Release notes for update package 1748-5242

This update package improves the detection capabilities of the Forcepoint NGFW system.

RELEASE DATE:    Friday July 05, 2024
MD5 CHECKSUM:    e8f9510fbda95ac45a8546c08bf840a8
SHA1 CHECKSUM:    11a0f0077b90d09ff863795091be7375dc92a0c2
SHA256 CHECKSUM:    5f1fda88979b3594b4d600dc18a6b301c3edfcf3bb421d41642f79c9991e8f7d


UPDATE CRITICALITY:    HIGH

MINIMUM SOFTWARE VERSIONS
- Forcepoint NGFW Security Management Center:    6.10.1.11125
- Forcepoint NGFW:    6.8.1.24103

List of detected attacks in this update package:

Risk levelDescriptionReferenceVulnerability
High     An attempt to exploit a vulnerability in CocoaPods detected     CVE-2024-38366     CocoaPods-Trunk-Server-Remote-Code-Execution-CVE-2024-38366
High     An attempt to exploit a vulnerability in the Netis MW5360 detected     CVE-2024-22729     Netis-Router-MW5360-Unauthenticated-RCE
High     An attempt to exploit a vulnerability in D-Link DIR-859 detected     CVE-2024-0769     D-Link-DIR-859-Path-Traversal-CVE-2024-0769
High     An attempt to exploit a vulnerability in LB-Link wireless routers detected     CVE-2023-26801     LB-Link-Command-Injection-CVE-2023-26801
High     An attempt to exploit a vulnerability in LibreNMS detected     CVE-2024-32461     LibreNMS-Packages.inc.php-Package-Name-SQL-Injection
High     An attempt to exploit a vulnerability in Ghostscript detected     CVE-2024-29510     Ghostscript-Format-String-Exploitation-CVE-2024-29510

Jump to: Detected Attacks Other Changes

DETECTED ATTACKS

New detected attacks:

HTTP Normalized Request-Line

RiskVulnerability/SituationReferencesRelated FingerprintSituation Type
High Netis-Router-MW5360-Unauthenticated-RCE CVE-2024-22729 HTTP_CRL-Netis-Router-MW5360-Unauthenticated-RCE Suspected Compromise
High D-Link-DIR-859-Path-Traversal-CVE-2024-0769 CVE-2024-0769 HTTP_CRL-D-Link-DIR-859-Path-Traversal-CVE-2024-0769 Suspected Compromise
High LB-Link-Command-Injection-CVE-2023-26801 CVE-2023-26801 HTTP_CRL-LB-Link-Command-Injection-CVE-2023-26801 Suspected Compromise
High LibreNMS-Packages.inc.php-Package-Name-SQL-Injection CVE-2024-32461 HTTP_CRL-LibreNMS-Packages.inc.php-Package-Name-SQL-Injection Suspected Compromise

Text File Stream

RiskVulnerability/SituationReferencesRelated FingerprintSituation Type
High CocoaPods-Trunk-Server-Remote-Code-Execution-CVE-2024-38366 CVE-2024-38366 File-Text_CocoaPods-Trunk-Server-Remote-Code-Execution-CVE-2024-38366 Suspected Compromise

Identified Text File Stream

RiskVulnerability/SituationReferencesRelated FingerprintSituation Type
High Ghostscript-Format-String-Exploitation-CVE-2024-29510 CVE-2024-29510 File-TextId_Ghostscript-Format-String-Exploitation-CVE-2024-29510 Potential Compromise

Updated detected attacks:

UDP Packet Unknown

RiskVulnerability/SituationReferencesRelated FingerprintSituation TypeChange Description
High Digium-Asterisk-App_Minivm-Caller-Id-Command-Execution CVE-2017-14100 Generic_UDP-Digium-Asterisk-App_Minivm-Caller-Id-Command-Execution Potential Compromise
Fingerprint regexp changed

TCP Client Stream Unknown

RiskVulnerability/SituationReferencesRelated FingerprintSituation TypeChange Description
High Solarwinds-Orion-Platform-MSMQ-Insecure-Deserialization CVE-2021-25274 Generic_CS-Solarwinds-Orion-Platform-MSMQ-Insecure-Deserialization Suspected Compromise
Detection mechanism updated

HTTP Request URI

RiskVulnerability/SituationReferencesRelated FingerprintSituation TypeChange Description
High ZyXEL-NAS-Remote-Code-Execution-CVE-2024-29974 CVE-2024-29974 HTTP_CSU-ZyXEL-NAS-Remote-Code-Execution-CVE-2024-29974 Potential Compromise
Fingerprint regexp changed

HTTP Normalized Request-Line

RiskVulnerability/SituationReferencesRelated FingerprintSituation TypeChange Description
High Ivanti-Avalanche-Copyfile-Directory-Traversal CVE-2024-23535 HTTP_CRL-Ivanti-Avalanche-Copyfile-Directory-Traversal Suspected Compromise
Fingerprint regexp changed
High Jenkins-Build-With-Parameters-Plugin-Stored-Cross-Site-Scripting CVE-2021-21628 HTTP_CRL-Jenkins-Build-With-Parameters-Plugin-Stored-Cross-Site-Scripting Suspected Compromise
Fingerprint regexp changed
High Wordpress-Core-Post-Slug-Stored-Cross-Site-Scripting CVE-2022-21662 HTTP_CRL-Wordpress-Core-Post-Slug-Stored-Cross-Site-Scripting Suspected Compromise
Fingerprint regexp changed

