Cisco Cisco Firepower Management Center 4000
Version 5.2.0.7
Sourcefire 3D System Release Notes
21
Issues Resolved in Version 5.2.0.7
•
Resolved an issue where, if you applied an access control rule with
end-of-connection logging enabled on a Series 3 managed device, large
quantities of traffic caused system issues. (139931)
•
Improved the firmware on 8000 Series and 3D9900 devices to optimize
resource usage for packet processing. (140166)
•
Resolved an issue where, in rare cases, the system generated health alert
emails containing indecipherable messages. (140442)
•
Resolved an issue where scheduled vulnerability database (VDB) updates
failed if Greenwich Mean Time (GMT, also known as UTC) was not your local
time zone. (140464)
•
Resolved an issue where, if you registered more than 100 managed devices
to a Defense Center, the Defense Center experienced system issues.
(140512)
•
Resolved an issue where creating a new scheduled task on the Scheduling
page (System > Tools > Scheduling) caused the system to display an
authorization error message. (140556)
Version 5.2.0.5
•
Security Issue
Eliminated a cross-site scripting (XSS) vulnerability
(CVE-2014-2012) in the intrusion rule editor pages that could allow an
attacker to access and disclose information, imitate user actions and
requests, or execute arbitrary JavaScript. Special thanks to Liad Mizrachi
Check Point Security Research Team for reporting this issue. (136539)
•
Security Issue
Eliminated a cross-site request forgery (CSRF) vulnerability
(CVE-2014-2011) in the User Configuration page that could allow an attacker
to add or edit user accounts. Special thanks to Liad Mizrachi Check Point
Security Research Team for reporting this issue. (136910)
•
Security Issue
Eliminated a CSRF vulnerability (CVE-2014-2028) in the User
Management page that could allow an attacker to activate, deactivate, edit,
or delete user accounts. Special thanks to Liad Mizrachi Check Point
Security Research Team for reporting this issue. (136913)
•
Security Issue
Eliminated an XSS vulnerability (CVE-2014-2275) in the
Scheduling page, Health Monitor page, and event viewers that could allow
an attacker to access and disclose information, imitate user actions and
requests, or execute arbitrary JavaScript. Special thanks to Adi Volkovitz
Check Point Security Research Team for reporting this issue. (137849,
137852, 137855)