For steps on how to apply the latest content update, visit https://help.fortinet.com/fsiem/6-7-0/Online-Help/HTML5_Help/content_update.htm.
Content update 329 (6.6.x), 421 (6.7.x), 514 (7.0.x), 607 (7.1.x) adds detection of the following outbreaks:
- Outbreak: Nice Linear eMerge Command Injection Vuln Detected on Network
- Outbreak: Sunhillo SureLine Command Injection Attack Detected on Network
- Outbreak: Sunhillo SureLine Command Injection Attack Detected on Host
- Outbreak: PAN OS GlobalProtect Command Injection Vuln Detected on Network
- Outbreak: PAN OS GlobalProtect Command Injection Vuln Detected on Host
Content update 328 (6.6.x), 420 (6.7.x), 513 (7.0.x), 606 (7.1.x) adds detection of the following outbreaks:
- Outbreak: ConnectWise ScreenConnect Attack Detected on Network
- Outbreak: ConnectWise ScreenConnect Attack Detected on Host
Content update 325 (6.6.x), 417 (6.7.x), 510 (7.0.x), 604 (7.1.x) adds detection of the following outbreaks:
- Outbreak: Ivanti Connect Secure and Policy Secure Attack Detected on Network
Content update 324 (6.6.x), 416 (6.7.x), 509 (7.0.x), 603 (7.1.x) adds detection of the following outbreaks:
- Outbreak: Microsoft SharePoint Server Elevation of Privilege Vuln Detected on Network
- Outbreak: Microsoft SharePoint Server Elevation of Privilege Vuln Detected on Host
- Outbreak: Adobe ColdFusion Access Control Bypass Attack Detected on Network
- Outbreak: Adobe ColdFusion Access Control Bypass Attack Detected on Host
- Outbreak: Androxgh0st Malware Attack Detected on Network
- Outbreak: Androxgh0st Malware Attack Detected on Host
Content update 323 (6.6.x), 415 (6.7.x), 508 (7.0.x), 602 (7.1.x) adds detection of the following outbreaks:
- Outbreak: Lazarus RAT Attack Detected on Network
- Outbreak: Lazarus RAT Attack Detected on Host
- Outbreak: JetBrains TeamCity Authentication Bypass Attack Detected on Network
- Outbreak: JetBrains TeamCity Authentication Bypass Attack Detected on Host
Content update 322 (6.6.x), 414 (6.7.x), 507 (7.0.x), 601 (7.1.x) adds detection of the following outbreaks:
- Outbreak: Citrix Bleed Attack Detected on Network
- Outbreak: Apache ActiveMQ Ransomware Attack Detected on Network
- Outbreak: Apache ActiveMQ Ransomware Attack Detected on Host
Content update 224 (6.5.x), 321 (6.6.x), 413 (6.7.x), 506 (7.0.x) adds detection of the following outbreaks:
- Outbreak: Cisco IOS XE Web UI Attack Detected on Network
- Outbreak: HTTP2 Rapid Reset Attack Detected on Network
- Outbreak: HTTP2 Rapid Reset Attack Detected on Host
Content update 223 (6.5.x), 320 (6.6.x), 412 (6.7.x), 505 (7.0.x) adds detection of the following outbreaks:
- Outbreak: Google Chromium WebP Vuln Detected on Network
- Outbreak: Google Chromium WebP Vuln Detected on Host
Content update 222 (6.5.x), 319 (6.6.x), 411 (6.7.x), 504 (7.0.x) adds detection of the following outbreaks:
- Outbreak: Adobe ColdFusion Deserialization of Untrusted Data Vuln Detected on Network.
- Outbreak: Adobe ColdFusion Deserialization of Untrusted Data Vuln Detected on Host.
- Outbreak: WooCommerce Payments Improper Authentication Vuln Detected on Network.
- Outbreak: WooCommerce Payments Improper Authentication Vuln Detected on Host.
- Outbreak: Agent Tesla Malware Attack Detected on Network.
- Outbreak: Agent Tesla Malware Attack Detected on Host.
Content update 221 (6.5.x), 318 (6.6.x), 410 (6.7.x), 503 (7.0.0) adds detection of the following outbreaks:
- Outbreak: Microsoft Office and Windows HTML RCE Vuln Detected on Network.
- Outbreak: Microsoft Office and Windows HTML RCE Vuln Detected on Host.
- Outbreak: Zyxel Router Command Injection Attack Detected on Network.
- Outbreak: Ivanti Endpoint Manager Mobile Authentication Bypass Vuln Detected on Network.
- Outbreak: Ivanti Endpoint Manager Mobile Authentication Bypass Vuln Detected on Host.
Content update 220 (6.5.x), 317 (6.6.x), 409 (6.7.x), 502 (7.0.0) adds detection of the following outbreaks:
- Outbreak: VMware Aria Operations for Networks Command Injection Vuln Detected on Network.
- Outbreak: Apache RocketMQ RCE Vuln Detected on Network.
- Outbreak: SolarView Compact Command Injection Vuln Detected on Network.
Content update 316 (6.6.x), 408 (6.7.x), 501 (7.0.x) adds detection of the following outbreaks:
- Outbreak: Multiple Vendor Camera System Attack Detected on Network.
- Outbreak: TP-Link Archer AX-21 Command Injection Attack Detected on Network.
- Outbreak: TP-Link Archer AX-21 Command Injection Attack Detected on Host.
