This update package improves the detection capabilities of the Forcepoint LLM system.
| RELEASE DATE: | Monday March 25, 2024 |
| MD5 CHECKSUM: | c13be3909b4d1366257d47df2e15f794 |
| SHA1 CHECKSUM: | e844553b05aadb5f8ca8105b26336a13463f5181 |
| SHA256 CHECKSUM: | 37d79b449af4f0ddb950eacac589bc4ed21159ab0076da64d31fd9c624ce92d1 |
UPDATE CRITICALITY: HIGH
List of detected attacks in this update package:
| Risk level | Description | Reference | Vulnerability |
|---|---|---|---|
| High | An attempt to exploit a vulnerability in PRTG Network Monitor detected. | CVE-2023-32781 | PRTG-CVE-2023-32781-Authenticated-RCE |
| High | An attempt to exploit a vulnerability in MajorDoMo detected | CVE-2023-50917 | MajorDoMo-Command-Injection |
| High | An attempt to exploit a vulnerability in Allegra detected | CVE-2024-22530 | Allegra-Getfilecontentasstring-Directory-Traversal |
| High | An attempt to exploit a vulnerability in Fortinet FortiClientEMS detected | CVE-2023-48788 | Fortinet-ForticlientEMS-SQL-Injection-CVE-2023-48788 |
| High | An attempt to exploit a vulnerability in Squid Proxy detected | CVE-2024-25617 | Squid-Proxy-HTTP-Header-Parser-Denial-Of-Service |
| Low | An unusual TFTP response detected | CVE-2024-2169 | Loop-Denial-Of-Service-CVE-2024-2169 |
| Low | An unusual NTP response detected | CVE-2024-2169 | Loop-Denial-Of-Service-CVE-2024-2169 |
Jump to: Detected Attacks Other Changes
DETECTED ATTACKS
New detected attacks:
HTTP Client Stream
| Risk | Vulnerability/Situation | References | Related Fingerprint | Situation Type |
|---|---|---|---|---|
| High | PRTG-CVE-2023-32781-Authenticated-RCE | CVE-2023-32781 | HTTP_CS-PRTG-CVE-2023-32781-Authenticated-RCE | Suspected Compromise |
TCP Client Stream Unknown
| Risk | Vulnerability/Situation | References | Related Fingerprint | Situation Type |
|---|---|---|---|---|
| High | Fortinet-ForticlientEMS-SQL-Injection-CVE-2023-48788 | CVE-2023-48788 | Generic_CS-Fortinet-ForticlientEMS-SQL-Injection-CVE-2023-48788 | Suspected Compromise |
HTTP Request URI
| Risk | Vulnerability/Situation | References | Related Fingerprint | Situation Type |
|---|---|---|---|---|
| High | MajorDoMo-Command-Injection | CVE-2023-50917 | HTTP_CSU-MajorDoMo-Command-Injection | Suspected Compromise |
HTTP Request Header Line
| Risk | Vulnerability/Situation | References | Related Fingerprint | Situation Type |
|---|---|---|---|---|
| High | Squid-Proxy-HTTP-Header-Parser-Denial-Of-Service | CVE-2024-25617 | HTTP_CSH-Squid-Proxy-HTTP-Header-Parser-Denial-Of-Service | Suspected Denial of Service |
TFTP Client Stream
| Risk | Vulnerability/Situation | References | Related Fingerprint | Situation Type |
|---|---|---|---|---|
| Low | Loop-Denial-Of-Service-CVE-2024-2169 | CVE-2024-2169 | TFTP_CS-TFTP-Error-Response-With-Same-Source-And-Destination-Ports | Possibly Unwanted Content |
HTTP Normalized Request-Line
| Risk | Vulnerability/Situation | References | Related Fingerprint | Situation Type |
|---|---|---|---|---|
| High | Allegra-Getfilecontentasstring-Directory-Traversal | CVE-2024-22530 | HTTP_CRL-Allegra-Getfilecontentasstring-Directory-Traversal | Suspected Compromise |
UDP NTP Stream
| Risk | Vulnerability/Situation | References | Related Fingerprint | Situation Type |
|---|---|---|---|---|
| Low | Loop-Denial-Of-Service-CVE-2024-2169 | CVE-2024-2169 | NTP_UDP-NTP-Response-With-Same-Source-And-Destination-Ports | Possibly Unwanted Content |
Updated detected attacks:
Text File Stream
| Risk | Vulnerability/Situation | References | Related Fingerprint | Situation Type | Change Description | |
|---|---|---|---|---|---|---|
| High | Microsoft-Outlook-Remote-Code-Execution-Monikerlink-CVE-2024-21413 | CVE-2024-21413 | File-Text_Microsoft-Outlook-Remote-Code-Execution-Monikerlink-CVE-2024-21413 | Potential Compromise |
