Manualsbrain.com
  1. Manuals
  2. Brands
  3. Cisco
  4. Cisco Firepower Management Center 4000
  5. Release Notes

Cisco Cisco Firepower Management Center 4000 Release Notes

Download
Page of 45
Version 5.2.0.6
Sourcefire 3D System Release Notes
22
Issues Resolved in Version 5.2.0.6
Issues Resolved in Previous Updates
Previously resolved issues are listed by version.
Version 5.2.0.5
Security Issue 
Eliminated a cross-site scripting (XSS) vulnerability 
(CVE-2014-2012) in the intrusion rule editor pages that could allow an 
attacker to access and disclose information, imitate user actions and 
requests, or execute arbitrary JavaScript. Special thanks to Liad Mizrachi 
Check Point Security Research Team for reporting this issue. (136539)
Security Issue 
Eliminated a cross-site request forgery (CSRF) vulnerability 
(CVE-2014-2011) in the User Configuration page that could allow an attacker 
to add or edit user accounts. Special thanks to Liad Mizrachi Check Point 
Security Research Team for reporting this issue. (136910)
Security Issue 
Eliminated a CSRF vulnerability (CVE-2014-2028) in the User 
Management page that could allow an attacker to activate, deactivate, edit, 
or delete user accounts. Special thanks to Liad Mizrachi Check Point 
Security Research Team for reporting this issue. (136913)
Security Issue 
Eliminated an XSS vulnerability (CVE-2014-2275) in the 
Scheduling page, Health Monitor page, and event viewers that could allow 
an attacker to access and disclose information, imitate user actions and 
requests, or execute arbitrary JavaScript. Special thanks to Adi Volkovitz 
Check Point Security Research Team for reporting this issue. (137849, 
137852, 137855)
Version 5.2.0.4
Resolved an issue where, in some cases, NAT rule validation failed if you 
configured a static NAT rule with an original destination network that 
overlapped the translated source network on a dynamic NAT rule in the 
same NAT policy. (131490)
Resolved an issue where, after you selected Logarithmic as the Vertical 
Scale for the Intrusion Event dashboard widget, the system refreshed the 
widget and instead displayed the data using the default Linear Vertical Scale. 
(132203)
Improved the stability of host data queries to the eStreamer client. (132239, 
134244, 134295)
Improved the stability of connection event processing if your correlation 
policy contained a rule based on a connection event and specified a 
NETBIOS Name rule condition. (132562)
Resolved an issue where the eStreamer client omitted intrusion rule name 
metadata for intrusion events if you associated a Sourcefire-provided 
intrusion policy with an access control rule on a Defense Center running 
Version 5.2.0.2. (132667)