Cisco Cisco FirePOWER Appliance 7010 Notas de publicación
Version 5.2.0.6
Sourcefire 3D System Release Notes
31
Known Issues
•
Resolved an issue where, in some cases, eStreamer logged packets before
their associated event records. (122365)
•
Resolved an issue where, in some cases, the system did not enable traffic
profiles with inactive periods. (122440)
•
Resolved an issue in network discovery policies where changes to user
protocol detection configuration did not take effect. (122763)
•
Improved the system's reporting of error messages generated by the
eStreamer client. (122859)
•
Resolved an issue with the eStreamer client where SHA-256 values were
incorrectly reported by the Defense Center. (122869)
•
Resolved an issue where users were not prompted to enable the TCP
stream preprocessor when saving an intrusion policy with the rate-based
attack prevention preprocessor enabled and the TCP stream preprocessor
disabled. (122905)
•
Resolved an issue where, in rare cases, intrusion rules that triggered on
pruned sessions applied the rule action to current sessions. (122990)
Known Issues
The following new known issues are reported in Version 5.2.0.6:
•
Configuring a proxy server to authenticate with a Message Digest 5 (MD5)
password encryption for malware cloud lookups is not supported. (135279)
•
The documentation incorrectly states the following:
If a secondary
device fails, the primary device continues to sense traffic,
generate alerts, and send traffic to all secondary devices. On
failed secondary devices, traffic is dropped. A health alert
is generated indicating loss of link.
generate alerts, and send traffic to all secondary devices. On
failed secondary devices, traffic is dropped. A health alert
is generated indicating loss of link.
The documentation should specify that, if the secondary device in a stack
fails, by default, inline sets with configurable bypass enabled go into bypass
mode on the primary device. For all other configurations, the system
continues to load balance traffic to the failed secondary device. In either
case, a health alert is generated to indicate loss of link. (138269)
•
The documentation does not reflect that, if you enable an intrusion rule that
checks for a flowbits state on traffic over a port, and enable at least one
other rule that affects assigning the same flowbits state for traffic over the
same port, when you apply or reapply the policy, the system does not
automatically enable any other rule within the policy that affects assigning
that flowbits state. (138507, 141143)
•
Security Issue
Sourcefire is aware of a vulnerability inherent in the Intelligent
Platform Management Interface (IPMI) standard (CVE-2013-4786). Enabling
Lights-Out Management (LOM) on an appliance exposes this vulnerability.
To mitigate the vulnerability, deploy your appliances on a secure