This update package improves the detection capabilities of the Forcepoint NGFW system.
| RELEASE DATE: | Thursday April 11, 2024 |
| MD5 CHECKSUM: | 9e69f95145f5deb433c48bc35ecdcad2 |
| SHA1 CHECKSUM: | 39d04bfb5de25d2a487749d3e70d4a78f301f096 |
| SHA256 CHECKSUM: | fb2a45705f1994d0d06faa714b6cfcf69fba4effa8d0ba16d4d3cb888f5a2ac6 |
UPDATE CRITICALITY: HIGH
MINIMUM SOFTWARE VERSIONS
| - Forcepoint NGFW Security Management Center: | 6.10.1.11125 |
| - Forcepoint NGFW: | 6.8.1.24103 |
List of detected attacks in this update package:
| Risk level | Description | Reference | Vulnerability |
|---|---|---|---|
| High | An attempt to exploit a vulnerability in Nagios XI detected | CVE-2024-24401 | Nagios-XI-favorites.inc.php-SQL-Injection |
| High | An attempt to exploit a vulnerability in Apache Solr detected | CVE-2023-50386 | Apache-Solr-Configsets-Arbitrary-File-Upload-CVE-2023-50386 |
| High | An attempt to exploit a vulnerability in Delta Industrial Automation DIAEnergie detected | CVE-2024-23494 | Delta-Industrial-Automation-Diaenergie-GetDIAE_unListParameters-SQL-Injection |
| High | An attempt to exploit a vulnerability in Gibbon Edu detected | CVE-2024-24725 | Gibbon-School-Platform-Authenticated-PHP-Deserialization-Vulnerability |
| High | An attempt to exploit a vulnerability in Django detected | CVE-2023-46695 | Django-Usernamefield-Denial-Of-Service |
| High | An attempt to exploit a vulnerability in Apache Solr detected | CVE-2023-50386 | Apache-Solr-Configsets-Arbitrary-File-Upload-CVE-2023-50386 |
| High | An attempt to exploit a vulnerability in Arcserve Unified Data Protection detected | CVE-2024-0801 | Arcserve-Unified-Data-Protection-Asnative.dll-Validate-Denial-Of-Service |
| High | An attempt to exploit a vulnerability in Apache Solr detected | CVE-2023-50386 | Apache-Solr-Configsets-Arbitrary-File-Upload-CVE-2023-50386 |
| High | An attempt to exploit a vulnerability in Apache Solr detected | CVE-2023-50386 | Apache-Solr-Configsets-Arbitrary-File-Upload-CVE-2023-50386 |
Jump to: Detected Attacks Other Changes
DETECTED ATTACKS
New detected attacks:
HTTP Request URI
| Risk | Vulnerability/Situation | References | Related Fingerprint | Situation Type |
|---|---|---|---|---|
| High | Nagios-XI-favorites.inc.php-SQL-Injection | CVE-2024-24401 | HTTP_CSU-Nagios-XI-favorites.inc.php-SQL-Injection | Suspected Compromise |
| High | Apache-Solr-Configsets-Arbitrary-File-Upload-CVE-2023-50386 | CVE-2023-50386 | HTTP_CSU-Apache-Solr-Configsets-Arbitrary-File-Upload-CVE-2023-50386 | Suspected Compromise |
HTTP Normalized Request-Line
| Risk | Vulnerability/Situation | References | Related Fingerprint | Situation Type |
|---|---|---|---|---|
| High | Delta-Industrial-Automation-Diaenergie-GetDIAE_unListParameters-SQL-Injection | CVE-2024-23494 | HTTP_CRL-Delta-Industrial-Automation-Diaenergie-GetDIAE_unListParameters-SQL-Injection | Suspected Compromise |
| High | Gibbon-School-Platform-Authenticated-PHP-Deserialization-Vulnerability | CVE-2024-24725 | HTTP_CRL-Gibbon-School-Platform-Authenticated-PHP-Deserialization-Vulnerability | Suspected Compromise |
| High | Django-Usernamefield-Denial-Of-Service | CVE-2023-46695 | HTTP_CRL-Django-Usernamefield-Denial-Of-Service | Suspected Compromise |
Other Binary File Stream
| Risk | Vulnerability/Situation | References | Related Fingerprint | Situation Type |
|---|---|---|---|---|
| High | Apache-Solr-Configsets-Arbitrary-File-Upload-CVE-2023-50386 | CVE-2023-50386 | File-Binary_Apache-Solr-Configsets-Arbitrary-File-Upload-CVE-2023-50386 | Suspected Compromise |
Identified Text File Stream
| Risk | Vulnerability/Situation | References | Related Fingerprint | Situation Type |
|---|---|---|---|---|
| High | Arcserve-Unified-Data-Protection-Asnative.dll-Validate-Denial-Of-Service | CVE-2024-0801 | File-TextId_Arcserve-Unified-Data-Protection-Asnative.dll-Validate-Denial-Of-Service | Suspected Compromise |
Zip File Stream
| Risk | Vulnerability/Situation | References | Related Fingerprint | Situation Type |
|---|---|---|---|---|
