Release notes for update package 1544-5242

This update package improves the detection capabilities of the Forcepoint LLM system.

RELEASE DATE:     Thursday January 12, 2023
MD5 CHECKSUM:     29de289b739d0f8ebf1417d3282a4c31
SHA1 CHECKSUM:     9bc7c372b0a69a27994c1c9eed9675da94e653fe
SHA256 CHECKSUM:     2912351ade936f77e1c39b0cf8ff75b7fa60de10b3fe78f555a070963ade2076

UPDATE CRITICALITY:    HIGH

List of detected attacks in this update package:

Risk level Description Reference Vulnerability
High     An attempt to exploit a vulnerability in ChurchInfo detected.     CVE-2021-43258     ChurchInfo-Authenticated-RCE
High     An attempt to exploit a vulnerability in Lansweeper lansweeper detected     CVE-2022-27498     Lansweeper-Lansweeper-Tickettemplateactions.aspx-Directory-Traversal
High     An attempt to exploit a vulnerability in Syncovery File Sync & Backup Software for Linux detected.     CVE-2022-36534     Syncovery-For-Linux-Web-GUI-Authenticated-RCE
High     An attempt to exploit a vulnerability in pgAdmin pgAdmin detected     CVE-2022-4223     Pgadmin-Validate_Binary_Path-Remote-Code-Execution
High     An attempt to exploit a vulnerability in CentOS Web Panel detected     CVE-2022-44877     CentOS-Web-Panel-7-Remote-Code-Execution-CVE-2022-44877
High     An attempt to exploit a vulnerability in Delta Electronics DIAEnergie detected     CVE-2022-43452     Delta-Industrial-Automation-Diaenergie-Ftyinfosetting-SQL-Injection
High     An attempt to exploit a vulnerability in Microsoft Windows detected     CVE-2021-34527     Microsoft-Windows-Print-Spooler-RCE-CVE-2021-34527
High     An attempt to exploit a vulnerability in ksmbd detected     CVE-2022-47942     Heap-Based-Buffer-Overflow-Vulnerability-In-Smb-Kernel-Server-Ksmbd-ZDI-22-1688
High     An attempt to exploit a vulnerability in Oracle MySQL Cluster detected     CVE-2022-21550     Oracle-MySQL-Cluster-Data-Node-GSN_Sync_path_req-Parsing-Integer-Underflow
High     An attempt to exploit a vulnerability in VMWare vCenter Server detected     CVE-2022-31698     VMware-Vcenter-Server-Ssooverrestverifierutil-Denial-Of-Service

Jump to: Detected Attacks Other Changes

DETECTED ATTACKS

New detected attacks:

HTTP Client Stream

Risk Vulnerability/Situation References Related Fingerprint Situation Type
High ChurchInfo-Authenticated-RCE CVE-2021-43258 HTTP_CS-ChurchInfo-Authenticated-RCE Suspected Compromise

TCP SMB Client Stream

Risk Vulnerability/Situation References Related Fingerprint Situation Type
High Microsoft-Windows-Print-Spooler-RCE-CVE-2021-34527 CVE-2021-34527 SMB-TCP_Microsoft-Windows-Print-Spooler-RCE-CVE-2021-34527 Potential Compromise

TCP Client Stream Unknown

Risk Vulnerability/Situation References Related Fingerprint Situation Type
High Oracle-MySQL-Cluster-Data-Node-GSN_Sync_path_req-Parsing-Integer-Underflow CVE-2022-21550 Generic_CS-Oracle-MySQL-Cluster-Data-Node-GSN_Sync_path_req-Parsing-Integer-Underflow Suspected Compromise

HTTP Request URI

Risk Vulnerability/Situation References Related Fingerprint Situation Type
High Lansweeper-Lansweeper-Tickettemplateactions.aspx-Directory-Traversal CVE-2022-27498 HTTP_CSU-Lansweeper-Lansweeper-Tickettemplateactions.aspx-Directory-Traversal Suspected Compromise
High Syncovery-For-Linux-Web-GUI-Authenticated-RCE CVE-2022-36534 HTTP_CRL-Syncovery-For-Linux-Web-GUI-Authenticated-RCE Suspected Compromise

