Cisco Cisco Firepower Management Center 4000 Release Notes

Version 5.2.0.6

Sourcefire 3D System Release Notes

Issues Resolved in Version 5.2.0.6

•

Security Issue

Eliminated a vulnerability that could allow a remote attacker to

execute unauthorized IPMI commands if Lights-Out Management was

enabled on a Series 3 appliance. For more information, log in to the

Customer Center and access the KB article at

https://na8.salesforce.com/articles/Informational/000002045

. (131040)

•

Security Issue

Resolved an issue where the Sourcefire 3D System web

server had the potential to execute system commands as root. Special

thanks to Detmar Liesen and Christian Rahmen at Information und Technik

Nordrhein-Westfalen (IT.NRW) for reporting this issue. (131737)

•

Security Issue

Eliminated a vulnerability that could allow an attacker to

execute Linux commands via the filter search field on the System Log page.

For more information, log in to the Customer Center and access the KB

article at

https://na8.salesforce.com/articles/Informational/000002058

(131738)

Version 5.2.0.2

•

Resolved an issue where, in some cases, if you configured passive

interfaces and assigned them to a passive security zone in the object

manager, the device configuration apply failed. (125119)

•

Resolved an issue where, in rare cases, the system did not provide URL

Category or URL Reputation values for unknown URLs. (125151)

•

Resolved a hardware issue where a virtual switch did not pass IPv6 traffic if

you did not configure IPv6 support on the connected hybrid interface.

(125306)

•

Resolved an issue where, in some cases, the system triggered false

positive intrusion events on the SMTP preprocessor rules 124:1 and 124:3.

(124688)

•

Resolved an issue where traffic matched an access control policy block rule
and the system evaluated it against the access control policy default action

configured as an intrusion policy. (124732)

•

Resolved a synchronization issue where, in rare cases, clusters lost their

clustered status. (125497)

•

Resolved an issue where accessing the intrusion rule editor from the packet

view (Analysis > Intrusion > Events) caused the system to display an error

message and log the attempt as an unauthorized action. (125770)

•

Resolved an issue with the Sourcefire Data Correlator where complex

queries slowed the system’s ability to process new connection events.

(125754)

•

Updated Sourcefire documentation to reflect that when you reimage a

device with interfaces configured to fail open, they will revert to a

non-bypass (fail closed) configuration at first boot and remain closed until

you configure bypass mode for them. (125957)