmenia
IPListKenya
IPListUganda
IPListSeychelles
IPListJordan
IPListLebanon
IPListKuwait
IPListQatar
IPListBahrain
IPListUnited Arab Emirates
IPListIsrael
IPListTürkiye
IPListEthiopia
IPListEgypt
IPListGreece
IPListEstonia
IPListLatvia
IPListAzerbaijan
IPListLithuania
IPListGeorgia
IPListMoldova
IPListFinland
IPListÅland Islands
IPListUkraine
IPListNorth Macedonia
IPListHungary
IPListBulgaria
IPListAlbania
IPListPoland
IPListRomania
IPListZimbabwe
IPListZambia
IPListBotswana
IPListMauritius
IPListRéunion
IPListSouth Africa
IPListMayotte
IPListPakistan
IPListBangladesh
IPListIndia
IPListMyanmar
IPListUzbekistan
IPListKazakhstan
IPListVietnam
IPListThailand
IPListIndonesia
IPListTaiwan
IPListPhilippines
IPListMalaysia
IPListChina
IPListHong Kong
IPListMacao
IPListCambodia
IPListSouth Korea
IPListJapan
IPListSingapore
IPListRussia
IPListMongolia
IPListAustralia
IPListPapua New Guinea
IPListNew Zealand
IPListLibya
IPListPortugal
IPListGhana
IPListNigeria
IPListGibraltar
IPListSpain
IPListMalta
IPListDenmark
IPListIceland
IPListUnited Kingdom
IPListSwitzerland
IPListSweden
IPListThe Netherlands
IPListAustria
IPListBelgium
IPListGermany
IPListLuxembourg
IPListIreland
IPListFrance
IPListLiechtenstein
IPListJersey
IPListGuernsey
IPListSlovakia
IPListCzechia
IPListNorway
IPListVatican City
IPListItaly
IPListSlovenia
IPListMontenegro
IPListCroatia
IPListAngola
IPListNamibia
IPListBarbados
IPListFrench Guiana
IPListSaint Pierre and Miquelon
IPListParaguay
IPListUruguay
IPListBrazil
IPListJamaica
IPListDominican Republic
IPListMartinique
IPListAnguilla
IPListSt Kitts and Nevis
IPListDominica
IPListAntigua and Barbuda
IPListSaint Lucia
IPListTurks and Caicos Islands
IPListBritish Virgin Islands
IPListMontserrat
IPListGuadeloupe
IPListGrenada
IPListBelize
IPListEl Salvador
IPListGuatemala
IPListHonduras
IPListCosta Rica
IPListVenezuela
IPListEcuador
IPListColombia
IPListPanama
IPListArgentina
IPListChile
IPListBolivia
IPListPeru
IPListMexico
IPListNorthern Mariana Islands
IPListGuam
IPListPuerto Rico
IPListU.S. Virgin Islands
IPListAmerican Samoa
IPListCanada
IPListUnited States
IPListSerbia
IPListCuraçao
IPListTOR exit nodes IP Address List
IPListAmazon AMAZON
IPListAmazon EC2
IPListAmazon CLOUDFRONT
IPListMicrosoft Azure datacenter for australiaeast
IPListMicrosoft Azure datacenter for australiasoutheast
IPListTOR relay nodes IP Address List
IPListMicrosoft Azure datacenter for centralindia
IPListMicrosoft Azure datacenter for centraluseuap
IPListMicrosoft Azure datacenter for centralus
IPListMicrosoft Azure datacenter for eastus2euap
IPListMicrosoft Azure datacenter for eastus2
IPListMicrosoft Azure datacenter for eastus
IPListMicrosoft Azure datacenter for japanwest
IPListNetflix Servers
IPListMicrosoft Azure datacenter for northcentralus
IPListMicrosoft Azure datacenter for northeurope
IPListMicrosoft Azure datacenter for southcentralus
IPListMicrosoft Azure datacenter for southindia
IPListMicrosoft Azure datacenter for westcentralus
IPListMicrosoft Azure datacenter for westeurope
IPListMicrosoft Azure datacenter for westus
IPListMicrosoft Azure datacenter
IPListAmazon AMAZON af-south-1
IPListAmazon AMAZON ap-south-2
IPListAmazon AMAZON eu-central-2
IPListAmazon AMAZON ap-northeast-2
IPListMicrosoft Azure service for AzureHealthcareAPIs
IPListAmazon AMAZON ap-northeast-3
IPListBotnet IP Address List
