Release notes for update package 1872-5242

This update package improves the detection capabilities of the Forcepoint NGFW system.

RELEASE DATE:    Monday April 28, 2025
MD5 CHECKSUM:    cb1af9b6cf2726e1e047d917c22af936
SHA1 CHECKSUM:    aa5464f6688aff4fb9c738f79be163a177aea02e
SHA256 CHECKSUM:    44ad142055ce3acaf1a17759595d27f9f3aaf4e052137dce983bb3177583ae36


UPDATE CRITICALITY:    HIGH

MINIMUM SOFTWARE VERSIONS
- Forcepoint NGFW Security Management Center:    6.10.1.11125
- Forcepoint NGFW:    6.8.1.24103

List of detected attacks in this update package:

Risk levelDescriptionReferenceVulnerability
High     An attempt to exploit a vulnerability in CyberPanel     CVE-2024-53376     Cyberpanel-submitWebsiteCreation-Command-Injection-CVE-2024-53376

Jump to: Detected Attacks Other Changes

DETECTED ATTACKS

New detected attacks:

HTTP Client Stream

RiskVulnerability/SituationReferencesRelated FingerprintSituation Type
High Cyberpanel-submitWebsiteCreation-Command-Injection-CVE-2024-53376 CVE-2024-53376 HTTP_CS-Cyberpanel-submitWebsiteCreation-Command-Injection-CVE-2024-53376 Suspected Compromise

Updated detected attacks:

HTTP Client Stream

RiskVulnerability/SituationReferencesRelated FingerprintSituation TypeChange Description
High Apache-Tomcat-WebSocket-Infinite-Loop-DoS CVE-2020-13935 HTTP_CS-Apache-Tomcat-WebSocket-Infinite-Loop-DoS Suspected Denial of Service
Comment has changed

DNS UDP Server Message

RiskVulnerability/SituationReferencesRelated FingerprintSituation TypeChange Description
High ISC-BIND-DNSSEC-Key-Parsing-Buffer.c-Denial-Of-Service CVE-2015-5722 DNS-UDP_ISC-BIND-DNSSEC-Key-Parsing-Buffer.c-Denial-Of-Service Suspected Compromise
Fingerprint regexp changed
High ISC-Bind-Buffer.c-Require-Assertion-Failure-Denial-Of-Service CVE-2015-8705 DNS-UDP_ISC-Bind-Buffer.c-Require-Assertion-Failure-Denial-Of-Service Potential Compromise
Fingerprint regexp changed

RFB Client Stream

RiskVulnerability/SituationReferencesRelated FingerprintSituation TypeChange Description
High Qemu-VNC-Set_Pixel_Format-Bits_Per_Pixel-Null-Pointer-Dereference CVE-2014-7815 RFB_CS-Qemu-VNC-Set_Pixel_Format-Bits_Per_Pixel-Null-Pointer-Dereference Suspected Compromise
Fingerprint regexp changed

LIST OF OTHER CHANGES:

New objects:

TypeName
Certificate AuthorityD-TRUST BR Root CA 2 2023
Certificate AuthorityD-TRUST EV Root CA 2 2023
Certificate AuthorityAmazon RSA 2048 M04
Certificate AuthorityAmazon ECDSA 256 M04
Certificate AuthorityAmazon ECDSA 384 M04
Certificate AuthorityCertum EC-384 CA (1)
Certificate AuthorityWoTrus EV SSL CA
Certificate AuthorityXinNet DV TLS CA
Certificate AuthorityXinNet OV TLS CA
Certificate AuthorityDigiCert Secure Site Pro G2 TLS CN RSA4096 SHA256 2022 CA1
Certificate AuthorityGoGetSSL G2 TLS RSA4096 SHA256 2022 CA-1
Certificate AuthorityTrustAsia DV TLS RSA CA 2025
Certificate AuthorityTrustAsia TLS Pro RSA CA 2025
Certificate AuthoritySSL.com TLS RSA Root CA 2022 (2)
Certificate AuthorityGlobalSign Atlas R3 AlphaSSL CA 2025 Q2
Certificate AuthorityGlobalSign Atlas R3 DV TLS CA 2025 Q2
Certificate AuthorityGlobalSign Atlas R3 OV TLS CA 2025 Q1
Certificate AuthorityGlobalSign Atlas R3 OV TLS CA 2025 Q2
Certificate AuthorityHongkong Post e-Cert SSL CA 3 - 17 (1)
Certificate AuthorityGEANT TLS ECC 1
Certificate AuthorityHARICA OV TLS ECC
Certificate AuthorityGEANT TLS RSA 1
Certificate Authoritye-Szigno Class3 SSL CA 2017 (2)
Certificate AuthorityDigiCert QuoVadis G3 Qualified TLS RSA4096 SHA256 2023 CA1
Certificate AuthoritySSL.com TLS Issuing RSA CA R1
Certificate AuthoritySectigo SHA-256 DV Secure Server CA 2
Certificate AuthorityAlpiro RSA DV SSL CA 2
Certificate AuthorityEntrust EV TLS Issuing RSA CA 2
Certificate AuthorityEntrust OV TLS Issuing RSA CA 2
Certificate AuthoritySectigo Public Server Authentication CA EV R36
Certificate AuthorityDNSPod ECC OV
Certificate AuthorityCTI RSA OV SSL CA
Certificate AuthoritySSL.com TLS ECC Root CA 2022 (1)
Certificate AuthorityEntrust EV TLS Issuing ECC CA 1
Certificate AuthorityEntrust OV TLS Issuing ECC CA 1
Certificate AuthorityNamirial S.p.A OV TLS Issuing RSA CA 1
Certificate AuthorityVikingCloud TWG TLS OV CA, Level 1

Updated objects:

TypeNameChanges
SituationURL_List-DNS-Over-HTTPS
Detection mechanism updated
IPListTOR exit nodes IP Address List
IPListAmazon AMAZON
IPListAmazon EC2
IPListTOR relay nodes IP Address List
IPListMalicious Site IP Address List
IPListNordVPN Servers IP Address List
IPListForcepoint Drop IP Address List
IPListGitHub Services IP Address List
IPListAmazon AMAZON ap-east-2
IPListAmazon EC2 ap-east-2
SituationHTTP_CSH-Shared-Variables
ApplicationTOR
ApplicationDNS-Over-HTTPS
ApplicationNordVPN
ApplicationAzure Front Door Frontend
ApplicationAzure IoT Hub
ApplicationAzure Security Center

HOW TO IMPORT AND ACTIVATE THE DYNAMIC UPDATE PACKAGE

  1. Download the dynamic update package, then make sure that the checksums for the original files and the files that you have downloaded match.
  2. In the Management Client, select Menu > File > Import > Import Update Packages.
  3. Browse to the file, select it, then click Import.
  4. Select  Configuration, then browse to Administration > Other Elements > Updates.
  5. Right-click the imported dynamic update package, then select Activate.
  6. When the activation is finished, refresh the policy on all NGFW Engines. If your policy uses a custom template, you might need to edit the policy.

DISCLAIMER AND COPYRIGHT

Copyright © 2025 Forcepoint
Forcepoint and the FORCEPOINT logo are trademarks of Forcepoint.

All other trademarks used in this document are the property of their respective owners.

Every effort has been made to ensure the accuracy of this document. However, Forcepoint makes no warranties with respect to this documentation and disclaims any implied warranties of merchantability and fitness for a particular purpose. Forcepoint shall not be liable for any error or for incidental or consequential damages in connection with the furnishing, performance, or use of this manual or the examples herein. The information in this documentation is subject to change without notice.