| High | Apache-Solr-Configsets-Arbitrary-File-Upload-CVE-2023-50386 | CVE-2023-50386 | File-Zip_Apache-Solr-Configsets-Arbitrary-File-Upload-CVE-2023-50386 | Suspected Compromise |
Archive type identification from member names
| Risk | Vulnerability/Situation | References | Related Fingerprint | Situation Type |
|---|---|---|---|---|
| High | Apache-Solr-Configsets-Arbitrary-File-Upload-CVE-2023-50386 | CVE-2023-50386 | File-Member-Name_Apache-Solr-Configsets-Arbitrary-File-Upload-CVE-2023-50386 | Suspected Compromise |
Updated detected attacks:
HTTP Request URI
| Risk | Vulnerability/Situation | References | Related Fingerprint | Situation Type | Change Description | |
|---|---|---|---|---|---|---|
| High | Sundown-Malware | No CVE/CAN | HTTP_CSU-Sundown-Malware-Activity | Botnet |
|
|
| High | HTTP-Apache-Struts-Directory-Traversal-File-Disclosure | CVE-2008-6505 | HTTP_CSU-Apache-Struts-Encoded-Dot-Dot-Slash-Directory-Traversal | Disclosure |
|
Other Binary File Stream
LIST OF OTHER CHANGES:
New objects:
| Type | Name |
|---|---|
| Application | ByteDance |
| Application | Transcend |
Updated objects:
| Type | Name | Changes | ||||
|---|---|---|---|---|---|---|
| Situation | URL_List-DNS-Over-HTTPS |
|
||||
| IPList | Iraq | |||||
| IPList | Saudi Arabia | |||||
| IPList | Iran | |||||
| IPList | Cyprus | |||||
| IPList | Tanzania | |||||
| IPList | Kenya | |||||
| IPList | DR Congo | |||||
| IPList | Uganda | |||||
| IPList | Jordan | |||||
| IPList | Lebanon | |||||
| IPList | Kuwait | |||||
| IPList | Qatar | |||||
| IPList | Bahrain | |||||
| IPList | United Arab Emirates | |||||
| IPList | Israel | |||||
| IPList | Türkiye | |||||
| IPList | Egypt | |||||
| IPList | Greece | |||||
| IPList | Estonia | |||||
| IPList | Latvia | |||||
| IPList | Azerbaijan | |||||
| IPList | Lithuania | |||||
| IPList | Moldova | |||||
| IPList | Belarus | |||||
| IPList | Finland | |||||
| IPList | Ukraine | |||||
| IPList | Hungary | |||||
| IPList | Bulgaria | |||||
| IPList | Albania | |||||
| IPList | Poland | |||||
| IPList | Romania | |||||
| IPList | Zimbabwe | |||||
| IPList | Zambia | |||||
| IPList | Lesotho | |||||
| IPList | Mauritius | |||||
| IPList | Réunion | |||||
| IPList | South Africa | |||||
| IPList | Mayotte | |||||
| IPList | Mozambique | |||||
| IPList | Afghanistan | |||||
| IPList | Pakistan | |||||
| IPList | Bangladesh | |||||
| IPList | Sri Lanka | |||||
| IPList | Bhutan | |||||
| IPList | India | |||||
| IPList | Nepal | |||||
| IPList | Myanmar | |||||
| IPList | Kazakhstan | |||||
| IPList | Vietnam | |||||
| IPList | Thailand | |||||
| IPList | Indonesia | |||||
| IPList | Taiwan | |||||
| IPList | Philippines | |||||
| IPList | Malaysia | |||||
| IPList | China | |||||
| IPList | Hong Kong | |||||
| IPList | Cambodia | |||||
| IPList | South Korea | |||||
| IPList | Japan | |||||
| IPList | North Korea | |||||
| IPList | Singapore | |||||
| IPList | Timor-Leste | |||||
| IPList | Russia | |||||
| IPList | Mongolia | |||||
| IPList | Australia | |||||
| IPList | New Zealand | |||||
| IPList | Portugal | |||||
| IPList | Ghana | |||||
| IPList | Nigeria | |||||
| IPList | Mauritania | |||||
| IPList | São Tomé and Príncipe | |||||
| IPList | Gibraltar | |||||
| IPList | Spain | |||||
| IPList | Denmark | |||||
| IPList | Iceland | |||||
| IPList | United Kingdom | |||||
| IPList | Switzerland | |||||
| IPList | Sweden | |||||
| IPList | The Netherlands | |||||
| IPList | Austria | |||||
| IPList | Belgium | |||||
| IPList | Germany | |||||
| IPList | Luxembourg | |||||
| IPList | Ireland | |||||
| IPList | France | |||||
| IPList | Liechtenstein | |||||
| IPList | Jersey | |||||
| IPList | Guernsey | |||||
| IPList | Slovakia | |||||
| IPList | Czechia | |||||
| IPList | Norway | |||||
| IPList | Italy | |||||
| IPList | Slovenia | |||||
| IPList | Croatia | |||||
| IPList | Bosnia and Herzegovina | |||||
| IPList | Angola | |||||
| IPList | Namibia | |||||
| IPList | French Guiana | |||||
| IPList | Uruguay | |||||
| IPList | Brazil | |||||
| IPList | Jamaica | |||||
| IPList | Dominican Republic | |||||
| IPList | Martinique | |||||
