Cisco Cisco Firepower Management Center 4000 Release Notes
Version 5.3.0.6
Sourcefire 3D System Release Notes
24
Resolved Issues
•
Resolved an issue where, if your managed device originated at Version
5.1.1.x and you updated it to Version 5.2.x and then to Version 5.3, the
system generated extraneous health alerts for high unmanaged disk usage.
(135689)
•
Resolved an issue where, if you updated an appliance from Version 5.2.x to
Version 5.3 and later created a backup, you could not restore the backup on
Defense Centers that were reimaged to Version 5.3. (135869)
•
Resolved an issue where the system displayed multiple unique hosts that
shared an IP address as a single host with multiple actual MAC addresses in
the host profile. (135956, 135992)
•
Resolved an issue where the system restricted access to the User
Management page (System > Local > User Management) on physical managed
devices. (136079)
•
Security Issue
Eliminated an XSS vulnerability (CVE-2014-2012) in the
intrusion rule editor pages that could allow an attacker to access and
disclose information, imitate user actions and requests, or execute arbitrary
JavaScript. Special thanks to Liad Mizrachi Check Point Security Research
Team for reporting this issue. (136542)
•
Security Issue
Eliminated a cross-site request forgery (CSRF) vulnerability
(CVE-2014-2011) in the User Configuration page that could allow an attacker
to add or edit user accounts. Special thanks to Liad Mizrachi Check Point
Security Research Team for reporting this issue. (136911)
•
Security Issue
Eliminated a CSRF vulnerability (CVE-2014-2028) in the User
Management page that could allow an attacker to activate, deactivate, edit,
or delete user accounts. Special thanks to Liad Mizrachi Check Point
Security Research Team for reporting this issue. (136914)
•
Resolved an issue where the system provided incorrect speed data for fiber
interfaces with speeds of 4GB and faster. (137484)
•
Security Issue
Eliminated an XSS vulnerability (CVE-2014-2275) in the
Scheduling page, the Health Monitor page, and the event viewers that could
allow an attacker to access and disclose information, imitate user actions
and requests, or execute arbitrary JavaScript. Special thanks to Adi Volkovitz
Check Point Security Research Team for reporting this issue. (137850,
137853, 137856)
•
Resolved an issue where, after you disconnected and reconnected the fiber
interfaces on a Series 3 managed device, the system did not reestablish the
network connection. (138099)