- Outbreak: Zyxel Multiple Firewall Vuln Detected on Network.
- Outbreak: Zyxel Multiple Firewall Vuln Detected on Host.
- Outbreak: Progress MOVEit Transfer SQL Injection Vuln Detected on Network.
- Outbreak: Progress MOVEit Transfer SQL Injection Vuln Detected on Host.
- Outbreak: CosmicEnergy Malware Detected on Network.
- Outbreak: CosmicEnergy Malware Detected on Host.
Content update 315 (6.6.x), 407 (6.7.x) adds detection of the following outbreaks:
- Outbreak: PaperCut MF/NG Improper Access Control Vulnerability Detected on Network.
- Outbreak: PaperCut MF/NG Improper Access Control Vulnerability Detected on Host.
- Outbreak: TBK DVR Authentication Bypass Attack Detected on Network.
- Outbreak: Oracle WebLogic Server Vulnerability Detected on Network.
Content update 314 (6.6.x), 406 (6.7.x) adds detection of the following outbreaks:
- Outbreak: Zoho ManageEngine RCE Vulnerability Detected on Network.
- Outbreak: ThinkPHP Remote Code Execution Vulnerability Detected on Network.
- Outbreak: ThinkPHP Remote Code Execution Vulnerability Detected on Host.
- Outbreak: Realtek SDK Attack Detected on Network.
- Outbreak: Realtek SDK Attack Detected on Host.
Content update 313 (6.6.x), 405 (6.7.x) adds detection of the following outbreaks:
- Outbreak: IBM Aspera Faspex Code Execution Vulnerability Detected on Network.
- Outbreak: IBM Aspera Faspex Code Execution Vulnerability Detected on Host
- Outbreak: Joomla! CMS Improper Access Check Vulnerability Detected on Network.
- Outbreak: Teclib GLPI Remote Code Execution Vulnerability Detected on Network.
- Outbreak: Progress Telerik UI Attack Detected on Network.
- Outbreak: Progress Telerik UI Attack Detected on Host.
- Outbreak: Microsoft Outlook Elevation of Privilege Vulnerability Detected on Network.
- Outbreak: Microsoft Outlook Elevation of Privilege Vulnerability Detected on Host.
- Outbreak: 3CX Supply Chain Attack Detected on Network.
- Outbreak: 3CX Supply Chain Attack Detected on Host.
Content update 312 (6.6.x), 404 (6.7.x) adds detection of the following outbreaks:
- Outbreak: VMware ESXi Server Ransomware Attack Detected on Network.
- Outbreak: Cacti Server Command Injection Attack Detected on Network.
- Outbreak: Cacti Server Command Injection Vulnerability Detected on Host.
- Outbreak: Fortra GoAnywhere MFT RCE Vulnerability Detected on Host.
- Outbreak: Fortra GoAnywhere MFT RCE Vulnerability Detected on Network.
Content update 311 (6.6.x), 403 (6.7.x) adds detection of the following outbreaks:
- Outbreak: Control Web Panel Login Exploit Detected on Host.
- Outbreak: Control Web Panel Login Exploit Detected on Network.
- Outbreak: Router Malware Attack Detected on Host.
- Outbreak: Router Malware Attack Detected on Network.
Content update 310 (6.6.x), 402 (6.7.x) adds detection of the following outbreaks:
- Outbreak: Atlassian Pre-Auth Arbitrary File Read Vuln detected on Network.
- Outbreak: Atlassian Pre-Auth Arbitrary File Read Vuln detected on Host.
- Outbreak: BURNTCIGAR MS Signed Driver Malware detected on Network.
- Outbreak: BURNTCIGAR MS Signed Driver Malware detected on Host.
- Outbreak: FortiWeb detected VMware Spring Cloud Func RCE - Vulnerability on Network.
- Outbreak: VMware Spring Cloud Func RCE Vulnerability on Network.
- Outbreak: FortiWeb detected Zerobot Botnet Activity on Network.
- Outbreak: Zerobot Botnet Activity Detected on Host.
- Outbreak: Zerobot Botnet Activity Detected on Network.
Content update 309 (6.6.x), 401 (6.7.0) adds detection of the following outbreaks:
- Outbreak: VMWare Workspace ONE Vulnerability - CVE-2022-22954 on Network.
- Outbreak: Redigo Malware Detected on Network.
- Outbreak: Redigo Malware Detected on Host.
- Outbreak: FortiOS SSLVPN Heap Buffer Overflow Attack - CVE-2022-42475 Detected on Network.
Content update 308 adds the detection of the following outbreaks:
- Outbreak: ABB Flow Computer Path Traversal Vulnerability Detected on Network.
- Outbreak: Sandbreak vm2 sandbox module RCE Vulnerability Detected on Network.
- Outbreak: Hive Ransomware Detected on Network.
- Outbreak: Hive Ransomware Detected on Host.
- Outbreak: X.509 Email Address Buffer Overflow in OpenSSL 3.0.0 to 3.0.6 detected on Network.
- Outbreak: X.509 Email Address Buffer Overflow in OpenSSL 3.0.0 to 3.0.6 detected on Host.
- Outbreak: CISA Top 20 Vulnerability detected on Host.
- Outbreak: FortiGate detected CISA's Top 20 Vulnerability on the Network.
- Outbreak: FortiWeb detected CISA Top 20 Vulnerability on Network.
|