|
|
| High | Darkness-Bot | No CVE/CAN | File-Text_Darkness-Bot-Activity | Botnet |
|
LIST OF OTHER CHANGES:
New objects:
| Type | Name |
|---|---|
| Category | FortiClientEMS |
| Category | MajorDoMo |
Updated objects:
| Type | Name | Changes | |
|---|---|---|---|
| Situation | URL_List-DNS-Over-HTTPS |
|
|
| IPList | Rwanda | ||
| IPList | Somalia | ||
| IPList | Yemen | ||
| IPList | Iraq | ||
| IPList | Saudi Arabia | ||
| IPList | Iran | ||
| IPList | Cyprus | ||
| IPList | Tanzania | ||
| IPList | Armenia | ||
| IPList | Kenya | ||
| IPList | DR Congo | ||
| IPList | Djibouti | ||
| IPList | Uganda | ||
| IPList | Central African Republic | ||
| IPList | Seychelles | ||
| IPList | Jordan | ||
| IPList | Lebanon | ||
| IPList | Kuwait | ||
| IPList | Oman | ||
| IPList | Qatar | ||
| IPList | Bahrain | ||
| IPList | United Arab Emirates | ||
| IPList | Israel | ||
| IPList | Türkiye | ||
| IPList | Ethiopia | ||
| IPList | Eritrea | ||
| IPList | Egypt | ||
| IPList | Sudan | ||
| IPList | Greece | ||
| IPList | Burundi | ||
| IPList | Estonia | ||
| IPList | Latvia | ||
| IPList | Azerbaijan | ||
| IPList | Lithuania | ||
| IPList | Georgia | ||
| IPList | Moldova | ||
| IPList | Belarus | ||
| IPList | Finland | ||
| IPList | Åland Islands | ||
| IPList | Ukraine | ||
| IPList | North Macedonia | ||
| IPList | Hungary | ||
| IPList | Bulgaria | ||
| IPList | Albania | ||
| IPList | Poland | ||
| IPList | Romania | ||
| IPList | Zimbabwe | ||
| IPList | Zambia | ||
| IPList | Comoros | ||
| IPList | Malawi | ||
| IPList | Lesotho | ||
| IPList | Botswana | ||
| IPList | Mauritius | ||
| IPList | Eswatini | ||
| IPList | Réunion | ||
| IPList | South Africa | ||
| IPList | Mayotte | ||
| IPList | Mozambique | ||
| IPList | Madagascar | ||
| IPList | Afghanistan | ||
| IPList | Pakistan | ||
| IPList | Turkmenistan | ||
| IPList | Tajikistan | ||
| IPList | Sri Lanka | ||
| IPList | India | ||
| IPList | Nepal | ||
| IPList | Myanmar | ||
| IPList | Uzbekistan | ||
| IPList | Kazakhstan | ||
| IPList | Kyrgyzstan | ||
| IPList | Vietnam | ||
| IPList | Thailand | ||
| IPList | Indonesia | ||
| IPList | Laos | ||
| IPList | Taiwan | ||
| IPList | Philippines | ||
| IPList | Malaysia | ||
| IPList | China | ||
| IPList | Hong Kong | ||
| IPList | Brunei | ||
| IPList | Macao | ||
| IPList | Cambodia | ||
| IPList | South Korea | ||
| IPList | Japan | ||
| IPList | North Korea | ||
| IPList | Singapore | ||
| IPList | Cook Islands | ||
| IPList | Timor-Leste | ||
| IPList | Russia | ||
| IPList | Mongolia | ||
| IPList | Australia | ||
| IPList | Marshall Islands | ||
| IPList | Federated States of Micronesia | ||
| IPList | Papua New Guinea | ||
| IPList | Solomon Islands | ||
| IPList | Tuvalu | ||
| IPList | Nauru | ||
| IPList | Vanuatu | ||
| IPList | New Caledonia | ||
| IPList | Norfolk Island | ||
| IPList | New Zealand | ||
| IPList | Fiji | ||
| IPList | Libya | ||
| IPList | Cameroon | ||
| IPList | Senegal | ||
| IPList | Congo Republic | ||
| IPList | Portugal | ||
| IPList | Liberia | ||
| IPList | Ivory Coast | ||
| IPList | Ghana | ||
| IPList | Equatorial Guinea | ||
| IPList | Nigeria | ||
| IPList | Burkina Faso | ||
| IPList | Togo | ||
| IPList | Guinea-Bissau | ||
| IPList | Mauritania | ||
| IPList | Gabon | ||
| IPList | São Tomé and Príncipe | ||
| IPList | Gibraltar | ||
| IPList | Gambia | ||
| IPList | Guinea | ||
| IPList | Chad | ||
| IPList | Niger | ||
| IPList | Mali | ||
| IPList | Tunisia | ||
| IPList | Spain | ||
| IPList | Morocco | ||
| IPList | Malta | ||
| IPList | Algeria | ||
| IPList | Faroe Islands | ||
| IPList | Denmark | ||
| IPList | Iceland | ||
