Release notes for update package 1810-5242

This update package improves the detection capabilities of the Forcepoint NGFW system.

RELEASE DATE:	Thursday December 12, 2024
MD5 CHECKSUM:	b76ce9a34070b3bed8844ec27f997f12
SHA1 CHECKSUM:	1c9fd1b427b52275adae6dc6a0a5183536490f82
SHA256 CHECKSUM:	690199b1d355c268d7c8ae385c015f1aa1c8ade73c7dad912092f84bf7e401f1

UPDATE CRITICALITY: HIGH

MINIMUM SOFTWARE VERSIONS

- Forcepoint NGFW Security Management Center:	6.10.1.11125
- Forcepoint NGFW:	6.8.1.24103

List of detected attacks in this update package:

Risk level	Description	Reference	Vulnerability
High	An attempt to exploit a vulnerability in LibreNMS detected	CVE-2024-51092	LibreNMS-Authenticated-Command-Injection-CVE-2024-51092
High	An attempt to exploit a vulnerability in LibreNMS detected	CVE-2024-51092	LibreNMS-Aboutcontroller.php-Command-Injection
High	An attempt to exploit a vulnerability in JetBrains TeamCity	CVE-2024-47951	JetBrains-TeamCity-Global-Settings-Stored-Cross-Site-Scripting
High	An attempt to exploit a vulnerability in Grafana	CVE-2024-9264	Grafana-SQL-Expressions-Command-Injection-And-Local-File-Inclusion

Jump to: Detected Attacks Other Changes

DETECTED ATTACKS

New detected attacks:

HTTP Normalized Request-Line

Risk	Vulnerability/Situation	References	Related Fingerprint	Situation Type
High	Grafana-SQL-Expressions-Command-Injection-And-Local-File-Inclusion	CVE-2024-9264	HTTP_CRL-Grafana-SQL-Expressions-Command-Injection-And-Local-File-Inclusion	Suspected Compromise
High	LibreNMS-Aboutcontroller.php-Command-Injection	CVE-2024-51092	HTTP_CRL-LibreNMS-Aboutcontroller-Command-Injection	Suspected Compromise
High	JetBrains-TeamCity-Global-Settings-Stored-Cross-Site-Scripting	CVE-2024-47951	HTTP_CRL-JetBrains-TeamCity-Global-Settings-Stored-Cross-Site-Scripting	Suspected Compromise
High	LibreNMS-Authenticated-Command-Injection-CVE-2024-51092	CVE-2024-51092	HTTP_CRL-LibreNMS-Authenticated-Command-Injection-CVE-2024-51092	Suspected Compromise

Updated detected attacks:

HTTP Client Stream

Risk

Vulnerability/Situation

References

Related Fingerprint

Situation Type

Change Description

High

Microsoft-Sharepoint-Server-Generateproxyassembly-Code-Injection-CVE-2023-24955

CVE-2023-24955

HTTP_CS-Microsoft-Sharepoint-Server-Generateproxyassembly-Code-Injection-CVE-2023-24955

Suspected Compromise

Detection mechanism updated

High

Microsoft-Sharepoint-Server-Business-Data-Connectivity-Unsafe-Reflection

CVE-2024-21318

HTTP_CS-Microsoft-Sharepoint-Server-Business-Data-Connectivity-Unsafe-Reflection

Potential Compromise

Detection mechanism updated

High

Microsoft-Sharepoint-Server-Unsafe-Deserialization-CVE-2024-30044

CVE-2024-30044

HTTP_CS-Microsoft-Sharepoint-Server-Potential-Unsafe-Deserialization

Potential Compromise

Description has changed

High

Microsoft-Sharepoint-Server-Unsafe-Reflection-CVE-2024-38023

CVE-2024-38023

HTTP_CS-Microsoft-Sharepoint-Server-Unsafe-Reflection-CVE-2024-38023

Potential Compromise

Name: HTTP_CS-Microsoft-Sharepoint-Server-Unsafe-Reflection-CVE-2024-38024->HTTP_CS-Microsoft-Sharepoint-Server-Unsafe-Reflection-CVE-2024-38023

Description has changed

HTTP Normalized Request-Line

Risk

Vulnerability/Situation

References

Related Fingerprint

Situation Type

Change Description

High

Apache-Airflow-Remote-Code-Execution-CVE-2020-11978

CVE-2020-11978

HTTP_CRL_Apache-Airflow-Remote-Code-Execution-CVE-2020-11978

Suspected Compromise

Fingerprint regexp changed

LIST OF OTHER CHANGES:

Updated objects:

Type

Name

Changes

Situation

URL_List-DNS-Over-HTTPS

Detection mechanism updated

IPList

TOR exit nodes IP Address List

IPList

Amazon AMAZON

IPList

Amazon EC2

IPList

TOR relay nodes IP Address List

IPList

Botnet IP Address List

IPList

Malicious Site IP Address List

IPList

NordVPN Servers IP Address List

IPList

Amazon AMAZON us-east-1

IPList

Amazon EC2 us-east-1

IPList

Forcepoint Drop IP Address List

Application

TOR

Application

DNS-Over-HTTPS

Application

NordVPN

HOW TO IMPORT AND ACTIVATE THE DYNAMIC UPDATE PACKAGE

Download the dynamic update package, then make sure that the checksums for the original files and the files that you have downloaded match.
In the Management Client, select Menu > File > Import > Import Update Packages.
Browse to the file, select it, then click Import.
Select Configuration, then browse to Administration > Other Elements > Updates.
Right-click the imported dynamic update package, then select Activate.
When the activation is finished, refresh the policy on all NGFW Engines. If your policy uses a custom template, you might need to edit the policy.

DISCLAIMER AND COPYRIGHT

Copyright © 2024 Forcepoint
Forcepoint and the FORCEPOINT logo are trademarks of Forcepoint.

All other trademarks used in this document are the property of their respective owners.

Every effort has been made to ensure the accuracy of this document. However, Forcepoint makes no warranties with respect to this documentation and disclaims any implied warranties of merchantability and fitness for a particular purpose. Forcepoint shall not be liable for any error or for incidental or consequential damages in connection with the furnishing, performance, or use of this manual or the examples herein. The information in this documentation is subject to change without notice.