Cisco Cisco Firepower Management Center 2000 Release Notes

Improved SFDataCorrelator capabilities. (CSCut23688)

Resolved an issue where the system ignored source network access control rule conditions when 
processing traffic. (CSCut23929)

Troubleshooting generated by a failure now includes IPv6 information. (CSCut48083)

Because you can update your appliances from Version 5.3.1 to Version 5.3.1.3, this update also includes 
the changes in all updates from Version 5.3.1.3 through Version 5.3.1. Previously resolved issues are 
listed by version.

Security Issue

 Addressed multiple cross-site scripting (XSS) vulnerabilities.

Security Issue

 Addressed multiple cross-site request forgery (CSRF) vulnerabilities.

Security Issue

 Addressed multiple HTML injection vulnerabilities.

Security Issue

 Addressed multiple Denial of Service (DoS) vulnerabilities as described in 

CVE-2014-0196, and CVE-2014-3153.

Resolved an issue where, if you added a group of stacked devices targeted by the current access 
control policy to your Defense Center and reapplied the policy, the system incorrectly displayed the 
list of managed devices on the Device Management page and prevented you from editing the listed 
devices. (140710/CSCze92390)

Resolved an issue where applying a single health policy to 100 or more managed devices caused 
system issues. (140977/CSCze92388)

Resolved an issue where, if you registered an ASA FirePOWERdevice to a pair of Defense Centers 
in a high availability configuration, the secondary Defense Center did not display the CSM Single 
Sign-On tab on the User Management page (

). 

(141150/CSCze92615)

Resolved an issue where syslog alerts contained incorrect intrusion rule classification data when 
sent as intrusion event notifications. (141213/CSCze92467, 141216/CSCze92474, 
141220/CSCze92639)

Resolved an issue where adaptive profiles failed to take effect if you used a network variable such 
as 

$HOME_NET

 as the value for Networks settings. (141225/CSCze92611)

Resolved an issue where, if you created a configuration-only backup, the backup file included 
extraneous discovery event data. (141246/CSCze92508)

Resolved an issue where, if you created a saved search that used a VLAN tag object, the system 
saved the search with the value 

0

 in the field where you used the VLAN tag object instead. 

(141330/CSCze92734)

Resolved an issue where, if you created a custom workflow with a large number of pages, the time 
window obscured the link the to the final pages of the workflow. (141336/CSCze92873)

Resolved an issue where, in rare cases, the system did not generate a health alert when reapplying 
device configuration failed. (141625/CSCze93130, 141628/CSCze93009)

Resolved an issue where, one or more unresponsive detection resources on a managed device after 
installing an update of the vulnerability database (VDB) caused system issues. 
(141758CSCze93100)

Resolved an issue where, in rare cases, the system triggered an alert on the first data packet of a TCP 
session from a server in which the egress interface would not be recorded. (141817/CSCze93047)

Resolved an issue where, in rare cases, applying multiple access control policies caused system 
issues and high unmanaged disk usage health alerts. (141830/CSCze92990)

Resolved a third-party vulnerability in OpenSSL to address CVE-2-014-0224. 
(141901/CSCze93310)