IPListMalicious Site IP Address List
IPListMicrosoft Azure service for Dynamics365BusinessCentral
IPListNordVPN Servers IP Address List
IPListMicrosoft Azure service for AzureSpringCloud
IPListMicrosoft Azure service for CognitiveServicesFrontend
IPListAmazon AMAZON ap-southeast-2
IPListAmazon EC2 ap-southeast-2
IPListAmazon AMAZON eu-central-1
IPListMicrosoft Azure service for KustoAnalytics
IPListAmazon AMAZON eu-north-1
IPListAmazon AMAZON ap-southeast-5
IPListAmazon AMAZON eu-west-1
IPListMicrosoft Azure service for AzureMachineLearningInference
IPListAmazon AMAZON me-south-1
IPListMicrosoft Azure service for VideoIndexer
IPListAmazon AMAZON sa-east-1
IPListAmazon AMAZON eusc-de-east-1
IPListAmazon CLOUDFRONT us-east-2
IPListMicrosoft Azure service for Scuba
IPListAmazon AMAZON us-gov-east-1
IPListAmazon AMAZON us-gov-west-1
IPListAmazon AMAZON us-west-1
IPListAmazon AMAZON ap-southeast-3
IPListMicrosoft Azure service for ActionGroup
IPListMicrosoft Azure service for ApiManagement
IPListMicrosoft Azure service for AppConfiguration
IPListMicrosoft Azure service for AppService
IPListMicrosoft Azure service for AppServiceManagement
IPListMicrosoft Azure service for AzureActiveDirectory_ServiceEndpoint
IPListMicrosoft Azure service for AzureAdvancedThreatProtection
IPListMicrosoft Azure service for AzureArcInfrastructure
IPListMicrosoft Azure service for AzureBackup
IPListMicrosoft Azure service for AzureBotService
IPListMicrosoft Azure service for AzureCloud
IPListMicrosoft Azure service for AzureCognitiveSearch
IPListMicrosoft Azure service for AzureConnectors
IPListMicrosoft Azure service for AzureContainerRegistry
IPListMicrosoft Azure service for AzureCosmosDB
IPListMicrosoft Azure service for AzureDatabricks
IPListMicrosoft Azure service for AzureDataExplorerManagement
IPListMicrosoft Azure service for AzureDigitalTwins
IPListMicrosoft Azure service for AzureEventGrid
IPListMicrosoft Azure service for AzureIoTHub
IPListMicrosoft Azure service for AzureKeyVault
IPListMicrosoft Azure service for AzureMachineLearning
IPListMicrosoft Azure service for AzureMonitor
IPListMicrosoft Azure service for AzureMonitor_Core
IPListMicrosoft Azure service for AzurePortal
IPListMicrosoft Azure service for AzureResourceManager
IPListMicrosoft Azure service for AzureSiteRecovery
IPListMicrosoft Azure service for AzureTrafficManager
IPListMicrosoft Azure service for BatchNodeManagement
IPListMicrosoft Azure service for CognitiveServicesManagement
IPListMicrosoft Azure service for DataFactory
IPListMicrosoft Azure service for DataFactoryManagement
IPListMicrosoft Azure service for EventHub
IPListMicrosoft Azure service for GatewayManager
IPListMicrosoft Azure service for GuestAndHybridManagement
IPListMicrosoft Azure service for HDInsight
IPListMicrosoft Azure service for LogicApps
IPListMicrosoft Azure service for LogicAppsManagement
IPListMicrosoft Azure service for MicrosoftContainerRegistry
IPListMicrosoft Azure service for PowerBI
IPListMicrosoft Azure service for PowerQueryOnline
IPListMicrosoft Azure service for ServiceBus
IPListMicrosoft Azure service for ServiceFabric
IPListMicrosoft Azure service for Sql
IPListMicrosoft Azure service for SqlManagement
IPListMicrosoft Azure service for Storage
IPListMicrosoft Azure service for StorageSyncService
IPListMicrosoft Azure service for AzureUpdateDelivery