| IPList | United Kingdom | ||
| IPList | Switzerland | ||
| IPList | Sweden | ||
| IPList | The Netherlands | ||
| IPList | Austria | ||
| IPList | Belgium | ||
| IPList | Germany | ||
| IPList | Luxembourg | ||
| IPList | Ireland | ||
| IPList | Monaco | ||
| IPList | France | ||
| IPList | Andorra | ||
| IPList | Liechtenstein | ||
| IPList | Isle of Man | ||
| IPList | Guernsey | ||
| IPList | Slovakia | ||
| IPList | Czechia | ||
| IPList | Norway | ||
| IPList | Vatican City | ||
| IPList | San Marino | ||
| IPList | Italy | ||
| IPList | Slovenia | ||
| IPList | Montenegro | ||
| IPList | Croatia | ||
| IPList | Bosnia and Herzegovina | ||
| IPList | Angola | ||
| IPList | Namibia | ||
| IPList | Cabo Verde | ||
| IPList | French Guiana | ||
| IPList | Saint Pierre and Miquelon | ||
| IPList | Greenland | ||
| IPList | Paraguay | ||
| IPList | Uruguay | ||
| IPList | Brazil | ||
| IPList | Falkland Islands | ||
| IPList | Dominican Republic | ||
| IPList | Trinidad and Tobago | ||
| IPList | Antigua and Barbuda | ||
| IPList | Saint Lucia | ||
| IPList | Turks and Caicos Islands | ||
| IPList | Montserrat | ||
| IPList | Saint Martin | ||
| IPList | Saint Barthélemy | ||
| IPList | Guadeloupe | ||
| IPList | El Salvador | ||
| IPList | Guatemala | ||
| IPList | Honduras | ||
| IPList | Nicaragua | ||
| IPList | Costa Rica | ||
| IPList | Venezuela | ||
| IPList | Ecuador | ||
| IPList | Colombia | ||
| IPList | Panama | ||
| IPList | Argentina | ||
| IPList | Chile | ||
| IPList | Bolivia | ||
| IPList | Peru | ||
| IPList | Mexico | ||
| IPList | French Polynesia | ||
| IPList | Tokelau | ||
| IPList | Tonga | ||
| IPList | Wallis and Futuna | ||
| IPList | Samoa | ||
| IPList | Niue | ||
| IPList | Guam | ||
| IPList | U.S. Virgin Islands | ||
| IPList | American Samoa | ||
| IPList | Canada | ||
| IPList | United States | ||
| IPList | Palestine | ||
| IPList | Serbia | ||
| IPList | Antarctica | ||
| IPList | South Sudan | ||
| IPList | TOR exit nodes IP Address List | ||
| IPList | TOR relay nodes IP Address List | ||
| IPList | Botnet IP Address List | ||
| IPList | Malicious Site IP Address List | ||
| IPList | NordVPN Servers IP Address List | ||
| IPList | Forcepoint Drop IP Address List | ||
| IPList | Forcepoint Extended Drop IP Address List | ||
| Application | TOR | ||
| Application | DNS-Over-HTTPS | ||
| Application | NordVPN |
DISCLAIMER AND COPYRIGHT
Copyright © 2024 Forcepoint
Forcepoint and the FORCEPOINT logo are trademarks of Forcepoint.
All other trademarks used in this document are the property of their respective owners.
Every effort has been made to ensure the accuracy of this document. However, Forcepoint makes no warranties with respect to this documentation and disclaims any implied warranties of merchantability and fitness for a particular purpose. Forcepoint shall not be liable for any error or for incidental or consequential damages in connection with the furnishing, performance, or use of this manual or the examples herein. The information in this documentation is subject to change without notice.
Forcepoint and the FORCEPOINT logo are trademarks of Forcepoint.
All other trademarks used in this document are the property of their respective owners.
Every effort has been made to ensure the accuracy of this document. However, Forcepoint makes no warranties with respect to this documentation and disclaims any implied warranties of merchantability and fitness for a particular purpose. Forcepoint shall not be liable for any error or for incidental or consequential damages in connection with the furnishing, performance, or use of this manual or the examples herein. The information in this documentation is subject to change without notice.