SIP UDP Client Stream

RiskVulnerability/SituationReferencesRelated FingerprintSituation TypeChange Description
High Digium-Asterisk-App_Minivm-Caller-Id-Command-Execution CVE-2017-14100 SIP-UDP_Digium-Asterisk-App_Minivm-Caller-Id-Command-Execution Potential Compromise
Fingerprint regexp changed

Text File Stream

RiskVulnerability/SituationReferencesRelated FingerprintSituation TypeChange Description
High Novell-Messenger-Client-Filename-Parameter-Stack-Buffer-Overflow CVE-2013-1085 File-Text_Novell-Messenger-Client-Filename-Parameter-Stack-Buffer-Overflow Suspected Compromise
Fingerprint regexp changed

LIST OF OTHER CHANGES:

New objects:

TypeName
CategoryCocoaPods
CategoryLB-Link

Updated objects:

TypeNameChanges
SituationURL_List-DNS-Over-HTTPS
Detection mechanism updated
IPListRwanda
IPListSomalia
IPListYemen
IPListIraq
IPListSaudi Arabia
IPListIran
IPListCyprus
IPListTanzania
IPListSyria
IPListArmenia
IPListKenya
IPListDR Congo
IPListDjibouti
IPListUganda
IPListCentral African Republic
IPListSeychelles
IPListJordan
IPListLebanon
IPListKuwait
IPListOman
IPListQatar
IPListBahrain
IPListUnited Arab Emirates
IPListIsrael
IPListTürkiye
IPListEthiopia
IPListEritrea
IPListEgypt
IPListSudan
IPListGreece
IPListBurundi
IPListEstonia
IPListLatvia
IPListAzerbaijan
IPListLithuania
IPListGeorgia
IPListMoldova
IPListBelarus
IPListFinland
IPListÅland Islands
IPListUkraine
IPListHungary
IPListBulgaria
IPListAlbania
IPListPoland
IPListRomania
IPListKosovo
IPListZimbabwe
IPListZambia
IPListComoros
IPListMalawi
IPListLesotho
IPListBotswana
IPListMauritius
IPListEswatini
IPListRéunion
IPListSouth Africa
IPListMayotte
IPListMozambique
IPListMadagascar
IPListAfghanistan
IPListPakistan
IPListBangladesh
IPListTurkmenistan
IPListTajikistan
IPListSri Lanka
IPListBhutan
IPListIndia
IPListMaldives
IPListNepal
IPListMyanmar
IPListUzbekistan
IPListKazakhstan
IPListKyrgyzstan
IPListFrench Southern Territories
IPListHeard and McDonald Islands
IPListCocos (Keeling) Islands
IPListPalau
IPListVietnam
IPListThailand
IPListIndonesia
IPListLaos
IPListTaiwan
IPListPhilippines
IPListMalaysia
IPListChina
IPListHong Kong
IPListBrunei
IPListMacao
IPListCambodia
IPListSouth Korea
IPListJapan
IPListSingapore
IPListCook Islands
IPListTimor-Leste
IPListRussia
IPListMongolia
IPListAustralia
IPListMarshall Islands
IPListFederated States of Micronesia
IPListPapua New Guinea
IPListSolomon Islands
IPListVanuatu
IPListNew Caledonia
IPListNew Zealand
IPListFiji
IPListLibya
IPListCameroon
IPListSenegal
IPListCongo Republic
IPListPortugal
IPListLiberia
IPListIvory Coast
IPListGhana
IPListEquatorial Guinea
IPListNigeria
IPListBurkina Faso
IPListTogo
IPListGuinea-Bissau
IPListMauritania
IPListBenin
IPListGabon
IPListSão Tomé and Príncipe
IPListGibraltar
IPListGambia
IPListGuinea
IPListChad
IPListNiger
IPListMali
IPListWestern Sahara
IPListTunisia
IPListSpain
IPListMorocco
IPListMalta
IPListAlgeria
IPListFaroe Islands
IPListDenmark
IPListIceland
IPListUnited Kingdom
IPListSwitzerland
IPListSweden
IPListThe Netherlands
IPListAustria
IPListBelgium
IPListGermany
IPListLuxembourg
IPListIreland
IPListMonaco
IPListFrance
IPListAndorra
IPListLiechtenstein
IPListJersey
IPListIsle of Man
IPListGuernsey
IPListSlovakia
IPListCzechia
IPListNorway
IPListVatican City
IPListSan Marino
IPListItaly
IPListSlovenia
IPListMontenegro
IPListCroatia
IPListBosnia and Herzegovina
IPListNamibia
IPListBouvet Island
IPListBarbados
IPListCabo Verde
IPListGuyana
IPListFrench Guiana
IPListGreenland
IPListParaguay
IPListUruguay
IPListBrazil
IPListFalkland Islands
IPListSouth Georgia and the South Sandwich Islands
IPListJamaica
IPListDominican Republic
IPListCuba
IPListMartinique
IPListBahamas
IPListBermuda
IPListAnguilla
IPListTrinidad and Tobago
IPListSt Kitts and Nevis
IPListDominica
IPListAntigua and Barbuda
IPListSaint Lucia
IPListTurks and Caicos Islands
IPListAruba