IPListMicrosoft Azure datacenter for westus3
IPListMicrosoft Azure service for EOPExternalPublishedIPs
IPListAmazon AMAZON ap-southeast-4
IPListAmazon EBS af-south-1
IPListAmazon EBS ap-east-1
IPListAmazon EBS ap-northeast-1
IPListAmazon EBS ap-northeast-2
IPListAmazon EBS ap-northeast-3
IPListAmazon EBS ap-southeast-1
IPListAmazon EBS ap-southeast-2
IPListAmazon EBS ca-central-1
IPListAmazon EBS cn-north-1
IPListAmazon EBS cn-northwest-1
IPListAmazon EBS eu-central-1
IPListAmazon EBS eu-north-1
IPListAmazon EBS eu-south-1
IPListAmazon EBS eu-west-1
IPListAmazon EBS eu-west-2
IPListAmazon EBS me-south-1
IPListAmazon EBS us-east-1
IPListAmazon EBS us-east-2
IPListAmazon EBS us-west-2
IPListAmazon EBS
IPListMicrosoft Azure service for AzureAttestation
IPListMicrosoft Azure service for M365ManagementActivityApi
IPListMicrosoft Azure service for WindowsAdminCenter
IPListMicrosoft Azure service for PowerPlatformInfra
IPListMicrosoft Azure service for M365ManagementActivityApiWebhook
IPListAmazon AMAZON ca-west-1
IPListMicrosoft Azure service for AzureSentinel
SituationHTTP_PSU-Shared-Variables
Fingerprint regexp changed
ApplicationLinkedIn
Category tag application_group Application Routing removed
Application detection context content changed
Application Port "tcp/443 tls: mandatory" -> "tcp/443 tls: free"
TLS Match identification changed from true to false
ApplicationNetflix
ApplicationTOR
ApplicationDNS-Over-HTTPS
ApplicationNordVPN
ApplicationLinkedIn-CDN
Name: LinkedIn CDN->LinkedIn-CDN
Category tag application_group Application Routing removed
Application detection context content changed
Application Port "tcp/443 tls: mandatory" -> "tcp/443 tls: free"
TLS Match identification changed from true to false
ApplicationLinkedIn-Learning
Name: LinkedIn Learning->LinkedIn-Learning
Description has changed
Category tag application_group Application Routing removed
Application detection context content changed
Situation ContextHTTP URL

HOW TO IMPORT AND ACTIVATE THE DYNAMIC UPDATE PACKAGE

  1. Download the dynamic update package, then make sure that the checksums for the original files and the files that you have downloaded match.
  2. In the Management Client, select Menu > File > Import > Import Update Packages.
  3. Browse to the file, select it, then click Import.
  4. Select  Configuration, then browse to Administration > Other Elements > Updates.
  5. Right-click the imported dynamic update package, then select Activate.
  6. When the activation is finished, refresh the policy on all NGFW Engines. If your policy uses a custom template, you might need to edit the policy.

DISCLAIMER AND COPYRIGHT

Copyright © 2024 Forcepoint
Forcepoint and the FORCEPOINT logo are trademarks of Forcepoint.

All other trademarks used in this document are the property of their respective owners.

Every effort has been made to ensure the accuracy of this document. However, Forcepoint makes no warranties with respect to this documentation and disclaims any implied warranties of merchantability and fitness for a particular purpose. Forcepoint shall not be liable for any error or for incidental or consequential damages in connection with the furnishing, performance, or use of this manual or the examples herein. The information in this documentation is subject to change without notice.