Release notes for update package 1559-5242

This update package improves the detection capabilities of the Forcepoint LLM system.

RELEASE DATE:     Thursday February 23, 2023
MD5 CHECKSUM:     2aad0d504fe2569852c89ee81758dbcc
SHA1 CHECKSUM:     1d904f5a1c5cf166c79bcccf21ba32103a34e2c1
SHA256 CHECKSUM:     b0296d84995780530af6704af58b12d6df53adc2605a195174a8a28ba38076d5

UPDATE CRITICALITY:    HIGH

List of detected attacks in this update package:

Risk level Description Reference Vulnerability
High     An attempt to exploit a vulnerability in Netdata netdata detected     CVE-2023-22496     NetData-Streaming-Alert-Command-Injection
High     An attempt to exploit a vulnerability in Adobe ColdFusion detected.     CVE-2022-38418     Adobe-ColdFusion-Application-Server-CVE-2022-38418-Directory-Traversal
High     An attempt to exploit a vulnerability in Fortinet FortiNAC detected     CVE-2022-39952     Fortinet-Fortinac-Arbitrary-File-Write-CVE-2022-39952
High     An attempt to exploit a vulnerability in LibreNMS LibreNMS detected     CVE-2022-4069     LibreNMS-Devicegroupcontroller-Name-Stored-Cross-Site-Scripting
High     An attempt to exploit a vulnerability in Redis detected     CVE-2023-22458     Redis-Hrandfield-Zrandmember-Command-Integer-Overflow

Jump to: Detected Attacks Other Changes

DETECTED ATTACKS

New detected attacks:

HTTP Client Stream

Risk Vulnerability/Situation References Related Fingerprint Situation Type
High NetData-Streaming-Alert-Command-Injection CVE-2023-22496 HTTP_CS-NetData-Streaming-Alert-Command-Injection Suspected Compromise
High Adobe-ColdFusion-Application-Server-CVE-2022-38418-Directory-Traversal CVE-2022-38418 HTTP_CS-Adobe-ColdFusion-Application-Server-CVE-2022-38418-Directory-Traversal Suspected Compromise
High Fortinet-Fortinac-Arbitrary-File-Write-CVE-2022-39952 CVE-2022-39952 HTTP_CS-Fortinet-Fortinac-Arbitrary-File-Write-CVE-2022-39952 Suspected Compromise

TCP Client Stream Unknown

Risk Vulnerability/Situation References Related Fingerprint Situation Type
High Redis-Hrandfield-Zrandmember-Command-Integer-Overflow CVE-2023-22458 Generic_CS-Redis-Hrandfield-Zrandmember-Command-Integer-Overflow Suspected Compromise

HTTP Normalized Request-Line

Risk Vulnerability/Situation References Related Fingerprint Situation Type
High LibreNMS-Devicegroupcontroller-Name-Stored-Cross-Site-Scripting CVE-2022-4069 HTTP_CRL-LibreNMS-Devicegroupcontroller-Name-Stored-Cross-Site-Scripting Suspected Compromise

Updated detected attacks:

Other Binary File Stream

Risk Vulnerability/Situation References Related Fingerprint Situation Type Change Description
High Rockwell-Automation-ISaGRAF-Workbench-7-ZIP-Directory-Traversal CVE-2022-2463 File-Binary_Rockwell-Automation-ISaGRAF-Workbench-7-ZIP-Directory-Traversal Suspected Compromise
Detection mechanism updated
High Ysoserial-Generated-Java-Serialized-Object No CVE/CAN File-Binary_Ysoserial-Generated-Java-Serialized-Object Suspected Compromise
Fingerprint regexp changed

LIST OF OTHER CHANGES:

New objects:

Type Name
Category Fortinet FortiNAC
Category NetData
IPList Google Cloud IP Address List for europe-west12
IPList Google Cloud IP Address List for me-central1
IPList Microsoft Azure service for AzureSpringCloud

Updated objects:

Type Name Changes
IPList Rwanda
IPList Iraq
IPList Saudi Arabia
IPList Cyprus
IPList Tanzania
IPList Syria
IPList Armenia
IPList Kenya
IPList DR Congo
IPList Seychelles
IPList Jordan
IPList Kuwait
IPList Oman
IPList Qatar
IPList Bahrain
IPList United Arab Emirates
IPList Israel
IPList Turkey
IPList Greece
IPList Estonia
IPList Latvia
IPList Lithuania
IPList Georgia
IPList Moldova
IPList Belarus
IPList Finland
IPList Ukraine
IPList Hungary
IPList Bulgaria
IPList Poland
IPList Romania
IPList Kosovo
IPList South Africa
IPList Afghanistan
IPList Pakistan
IPList Bangladesh
IPList Turkmenistan
IPList Tajikistan
IPList India
IPList Myanmar
IPList Uzbekistan
IPList Kazakhstan
IPList Kyrgyzstan
IPList French Southern Territories
IPList Vietnam
IPList Thailand
IPList Indonesia
IPList Laos
IPList Taiwan
IPList Philippines
IPList Malaysia
IPList China
IPList Hong Kong
IPList Macao
IPList South Korea
IPList Japan
IPList Singapore
IPList Russia
IPList Australia
IPList New Zealand
IPList Portugal
IPList Ghana
IPList Nigeria
IPList Chad
IPList Spain
IPList Denmark
IPList Iceland
IPList United Kingdom
IPList Switzerland
IPList Sweden
IPList Netherlands
IPList Austria
IPList Belgium
IPList Germany
IPList Luxembourg
IPList Ireland
IPList France
IPList Andorra
IPList Liechtenstein
IPList Slovakia
IPList Czechia
IPList Norway
IPList Italy
IPList Slovenia
IPList Croatia
IPList Bosnia and Herzegovina
IPList Barbados
IPList French Guiana
IPList Uruguay
IPList Brazil
IPList Jamaica
IPList Dominican Republic
IPList Cuba
IPList Martinique
IPList Bahamas
IPList Anguilla
IPList Trinidad and Tobago
IPList St Kitts and Nevis
IPList Dominica
IPList Antigua and Barbuda
IPList Saint Lucia
IPList Turks and Caicos Islands
IPList British Virgin Islands
IPList St Vincent and Grenadines
IPList Saint Martin
IPList Saint Barthélemy
IPList Grenada
IPList Cayman Islands
IPList Belize
IPList El Salvador
IPList Guatemala
IPList Honduras
IPList Nicaragua
IPList Costa Rica
IPList Venezuela
IPList Ecuador
IPList Colombia
IPList Panama
IPList Haiti
IPList Argentina
IPList Chile
IPList Peru
IPList Mexico
IPList Guam
IPList Puerto Rico
IPList U.S. Virgin Islands
IPList Canada
IPList United States
IPList Palestine
IPList Serbia
IPList Sint Maarten
IPList Curaçao
IPList TOR exit nodes IP Address List
IPList Amazon AMAZON
IPList Amazon EC2
IPList Akamai Servers
IPList Microsoft Azure datacenter for australiaeast
IPList Microsoft Azure datacenter for brazilsouth
IPList TOR relay nodes IP Address List
IPList Microsoft Azure datacenter for eastasia
IPList Microsoft Azure datacenter for eastus2euap
IPList Microsoft Azure datacenter for eastus
IPList Microsoft Azure datacenter for centralfrance
IPList Microsoft Azure datacenter for northeurope
IPList Microsoft Azure datacenter for southcentralus
IPList Microsoft Azure datacenter for southeastasia
IPList Microsoft Azure datacenter for westeurope
IPList Microsoft Azure datacenter for westus2
IPList Amazon API_GATEWAY
IPList Microsoft Azure datacenter for westus
IPList Microsoft Azure datacenter
IPList Amazon DYNAMODB
IPList Amazon AMAZON ap-northeast-1
IPList Amazon EC2 ap-northeast-1
IPList Amazon DYNAMODB ap-southeast-3
IPList Amazon AMAZON ap-northeast-3
IPList Botnet IP Address List
IPList Malicious Site IP Address List
IPList Amazon AMAZON ap-south-1
IPList Amazon AMAZON ap-southeast-1
IPList Microsoft Azure service for Dynamics365BusinessCentral
IPList Amazon EC2 ap-southeast-1
IPList Amazon AMAZON ap-southeast-2
IPList Amazon AMAZON eu-central-1
IPList Amazon AMAZON eu-west-1
IPList Amazon API_GATEWAY eu-west-1
IPList Amazon AMAZON eu-west-2
IPList Amazon AMAZON sa-east-1
IPList Amazon AMAZON us-east-1
IPList Amazon EC2 us-east-1
IPList Amazon AMAZON us-west-1
IPList Amazon EC2 us-west-1
IPList Amazon AMAZON us-west-2
IPList Amazon EC2 us-west-2
IPList Amazon AMAZON ap-southeast-3
IPList Microsoft Azure datacenter for southafricawest
IPList Microsoft Azure service for AppService
IPList Microsoft Azure service for AzureActiveDirectory_ServiceEndpoint
IPList Microsoft Azure service for AzureCloud
IPList Microsoft Azure service for AzureCosmosDB
IPList Microsoft Azure service for AzureMonitor
IPList Microsoft Azure service for Sql
IPList Microsoft Azure datacenter for swedencentral
IPList Microsoft Azure datacenter for qatarcentral
IPList Microsoft Azure service for M365ManagementActivityApi
IPList Microsoft Azure service for M365ManagementActivityApiWebhook
IPList Google Cloud IP Address List for asia-southeast2
IPList Google Cloud IP Address List for europe-west1
IPList Google Cloud IP Address List for europe-west8
IPList Google Cloud IP Address List for northamerica-northeast2
IPList Microsoft Azure service for ChaosStudio
Situation HTTP_CSU-Shared-Variables
Situation SSH_Shared-Variables
Fingerprint regexp changed
Situation SSH_Solarwinds-Serv-U-FTP-Server
Fingerprint regexp changed
Situation Generic_CS-Shared-Variable-Fingerprints
Fingerprint regexp changed
Situation Files Containing Passwords
Comment has changed
Description has changed

DISCLAIMER AND COPYRIGHT

Copyright © 2023 Forcepoint
Forcepoint and the FORCEPOINT logo are trademarks of Forcepoint.

All other trademarks used in this document are the property of their respective owners.

Every effort has been made to ensure the accuracy of this document. However, Forcepoint makes no warranties with respect to this documentation and disclaims any implied warranties of merchantability and fitness for a particular purpose. Forcepoint shall not be liable for any error or for incidental or consequential damages in connection with the furnishing, performance, or use of this manual or the examples herein. The information in this documentation is subject to change without notice.