IPListBritish Virgin Islands
IPListSt Vincent and Grenadines
IPListMontserrat
IPListSaint Martin
IPListGuadeloupe
IPListGrenada
IPListCayman Islands
IPListBelize
IPListEl Salvador
IPListGuatemala
IPListHonduras
IPListCosta Rica
IPListVenezuela
IPListEcuador
IPListColombia
IPListPanama
IPListHaiti
IPListArgentina
IPListChile
IPListPeru
IPListMexico
IPListFrench Polynesia
IPListPitcairn Islands
IPListTonga
IPListWallis and Futuna
IPListSamoa
IPListNiue
IPListNorthern Mariana Islands
IPListGuam
IPListPuerto Rico
IPListU.S. Virgin Islands
IPListAmerican Samoa
IPListCanada
IPListUnited States
IPListPalestine
IPListSerbia
IPListSint Maarten
IPListCuraçao
IPListBonaire, Sint Eustatius, and Saba
IPListSouth Sudan
IPListTOR exit nodes IP Address List
IPListAmazon AMAZON
IPListAmazon EC2
IPListTOR relay nodes IP Address List
IPListMicrosoft Azure datacenter for centralindia
IPListMicrosoft Azure datacenter for centralus
IPListMicrosoft Azure datacenter for eastus
IPListMicrosoft Azure datacenter for japaneast
IPListAmazon GLOBALACCELERATOR
IPListMicrosoft Azure datacenter
IPListBotnet IP Address List
IPListMalicious Site IP Address List
IPListMicrosoft Azure service for PowerPlatformPlex
IPListNordVPN Servers IP Address List
IPListAmazon AMAZON ap-southeast-2
IPListAmazon EC2 ap-southeast-2
IPListAmazon AMAZON eu-central-1
IPListAmazon EC2 eu-central-1
IPListAmazon AMAZON eu-north-1
IPListAmazon EC2 eu-north-1
IPListAmazon AMAZON eu-west-1
IPListAmazon EC2 eu-west-1
IPListAmazon AMAZON eu-west-2
IPListAmazon EC2 eu-west-2
IPListAmazon AMAZON me-south-1
IPListAmazon GLOBALACCELERATOR me-south-1
IPListAmazon AMAZON us-east-1
IPListAmazon EC2 us-east-1
IPListAmazon AMAZON us-east-2
IPListForcepoint Drop IP Address List
IPListMicrosoft Azure service for SerialConsole
IPListAmazon AMAZON us-west-2
IPListAmazon EC2 us-west-2
IPListAmazon GLOBALACCELERATOR us-west-2
IPListMicrosoft Azure datacenter for norwaye
IPListMicrosoft Azure service for AzureCloud
IPListMicrosoft Azure service for AzureDigitalTwins
IPListMicrosoft Azure service for AzureMonitor
IPListMicrosoft Azure service for AzureMonitor_Core
IPListMicrosoft Azure datacenter for westus3
IPListMicrosoft Azure datacenter for spaincentral
IPListMicrosoft Azure datacenter for northeurope2
IPListMicrosoft Azure service for PowerPlatformInfra
IPListMicrosoft Azure service for AzureStack
SituationHTTP_CSU-Shared-Variables
SituationFile-Name_Shared-Variables
ApplicationTOR
ApplicationDNS-Over-HTTPS
ApplicationNordVPN

HOW TO IMPORT AND ACTIVATE THE DYNAMIC UPDATE PACKAGE

  1. Download the dynamic update package, then make sure that the checksums for the original files and the files that you have downloaded match.
  2. In the Management Client, select Menu > File > Import > Import Update Packages.
  3. Browse to the file, select it, then click Import.
  4. Select  Configuration, then browse to Administration > Other Elements > Updates.
  5. Right-click the imported dynamic update package, then select Activate.
  6. When the activation is finished, refresh the policy on all NGFW Engines. If your policy uses a custom template, you might need to edit the policy.

DISCLAIMER AND COPYRIGHT

Copyright © 2024 Forcepoint
Forcepoint and the FORCEPOINT logo are trademarks of Forcepoint.

All other trademarks used in this document are the property of their respective owners.

Every effort has been made to ensure the accuracy of this document. However, Forcepoint makes no warranties with respect to this documentation and disclaims any implied warranties of merchantability and fitness for a particular purpose. Forcepoint shall not be liable for any error or for incidental or consequential damages in connection with the furnishing, performance, or use of this manual or the examples herein. The information in this documentation is subject to change without notice.