HTTP Request Header Line

Risk Vulnerability/Situation References Related Fingerprint Situation Type
High VMware-Vcenter-Server-Ssooverrestverifierutil-Denial-Of-Service CVE-2022-31698 HTTP_CSH-VMware-Vcenter-Server-Ssooverrestverifierutil-Denial-Of-Service Suspected Compromise

HTTP Normalized Request-Line

Risk Vulnerability/Situation References Related Fingerprint Situation Type
High Pgadmin-Validate_Binary_Path-Remote-Code-Execution CVE-2022-4223 HTTP_CRL-Pgadmin-Validate_Binary_Path-Remote-Code-Execution Suspected Compromise
High CentOS-Web-Panel-7-Remote-Code-Execution-CVE-2022-44877 CVE-2022-44877 HTTP_CRL-CentOS-Web-Panel-7-Remote-Code-Execution-CVE-2022-44877 Suspected Compromise
High Delta-Industrial-Automation-Diaenergie-Ftyinfosetting-SQL-Injection CVE-2022-43452 HTTP_CRL-Delta-Industrial-Automation-Diaenergie-Ftyinfosetting-SQL-Injection Suspected Compromise

SMB Client Header Stream

Risk Vulnerability/Situation References Related Fingerprint Situation Type
High Heap-Based-Buffer-Overflow-Vulnerability-In-Smb-Kernel-Server-Ksmbd-ZDI-22-1688 CVE-2022-47942 SMB-TCP_CHS_Heap-Based-Buffer-Overflow-Vulnerability-In-Smb-Kernel-Server-Ksmbd-ZDI-22-1688 Suspected Compromise

Updated detected attacks:

TCP SMB Client Stream

Risk Vulnerability/Situation References Related Fingerprint Situation Type Change Description
High Microsoft-Windows-Server-Service-Authorization-Weakness CVE-2022-30216 SMB-TCP_Microsoft-Windows-Server-Service-Authorization-Weakness Potential Compromise
Fingerprint regexp changed

LIST OF OTHER CHANGES:

New objects:

Type Name
Category Syncovery
Category pgAdmin
Category ChurchInfo
IPList Amazon ROUTE53_RESOLVER ap-southeast-4
Application Forcepoint ONE

Updated objects:

Type Name Changes
Situation URLList 2857617
Detection mechanism updated
IPList Iraq
IPList Saudi Arabia
IPList Iran
IPList Cyprus
IPList Tanzania
IPList Armenia
IPList Kenya
IPList DR Congo
IPList Uganda
IPList Seychelles
IPList Jordan
IPList Kuwait
IPList Oman
IPList Qatar
IPList Bahrain
IPList United Arab Emirates
IPList Israel
IPList Turkey
IPList Egypt
IPList Greece
IPList Estonia
IPList Latvia
IPList Azerbaijan
IPList Lithuania
IPList Georgia
IPList Moldova
IPList Belarus
IPList Finland
IPList Åland Islands
IPList Ukraine
IPList Hungary
IPList Bulgaria
IPList Albania
IPList Poland
IPList Romania
IPList Kosovo
IPList Zimbabwe
IPList Zambia
IPList Botswana
IPList Mauritius
IPList Réunion
IPList South Africa
IPList Mayotte
IPList Mozambique
IPList Afghanistan
IPList Pakistan
IPList Bangladesh
IPList Sri Lanka
IPList Bhutan
IPList India
IPList Maldives
IPList Nepal
IPList Myanmar
IPList Uzbekistan
IPList Kazakhstan
IPList Palau
IPList Vietnam
IPList Thailand
IPList Indonesia
IPList Laos
IPList Taiwan
IPList Philippines
IPList Malaysia
IPList China
IPList Hong Kong
IPList Brunei
IPList Macao
IPList Cambodia
IPList South Korea
IPList Japan
IPList Singapore
IPList Timor-Leste
IPList Russia
IPList Mongolia
IPList Australia
IPList Marshall Islands
IPList Papua New Guinea
IPList New Zealand
IPList Portugal
IPList Ivory Coast
IPList Ghana
IPList Nigeria
IPList Benin
IPList Sierra Leone
IPList São Tomé and Príncipe
IPList Gibraltar
IPList Tunisia
IPList Spain
IPList Morocco
IPList Malta
IPList Algeria
IPList Denmark
IPList Iceland
IPList United Kingdom
IPList Switzerland
IPList Sweden
IPList Netherlands
IPList Austria
IPList Belgium
IPList Germany
IPList Luxembourg
IPList Ireland
IPList Monaco
IPList France
IPList Andorra
IPList Liechtenstein
IPList Jersey
IPList Guernsey
IPList Slovakia
IPList Czechia
IPList Norway
IPList Italy
IPList Slovenia
IPList Montenegro
IPList Croatia
IPList Bosnia and Herzegovina
IPList Angola
IPList Namibia
IPList Barbados
IPList French Guiana
IPList Paraguay
IPList Uruguay
IPList Brazil
IPList Jamaica
IPList Dominican Republic
IPList Martinique
IPList Bahamas
IPList Bermuda
IPList Anguilla
IPList St Kitts and Nevis
IPList Antigua and Barbuda
IPList Saint Lucia
IPList Turks and Caicos Islands
IPList British Virgin Islands
IPList St Vincent and Grenadines
IPList Saint Martin
IPList Saint Barthélemy
IPList Guadeloupe
IPList Grenada
IPList Cayman Islands
IPList El Salvador
IPList Guatemala
IPList Honduras
IPList Nicaragua
IPList Costa Rica
IPList Venezuela
IPList Ecuador
IPList Colombia
IPList Panama
IPList Argentina
IPList Chile
IPList Bolivia
IPList Peru
IPList Mexico
IPList Niue
IPList Northern Mariana Islands
IPList Guam
IPList Puerto Rico
IPList U.S. Virgin Islands
IPList American Samoa
IPList Canada
IPList United States
IPList Palestine
IPList Serbia
IPList Antarctica
IPList Sint Maarten
IPList Curaçao
IPList Bonaire, Sint Eustatius, and Saba
IPList TOR exit nodes IP Address List
IPList Amazon AMAZON
IPList Amazon S3
IPList Amazon EC2
IPList Amazon CLOUDFRONT
IPList TOR relay nodes IP Address List
IPList Zscaler IP Address List
IPList Okta IP Address List
IPList Amazon AMAZON ap-northeast-3
IPList Amazon S3 ap-northeast-3
IPList Botnet IP Address List
IPList Malicious Site IP Address List
IPList Amazon AMAZON ap-southeast-2
IPList Amazon S3 ap-southeast-2
IPList Amazon EC2 ap-southeast-2
IPList Amazon AMAZON eu-west-1
IPList Amazon AMAZON eu-west-2
IPList Amazon AMAZON sa-east-1
IPList Amazon AMAZON us-east-1
IPList Amazon EC2 us-east-1
IPList Amazon AMAZON us-east-2
IPList Amazon S3 us-east-2
IPList Amazon AMAZON us-west-2
IPList Amazon EC2 us-west-2
IPList Zoom
IPList Amazon ROUTE53_RESOLVER
IPList Amazon AMAZON ca-west-1
Situation HTTP_CSU-Shared-Variables
Situation HTTP_CSH-Shared-Variables
Fingerprint regexp changed
Situation SMB-TCP_SC-Remote-Create-Service
Situation Generic_CS-Shared-Variable-Fingerprints
Fingerprint regexp changed
Application Akamai-Infrastructure
Application detection context content changed
Application Bitglass
Category tag application_type Cloud Services removed
Category tag application_usage Miscellaneous removed
Category tag application_group Application Routing removed
Application detection context content changed
Situation URLList for Bitglass
Name: URLList 2860930->URLList for Bitglass

DISCLAIMER AND COPYRIGHT

Copyright © 2023 Forcepoint
Forcepoint and the FORCEPOINT logo are trademarks of Forcepoint.

All other trademarks used in this document are the property of their respective owners.

Every effort has been made to ensure the accuracy of this document. However, Forcepoint makes no warranties with respect to this documentation and disclaims any implied warranties of merchantability and fitness for a particular purpose. Forcepoint shall not be liable for any error or for incidental or consequential damages in connection with the furnishing, performance, or use of this manual or the examples herein. The information in this documentation is subject to change without notice.