Release notes for update package 1795-5242

This update package improves the detection capabilities of the Forcepoint LLM system.

RELEASE DATE:     Monday November 04, 2024
MD5 CHECKSUM:     6f1831e7e2de7911c316d02a524129a8
SHA1 CHECKSUM:     e3626354cf94525fedc55a60060d24a6eebc943b
SHA256 CHECKSUM:     6ff748b450b70638ac89defee3a736b5fbc0fb0154fbcf9a729ea25cd80bd500


UPDATE CRITICALITY:    HIGH

List of detected attacks in this update package:

Risk level Description Reference Vulnerability
High     An attempt to exploit a vulnerability in TI WooCommerce Wishlist plugin for WordPress     CVE-2024-43917     Wordpress-TI-Woocommerce-Wishlist-Plugin-SQL-Injection
High     An attempt to exploit a vulnerability in Cacti Group Cacti detected     CVE-2024-43363     Cacti-Group-Cacti-Installer-Setpaths-Log-Path-Arbitrary-File-Write
High     An attempt to exploit a vulnerability in Ivanti Endpoint Manager detected     CVE-2024-34785     Ivanti-Endpoint-Manager-Servermotherboard-Loadmotherboardtable-SQL-Injection
High     An attempt to exploit a vulnerability in Ivanti Cloud Service Appliance detected     CVE-2024-8963     Ivanti-Cloud-Services-Appliance-Broker-Authentication-Bypass
High     An attempt to exploit a vulnerability in VHD PTZ camera firmware detected     CVE-2024-8956     VHD-PTZ-Camera-Firmware-Authentication-Bypass-CVE-2024-8956
High     An attempt to exploit a vulnerability in Progress Software Kemp LoadMaster     CVE-2024-7591     Progress-Kemp-Loadmaster-Read_Pass-Command-Injection
High     An attempt to exploit a vulnerability in Progress Software WhatsUp Gold detected     CVE-2024-5010     Progress-WhatsUp-Gold-Testcontroller-Information-Disclosure-Vulnerabilities
High     An attempt to exploit a vulnerability in Google Chrome detected     CVE-2022-1096     Google-Chrome-Type-Confusion-CVE-2022-1096
High     An attempt to exploit a vulnerability in Dahua IP camera firmware detected     CVE-2021-33045     Dahua-IP-Camera-Loopback-Authentication-Bypass-CVE-2021-33045
High     An attempt to exploit a vulnerability in Oracle E-Business Suite detected     CVE-2016-0545     Oracle-E-Business-Suite-Biccfgd2.jsp-SQL-Injection-CVE-2016-0545
Low     An attempt to access a version control system's metafile detected     No CVE/CAN Version-Control-Metafile-Access
Low     A short SSH connection detected     No CVE/CAN Short-SSH-Authentication

Jump to: Detected Attacks Other Changes

DETECTED ATTACKS

New detected attacks:

HTTP Client Stream

Risk Vulnerability/Situation References Related Fingerprint Situation Type
High VHD-PTZ-Camera-Firmware-Authentication-Bypass-CVE-2024-8956 CVE-2024-8956 HTTP_CS-VHD-PTZ-Camera-Firmware-Authentication-Bypass-CVE-2024-8956 Suspected Compromise

SSH TCP Server Stream

Risk Vulnerability/Situation References Related Fingerprint Situation Type
Low Short-SSH-Authentication No CVE/CAN SSH_Short-SSH-Authentication System Inspections

HTTP Request URI

Risk Vulnerability/Situation References Related Fingerprint Situation Type
Low Version-Control-Metafile-Access No CVE/CAN HTTP_CSU-Version-Control-Configuration-Access Potential Probe
High Ivanti-Cloud-Services-Appliance-Broker-Authentication-Bypass CVE-2024-8963 HTTP_CSU-Ivanti-Cloud-Services-Appliance-Broker-Authentication-Bypass Suspected Compromise
High Progress-WhatsUp-Gold-Testcontroller-Information-Disclosure-Vulnerabilities CVE-2024-5010 HTTP_CSU-Progress-WhatsUp-Gold-Testcontroller-Information-Disclosure-Vulnerabilities Suspected Compromise

