Release notes for update package 1727-5242

New Network Applications for controlling web and non-web TLS and QUIC traffic

This dynamic update package introduces new network applications that can be used for controlling all web and non-web TLS and QUIC traffic, as well as version specific web and non-web TLS traffic. This change does not require any action from customers, and does not change the behavior of any existing network applications. For more information, see Knowledge Base Article Controlling Web and Non-Web TLS and QUIC Traffic in FlexEdge Secure SD-WAN.

This update package improves the detection capabilities of the Forcepoint LLM system.

RELEASE DATE:     Thursday May 16, 2024
MD5 CHECKSUM:     26ceb56c637bc6e392dc0c8a0c44d7bc
SHA1 CHECKSUM:     9aff9c5af9ab63a75f515e47ec808b28d55a19c9
SHA256 CHECKSUM:     4e63530ab96328aea5674ba32fc9f8a947069614e3594332644c6d7a2910e168


UPDATE CRITICALITY:    MODERATE

Jump to: Detected Attacks Other Changes

DETECTED ATTACKS


Updated detected attacks:

HTTP Client Stream

Risk Vulnerability/Situation References Related Fingerprint Situation Type Change Description
High Microsoft-Sharepoint-Server-Generateproxyassembly-Code-Injection-CVE-2023-24955 CVE-2023-24955 HTTP_CS-Microsoft-Sharepoint-Server-Generateproxyassembly-Code-Injection-CVE-2023-24955 Suspected Compromise
Detection mechanism updated
High Microsoft-Sharepoint-Server-Unsafe-Deserialization-CVE-2024-30044 CVE-2024-30044 HTTP_CS-Microsoft-Sharepoint-Server-Unsafe-Deserialization-CVE-2024-30044 Suspected Compromise
Name: HTTP_CS-SharePoint-Server-Unsafe-Deserialization-CVE-2024-30044->HTTP_CS-Microsoft-Sharepoint-Server-Unsafe-Deserialization-CVE-2024-30044

TCP Client Stream Unknown

Risk Vulnerability/Situation References Related Fingerprint Situation Type Change Description
High Schneider-Electric-C-Bus-Toolkit-File-Download-Command-Directory-Traversal CVE-2023-5399 Generic_CS-Schneider-Electric-C-Bus-Toolkit-File-Download-Command-Directory-Traversal Suspected Compromise
Fingerprint regexp changed
High Schneider-Electric-C-Bus-Toolkit-File-Delete-Command-Arbitrary-File-Delete CVE-2023-5399 Generic_CS-Schneider-Electric-C-Bus-Toolkit-File-Delete-Command-Arbitrary-File-Delete Suspected Compromise
Fingerprint regexp changed

LIST OF OTHER CHANGES:

New objects:

Type Name
Application QUIC-Other
Application QUIC-SMB
Application QUIC-Web
Application TLS-1.0-Other
Application TLS-1.1-Other
Application TLS-1.2-Other
Application TLS-1.3-Other
Application TLS-Other
Application TLS-1.0-Web
Application TLS-1.1-Web
Application TLS-1.2-Web
Application TLS-1.3-Web
Application TLS-Web

Updated objects:

Type Name Changes
Situation URL_List-DNS-Over-HTTPS
Detection mechanism updated
IPList Saudi Arabia
IPList Iran
IPList Cyprus
IPList Tanzania
IPList Armenia
IPList Seychelles
IPList Lebanon
IPList United Arab Emirates
IPList Israel
IPList Türkiye
IPList Estonia
IPList Latvia
IPList Lithuania
IPList Georgia
IPList Moldova
IPList Finland
IPList Ukraine
IPList Hungary
IPList Bulgaria
IPList Poland
IPList Romania
IPList Mauritius
IPList South Africa
IPList Pakistan
IPList Bangladesh
IPList India
IPList Nepal
IPList Myanmar
IPList Vietnam
IPList Thailand
IPList Indonesia
IPList Taiwan
IPList Philippines
IPList Malaysia
IPList China
IPList Hong Kong
IPList Macao
IPList South Korea
IPList Japan
IPList North Korea
IPList Singapore
IPList Russia
IPList Australia
IPList New Zealand
IPList Libya
IPList Portugal
IPList Ivory Coast
IPList Nigeria
IPList Burkina Faso
IPList Gibraltar
IPList Spain
IPList Denmark
IPList Iceland
IPList United Kingdom
IPList Switzerland
IPList Sweden
IPList The Netherlands
IPList Austria
IPList Belgium
IPList Germany
IPList Luxembourg
IPList Ireland
IPList France
IPList Slovakia
IPList Czechia
IPList Norway
IPList Italy
IPList Slovenia
IPList Namibia
IPList Barbados
IPList Paraguay
IPList Brazil
IPList Dominican Republic
IPList St Vincent and Grenadines
IPList Grenada
IPList Belize
IPList Guatemala
IPList Honduras
IPList Nicaragua
IPList Costa Rica
IPList Ecuador
IPList Colombia
IPList Argentina
IPList Chile
IPList Peru
IPList Mexico
IPList Guam
IPList Puerto Rico
IPList Canada
IPList United States
IPList Palestine
IPList Serbia
IPList Antarctica
IPList TOR exit nodes IP Address List
IPList Amazon AMAZON
IPList Amazon CLOUDFRONT
IPList Microsoft Azure datacenter for australiaeast
IPList Microsoft Azure datacenter for australiasoutheast
IPList Microsoft Azure datacenter for brazilsouth
IPList TOR relay nodes IP Address List
IPList Microsoft Azure datacenter for centralus
IPList Microsoft Azure datacenter for eastus2euap
IPList Microsoft Azure datacenter for eastus2
IPList Microsoft Azure datacenter for eastus
IPList Microsoft Azure datacenter for japaneast
IPList Microsoft Azure datacenter for northeurope
IPList Microsoft Azure datacenter for southcentralus
IPList Microsoft Azure datacenter for southeastasia
IPList Microsoft Azure datacenter for uksouth
IPList Microsoft Azure datacenter for westeurope
IPList Microsoft Azure datacenter for westus
IPList Microsoft Azure service for AzureActiveDirectory
IPList Microsoft Azure datacenter
IPList Amazon AMAZON ap-east-1
IPList Amazon AMAZON ap-northeast-3
IPList Botnet IP Address List
IPList Malicious Site IP Address List
IPList NordVPN Servers IP Address List
IPList Amazon AMAZON us-east-2
IPList Forcepoint Drop IP Address List
IPList Amazon AMAZON us-west-2
IPList Microsoft Azure datacenter for germanyn
IPList Microsoft Azure service for AzureActiveDirectory_ServiceEndpoint
IPList Microsoft Azure service for AzureCloud
IPList Microsoft Azure service for AzureCosmosDB
IPList Microsoft Azure service for AzureDatabricks
IPList Microsoft Azure service for AzureTrafficManager
IPList Microsoft Azure service for MicrosoftCloudAppSecurity
IPList Microsoft Azure service for EOPExternalPublishedIPs
IPList Microsoft Azure datacenter for mexicocentral
IPList Microsoft Azure datacenter for spaincentral
Situation HTTPS_CS-Shared-Variables-For-Client-Stream-Context
Situation HTTPS_SS-Shared-Variables-For-Server-Stream-Context
Situation HTTP_PSU-Shared-Variables
Fingerprint regexp changed
Application Facebook
Application Webex
Application Port "tcp/5004 tls: no" added
Application Port "udp/5004 tls: no" added
Application Akamai-Infrastructure
Application TOR
Application Linode-Infrastructure
Application Apple-Infrastructure
Application DNS-Over-HTTPS
Application Generic-Web-TLS
Application detection context content changed
Application Generic-Web-TLS-1.3
Application detection context content changed
Application Generic-Web-TLS-1.2
Application detection context content changed
Application Generic-Web-TLS-1.1
Application detection context content changed
Application Generic-Web-TLS-1.0
Application detection context content changed
Application Generic-TLS
Application detection context content changed
Application Generic-TLS-1.3
Application detection context content changed
Application Generic-TLS-1.2
Application detection context content changed
Application Generic-TLS-1.1
Application detection context content changed
Application Generic-TLS-1.0
Application detection context content changed
Application QUIC
Application NordVPN

DISCLAIMER AND COPYRIGHT

Copyright © 2024 Forcepoint
Forcepoint and the FORCEPOINT logo are trademarks of Forcepoint.

All other trademarks used in this document are the property of their respective owners.

Every effort has been made to ensure the accuracy of this document. However, Forcepoint makes no warranties with respect to this documentation and disclaims any implied warranties of merchantability and fitness for a particular purpose. Forcepoint shall not be liable for any error or for incidental or consequential damages in connection with the furnishing, performance, or use of this manual or the examples herein. The information in this documentation is subject to change without notice.