| IPList | Bahamas | |||||
| IPList | Anguilla | |||||
| IPList | Trinidad and Tobago | |||||
| IPList | St Kitts and Nevis | |||||
| IPList | Antigua and Barbuda | |||||
| IPList | Saint Lucia | |||||
| IPList | British Virgin Islands | |||||
| IPList | St Vincent and Grenadines | |||||
| IPList | Montserrat | |||||
| IPList | Saint Martin | |||||
| IPList | Guadeloupe | |||||
| IPList | Grenada | |||||
| IPList | Cayman Islands | |||||
| IPList | Belize | |||||
| IPList | El Salvador | |||||
| IPList | Guatemala | |||||
| IPList | Honduras | |||||
| IPList | Nicaragua | |||||
| IPList | Costa Rica | |||||
| IPList | Venezuela | |||||
| IPList | Ecuador | |||||
| IPList | Colombia | |||||
| IPList | Panama | |||||
| IPList | Argentina | |||||
| IPList | Chile | |||||
| IPList | Peru | |||||
| IPList | Mexico | |||||
| IPList | French Polynesia | |||||
| IPList | Tonga | |||||
| IPList | Samoa | |||||
| IPList | Northern Mariana Islands | |||||
| IPList | Guam | |||||
| IPList | Puerto Rico | |||||
| IPList | U.S. Virgin Islands | |||||
| IPList | American Samoa | |||||
| IPList | Canada | |||||
| IPList | United States | |||||
| IPList | Serbia | |||||
| IPList | Sint Maarten | |||||
| IPList | TOR exit nodes IP Address List | |||||
| IPList | Amazon AMAZON | |||||
| IPList | Amazon EC2 | |||||
| IPList | Google Servers | |||||
| IPList | TOR relay nodes IP Address List | |||||
| IPList | Microsoft Azure datacenter for centralus | |||||
| IPList | Microsoft Azure datacenter for eastus2euap | |||||
| IPList | Microsoft Azure datacenter for eastus2 | |||||
| IPList | Microsoft Azure datacenter for eastus | |||||
| IPList | Microsoft Azure datacenter for japaneast | |||||
| IPList | Microsoft Azure datacenter for northeurope | |||||
| IPList | Microsoft Azure datacenter for southcentralus | |||||
| IPList | Microsoft Azure datacenter for westeurope | |||||
| IPList | Microsoft Azure datacenter for westus | |||||
| IPList | Microsoft Azure datacenter | |||||
| IPList | Microsoft Azure service for AzureHealthcareAPIs | |||||
| IPList | Botnet IP Address List | |||||
| IPList | Malicious Site IP Address List | |||||
| IPList | NordVPN Servers IP Address List | |||||
| IPList | Microsoft Azure service for AzureSpringCloud | |||||
| IPList | Microsoft Azure service for CognitiveServicesFrontend | |||||
| IPList | Microsoft Azure service for KustoAnalytics | |||||
| IPList | Microsoft Azure service for AzureMachineLearningInference | |||||
| IPList | Microsoft Azure service for VideoIndexer | |||||
| IPList | Amazon AMAZON us-east-1 | |||||
| IPList | Amazon EC2 us-east-1 | |||||
| IPList | Forcepoint Extended Drop IP Address List | |||||
| IPList | Microsoft Azure service for Scuba | |||||
| IPList | Sinkhole IP List | |||||
| IPList | Microsoft Azure service for ActionGroup | |||||
| IPList | Microsoft Azure service for ApiManagement | |||||
| IPList | Microsoft Azure service for AppConfiguration | |||||
| IPList | Microsoft Azure service for AppService | |||||
| IPList | Microsoft Azure service for AppServiceManagement | |||||
| IPList | Microsoft Azure service for AzureActiveDirectory_ServiceEndpoint | |||||
| IPList | Microsoft Azure service for AzureAdvancedThreatProtection | |||||
| IPList | Microsoft Azure service for AzureArcInfrastructure | |||||
| IPList | Microsoft Azure service for AzureBackup | |||||
| IPList | Microsoft Azure service for AzureBotService | |||||
| IPList | Microsoft Azure service for AzureCloud | |||||
| IPList | Microsoft Azure service for AzureCognitiveSearch | |||||
| IPList | Microsoft Azure service for AzureConnectors | |||||
| IPList | Microsoft Azure service for AzureContainerRegistry | |||||
| IPList | Microsoft Azure service for AzureCosmosDB | |||||
| IPList | Microsoft Azure service for AzureDatabricks | |||||
| IPList | Microsoft Azure service for AzureDataExplorerManagement | |||||
| IPList | Microsoft Azure service for AzureDigitalTwins | |||||
| IPList | Microsoft Azure service for AzureEventGrid | |||||
| IPList | Microsoft Azure service for AzureFrontDoor_FirstParty | |||||
