Cisco Cisco FirePOWER Appliance 7120
Version 5.3.0.4
Sourcefire 3D System Release Notes
18
Resolved Issues
Issues Resolved in Previous Updates
You can track defects resolved in this release using the Cisco Bug Search Tool
(
https://tools.cisco.com/bugsearch/
). A Cisco account is required. To view defects
addressed in older versions, refer to the legacy caveat tracking system. Because
you can update your appliances from Version 5.3 to Version 5.3.0.4, this update
also includes the changes from Version 5.3. Previously resolved issues are listed
by version.
Version 5.3.0.3:
•
Security Issue
Addressed an arbitrary injection vulnerability allowing
unauthenticated, remote attackers to execute commands via Bash to
address CVE-2014-6271 and CVE-2014-7169. (144862/CSCze95477,
144941/CSCze95479, 144948/CSCze96159)
•
Resolved an issue where, if you edited any of the applied intrusion policies,
the system marked all intrusion policies as out-of-date. (134066,
140135/CSCze91908)
•
Improved responsiveness of link state propagation. (137773/CSCze90606)
•
Resolved an issue where the documentation did not reflect that, if you
registered a cluster, stack, or clustered stack of devices to a Defense
Center, you had to manually reapply the device configuration.
(141624/CSCze93129, 142412/CSCze92735)
•
Resolved a rare issue where, when your system triggered an alert on the
first data packet of a TCP session from a server, the alert failed to specify
the egress interface. (141817/CSCze93047)
•
Improved the stability of the SMB and DCE/RPC preprocessor.
(142199/CSCze93232)
•
Resolved an issue where, if you edited an access control policy and policy
apply failed, the policy changes from the attempted policy apply were not
apply failed, the policy changes from the attempted policy apply were not
restored to the previously applied policy. (142908/CSCze93586)
•
Resolved an issue where, if a user named
admin
is not established during
the first initialization of the baseboard management controller of a managed
device, the system did not let you change the default password and you
could not log into the device. (143053/CSCze94371)
•
Improved and accelerated policy apply. (143318/CSCze93668)
•
Resolved an issue where, if the system generated intrusion events
matching a rule with a GID other than
1
or
3
, alerts sent to your syslog
server contained incorrect messages. (143465/CSCze95013)
•
Resolved an issue where the host profile incorrectly displayed multiple IP
addresses for a single managed device. (143470/CSCze94629)
•
Resolved an issue where, if you configured a 3D71xx or 3D70xx managed
device with passive interfaces, connection events generated on those
interfaces may have reported incorrect egress zone information.
(143532/CSCze94988)