HTTP Normalized Request-Line

Risk Vulnerability/Situation References Related Fingerprint Situation Type
High Progress-Kemp-Loadmaster-Read_Pass-Command-Injection CVE-2024-7591 HTTP_CRL-Progress-Kemp-Loadmaster-Read_Pass-Command-Injection Suspected Compromise
High Cacti-Group-Cacti-Installer-Setpaths-Log-Path-Arbitrary-File-Write CVE-2024-43363 HTTP_CRL-Cacti-Group-Cacti-Installer-Setpaths-Log-Path-Arbitrary-File-Write Suspected Compromise
High Oracle-E-Business-Suite-Biccfgd2.jsp-SQL-Injection-CVE-2016-0545 CVE-2016-0545 HTTP_CRL-Oracle-E-Business-Suite-Biccfgd2.jsp-SQL-Injection-CVE-2016-0545 Suspected Compromise
High Dahua-IP-Camera-Loopback-Authentication-Bypass-CVE-2021-33045 CVE-2021-33045 HTTP_CRL-Dahua-IP-Camera-Loopback-Authentication-Bypass-CVE-2021-33045 Suspected Compromise
High Ivanti-Endpoint-Manager-Servermotherboard-Loadmotherboardtable-SQL-Injection CVE-2024-34785 HTTP_CRL-Ivanti-Endpoint-Manager-Servermotherboard-Loadmotherboardtable-SQL-Injection Suspected Compromise
High Wordpress-TI-Woocommerce-Wishlist-Plugin-SQL-Injection CVE-2024-43917 HTTP_CRL-Wordpress-TI-Woocommerce-Wishlist-Plugin-SQL-Injection Suspected Compromise

Text File Stream

Risk Vulnerability/Situation References Related Fingerprint Situation Type
High Google-Chrome-Type-Confusion-CVE-2022-1096 CVE-2022-1096 File-Text_Google-Chrome-Type-Confusion-CVE-2022-1096 Suspected Compromise

Updated detected attacks:

HTTP Normalized Request-Line

Risk Vulnerability/Situation References Related Fingerprint Situation Type Change Description
High Dahua-IP-Camera-NetKeyboard-Authentication-Bypass-CVE-2021-33044 CVE-2021-33044 HTTP_CRL-Dahua-IP-Camera-NetKeyboard-Authentication-Bypass-CVE-2021-33044 Potential Compromise
Fingerprint regexp changed

LIST OF OTHER CHANGES:

New objects:

Type Name
Category VHD PTZ
IPList Kaspersky Security Network
Situation Kaspersky_Security_Network
Situation Analyzer_SSH-Password-Login-Brute-Force
Situation File-Name_RDP-Session-Configuration-File

Updated objects:

Type Name Changes
Situation File_Malware-MD5
Detection mechanism updated
Situation URL_List-DNS-Over-HTTPS
Detection mechanism updated
IPList Rwanda
IPList Somalia
IPList Yemen
IPList Iraq
IPList Saudi Arabia
IPList Iran
IPList Cyprus
IPList Tanzania
IPList Syria
IPList Armenia
IPList Kenya
IPList DR Congo
IPList Djibouti
IPList Uganda
IPList Central African Republic
IPList Seychelles
IPList Jordan
IPList Lebanon
IPList Kuwait
IPList Oman
IPList Qatar
IPList Bahrain
IPList United Arab Emirates
IPList Israel
IPList Türkiye
IPList Ethiopia
IPList Eritrea
IPList Egypt
IPList Sudan
IPList Greece
IPList Burundi
IPList Estonia
IPList Latvia
IPList Azerbaijan
IPList Lithuania
IPList Svalbard and Jan Mayen
IPList Georgia
IPList Moldova
IPList Belarus
IPList Finland
IPList Åland Islands
IPList Ukraine
IPList North Macedonia
IPList Hungary
IPList Bulgaria
IPList Albania
IPList Poland
IPList Romania
IPList Kosovo
IPList Zimbabwe
IPList Zambia
IPList Comoros
IPList Malawi
IPList Lesotho
IPList Botswana
IPList Mauritius
IPList Eswatini
IPList Réunion
IPList South Africa
IPList Mayotte
IPList Mozambique
IPList Madagascar
IPList Afghanistan
IPList Pakistan
IPList Bangladesh
IPList Turkmenistan
IPList Tajikistan
IPList Sri Lanka
IPList Bhutan
IPList India
IPList Maldives
IPList British Indian Ocean Territory
IPList Nepal
IPList Myanmar
IPList Uzbekistan
IPList Kazakhstan
IPList Kyrgyzstan
IPList French Southern Territories
IPList Heard and McDonald Islands
IPList Cocos (Keeling) Islands
IPList Palau
IPList Vietnam
IPList Thailand
IPList Indonesia
IPList Laos
IPList Taiwan
IPList Philippines
IPList Malaysia
IPList China
IPList Hong Kong
IPList Brunei
IPList Macao
IPList Cambodia
IPList South Korea
IPList Japan
IPList North Korea
IPList Singapore
IPList Cook Islands
IPList Timor-Leste
IPList Russia
IPList Mongolia
IPList Australia
IPList Christmas Island
IPList Marshall Islands
IPList Federated States of Micronesia
IPList Papua New Guinea
IPList Solomon Islands
IPList Tuvalu
IPList Nauru
IPList Vanuatu
IPList New Caledonia
IPList Norfolk Island
IPList New Zealand
IPList Fiji
IPList Libya
IPList Cameroon
IPList Senegal
IPList Congo Republic
IPList Portugal
IPList Liberia
IPList Ivory Coast
IPList Ghana
IPList Equatorial Guinea
IPList Nigeria
IPList Burkina Faso
IPList Togo
IPList Guinea-Bissau
IPList Mauritania
IPList Benin
IPList Gabon
IPList Sierra Leone
IPList São Tomé and Príncipe
IPList Gibraltar
IPList Gambia
IPList Guinea
IPList Chad
IPList Niger
IPList Mali
IPList Western Sahara
IPList Tunisia
IPList Spain
IPList Morocco
IPList Malta
IPList Algeria
IPList Faroe Islands
IPList Denmark
IPList Iceland
IPList United Kingdom
IPList Switzerland
IPList Sweden
IPList The Netherlands
IPList Austria
IPList Belgium
IPList Germany
IPList Luxembourg
IPList Ireland
IPList Monaco
IPList France
IPList Andorra
IPList Liechtenstein
IPList Jersey
IPList Isle of Man
IPList Guernsey
IPList Slovakia
IPList Czechia
IPList Norway
IPList Vatican City
IPList San Marino
IPList Italy
IPList Slovenia
IPList Montenegro
IPList Croatia
IPList Bosnia and Herzegovina
IPList Angola
IPList Saint Helena
IPList Bouvet Island
IPList Barbados
IPList Cabo Verde
IPList Guyana
IPList French Guiana
IPList Suriname
IPList Saint Pierre and Miquelon
IPList Greenland
IPList Paraguay
IPList Uruguay
IPList Brazil
IPList Falkland Islands
IPList South Georgia and the South Sandwich Islands
IPList Jamaica
IPList Dominican Republic
IPList Cuba
IPList Martinique
IPList Bahamas
IPList Bermuda
IPList Anguilla
IPList Trinidad and Tobago
IPList St Kitts and Nevis
IPList Dominica
IPList Antigua and Barbuda
IPList Saint Lucia
IPList Turks and Caicos Islands
IPList Aruba
IPList British Virgin Islands
IPList St Vincent and Grenadines
IPList Montserrat
IPList Saint Martin
IPList Saint Barthélemy
IPList Guadeloupe
IPList Grenada
IPList Cayman Islands
IPList Belize
IPList El Salvador
IPList Guatemala
IPList Honduras
IPList Nicaragua
IPList Costa Rica
IPList Venezuela
IPList Ecuador
IPList Colombia
IPList Panama
IPList Haiti
IPList Argentina
IPList Chile
IPList Bolivia
IPList Peru
IPList Mexico
IPList French Polynesia
IPList Pitcairn Islands
IPList Kiribati
IPList Tokelau
IPList Tonga
IPList Wallis and Futuna
IPList Samoa
IPList Niue
IPList Northern Mariana Islands
IPList Guam
IPList Puerto Rico
IPList U.S. Virgin Islands
IPList U.S. Outlying Islands
IPList American Samoa
IPList Canada
IPList United States
IPList Palestine
IPList Serbia
IPList Antarctica
IPList Sint Maarten
IPList Curaçao
IPList Bonaire, Sint Eustatius, and Saba
IPList South Sudan
IPList TOR exit nodes IP Address List
IPList Amazon AMAZON
IPList Amazon EC2
IPList Google Servers
IPList Akamai Servers
IPList TOR relay nodes IP Address List
IPList Microsoft Office 365 SharePoint Online and OneDrive for Business
IPList Botnet IP Address List
IPList Malicious Site IP Address List
IPList NordVPN Servers IP Address List
IPList Amazon AMAZON eu-west-2
IPList Amazon AMAZON us-east-1
IPList Forcepoint Drop IP Address List
IPList Amazon AMAZON us-gov-east-1
IPList Amazon AMAZON us-west-2
IPList Amazon EC2 us-west-2
Situation HTTP_CSU-Shared-Variables
Application Kaspersky-Security-Network
Application detection context content changed
Application Port "tcp/443 tls: no" -> "tcp/443 tls: free"
TLS Match identification changed from to false
Application Microsoft-Office-365
Application Microsoft-OneDrive
Application Akamai-Infrastructure
Application TOR
Application Manoto
Application DNS-Over-HTTPS
Application NordVPN

DISCLAIMER AND COPYRIGHT

Copyright © 2024 Forcepoint
Forcepoint and the FORCEPOINT logo are trademarks of Forcepoint.

All other trademarks used in this document are the property of their respective owners.

Every effort has been made to ensure the accuracy of this document. However, Forcepoint makes no warranties with respect to this documentation and disclaims any implied warranties of merchantability and fitness for a particular purpose. Forcepoint shall not be liable for any error or for incidental or consequential damages in connection with the furnishing, performance, or use of this manual or the examples herein. The information in this documentation is subject to change without notice.