| IPList | Microsoft Azure service for AzureKeyVault | |||||
| IPList | Microsoft Azure service for AzureMachineLearning | |||||
| IPList | Microsoft Azure service for AzureMonitor | |||||
| IPList | Microsoft Azure service for AzureMonitor_Core | |||||
| IPList | Microsoft Azure service for AzurePortal | |||||
| IPList | Microsoft Azure service for AzureResourceManager | |||||
| IPList | Microsoft Azure service for AzureSiteRecovery | |||||
| IPList | Microsoft Azure service for BatchNodeManagement | |||||
| IPList | Microsoft Azure service for CognitiveServicesManagement | |||||
| IPList | Microsoft Azure service for DataFactory | |||||
| IPList | Microsoft Azure service for DataFactoryManagement | |||||
| IPList | Microsoft Azure service for EventHub | |||||
| IPList | Microsoft Azure service for GatewayManager | |||||
| IPList | Microsoft Azure service for GuestAndHybridManagement | |||||
| IPList | Microsoft Azure service for HDInsight | |||||
| IPList | Microsoft Azure service for LogicApps | |||||
| IPList | Microsoft Azure service for LogicAppsManagement | |||||
| IPList | Microsoft Azure service for MicrosoftContainerRegistry | |||||
| IPList | Microsoft Azure service for PowerBI | |||||
| IPList | Microsoft Azure service for PowerQueryOnline | |||||
| IPList | Microsoft Azure service for ServiceBus | |||||
| IPList | Microsoft Azure service for ServiceFabric | |||||
| IPList | Microsoft Azure service for Sql | |||||
| IPList | Microsoft Azure service for SqlManagement | |||||
| IPList | Microsoft Azure service for StorageSyncService | |||||
| IPList | Microsoft Azure service for AzureAttestation | |||||
| IPList | Microsoft Azure datacenter for mexicocentral | |||||
| IPList | Microsoft Azure datacenter for spaincentral | |||||
| IPList | Microsoft Azure service for WindowsAdminCenter | |||||
| IPList | Microsoft Azure service for AzureSentinel | |||||
| Situation | HTTP_CSU-Shared-Variables | |||||
| Application | ESPN | |||||
| Application | Snapchat | |||||
| Application | TOR | |||||
| Application | DNS-Over-HTTPS | |||||
| Application | NordVPN | |||||
| Application | Neustar |
|
HOW TO IMPORT AND ACTIVATE THE DYNAMIC UPDATE PACKAGE
- Download the dynamic update package, then make sure that the checksums for the original files and the files that you have downloaded match.
- In the Management Client, select Menu > File > Import > Import Update Packages.
- Browse to the file, select it, then click Import.
- Select Configuration, then browse to Administration > Other Elements > Updates.
- Right-click the imported dynamic update package, then select Activate.
- When the activation is finished, refresh the policy on all NGFW Engines. If your policy uses a custom template, you might need to edit the policy.
DISCLAIMER AND COPYRIGHT
Copyright © 2024 Forcepoint
Forcepoint and the FORCEPOINT logo are trademarks of Forcepoint.
All other trademarks used in this document are the property of their respective owners.
Every effort has been made to ensure the accuracy of this document. However, Forcepoint makes no warranties with respect to this documentation and disclaims any implied warranties of merchantability and fitness for a particular purpose. Forcepoint shall not be liable for any error or for incidental or consequential damages in connection with the furnishing, performance, or use of this manual or the examples herein. The information in this documentation is subject to change without notice.
Forcepoint and the FORCEPOINT logo are trademarks of Forcepoint.
All other trademarks used in this document are the property of their respective owners.
Every effort has been made to ensure the accuracy of this document. However, Forcepoint makes no warranties with respect to this documentation and disclaims any implied warranties of merchantability and fitness for a particular purpose. Forcepoint shall not be liable for any error or for incidental or consequential damages in connection with the furnishing, performance, or use of this manual or the examples herein. The information in this documentation is subject to change without notice.