Cisco Cisco Firepower Management Center 2000
23
FireSIGHT System Release Notes
Version 5.3.1.7
Known Issues
•
Resolved an issue where, if the system generated file events from the file traffic, the system
incorrectly truncated file event filenames with colons on several pages of the web interface.
(143666/CSCze94954)
incorrectly truncated file event filenames with colons on several pages of the web interface.
(143666/CSCze94954)
•
Resolved an issue where, if the system generated intrusion events matching a rule with a generator
ID (GID) other than 1 or 3, syslog alerts contained incorrect messages. (143725/CSCze94300)
ID (GID) other than 1 or 3, syslog alerts contained incorrect messages. (143725/CSCze94300)
•
Resolved an issue where, if you disabled any access control rules containing either an intrusion
policy or a variable set different from any enabled rules and the access control policy’s default
action, access control policy apply failed and the system experienced issues. (143870/CSCze94942)
policy or a variable set different from any enabled rules and the access control policy’s default
action, access control policy apply failed and the system experienced issues. (143870/CSCze94942)
•
Resolved an arbitrary injection vulnerability allowing unauthenticated, remote attackers to execute
commands via Bash. This addresses CVE-2014-6271 and CVE-2014-7169. For more information,
refer to the Cisco Security Advisory page at
commands via Bash. This addresses CVE-2014-6271 and CVE-2014-7169. For more information,
refer to the Cisco Security Advisory page at
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash
.
(144863/CSCze95512, 144942/CSCze95480, 144949/CSCze96202)
Issues Resolved in Version 5.3.1:
•
Resolved an issue where, in some cases, the intrusion event packet view displayed a rule message
that did not match the rule that generated the event. (138208/CSCze90592)
that did not match the rule that generated the event. (138208/CSCze90592)
•
Resolved an issue where you could not import an intrusion rule that referenced a custom variable.
(138211/CSCze90499)
(138211/CSCze90499)
•
Resolved an issue where enabling telnet on a Cisco IOS Null Route remediation module and
configuring the username for the Cisco IOS instance to enable by default on the Cisco IOS router
caused Cisco IOS Null Route remediations to fail on the Defense Center. (139506/CSCze91607)
configuring the username for the Cisco IOS instance to enable by default on the Cisco IOS router
caused Cisco IOS Null Route remediations to fail on the Defense Center. (139506/CSCze91607)
•
Resolved an issue where the system did not prevent you from creating a network variable with an
excluded network value that excluded all (any) networks. (139510/CSCze91770)
excluded network value that excluded all (any) networks. (139510/CSCze91770)
Known Issues
The following known issues are reported in Version 5.3.1.7:
•
In some cases, if you enable the use of a proxy on your Defense Center and Create FireAMP
Connection on the Amp Management page (Amp > Amp Management), the system does not
include
Connection on the Amp Management page (Amp > Amp Management), the system does not
include
Private Cloud
in the Cloud Name drop-down list when it should. (CSCuu16374)
•
In some cases, if you create an LDAP object in the Microsoft Active Directory and add the LDAP
object to a user policy, then move the LDAP object, the Defense Center cannot locate the LDAP
object. As a workaround, remove the LDAP group containing the LDAP object from the Users
Policy page (Policies > Users) and Fetch Groups from the Defense Center, then add the group and
recreate the LDAP object in the user policy. (CSCuu95350)
object to a user policy, then move the LDAP object, the Defense Center cannot locate the LDAP
object. As a workaround, remove the LDAP group containing the LDAP object from the Users
Policy page (Policies > Users) and Fetch Groups from the Defense Center, then add the group and
recreate the LDAP object in the user policy. (CSCuu95350)
•
If you apply an access control policy with the default action set to Network Discovery that contains
an access control rule configured to Block ICMPv6 traffic to an 8000 Series, the system does not
generate events when traffic is blocked when it should. (CSCuw36033)
an access control rule configured to Block ICMPv6 traffic to an 8000 Series, the system does not
generate events when traffic is blocked when it should. (CSCuw36033)
•
In some cases, if you apply an access control policy containing all the Risk category conditions, the
system does not automatically enable all the necessary detectors if the detectors were not enabled
prior to apply the access control policy. (CSCuw41474)
system does not automatically enable all the necessary detectors if the detectors were not enabled
prior to apply the access control policy. (CSCuw41474)
•
If a user belongs to a group included in an LDAP user awareness object but the group the user
belongs to is set as the primary group on the Active Directory server, the user is not included in the
list of access-controlled users downloaded from the Active Directory server and you cannot add that
user to an access control rule. (CSCuv03821)
belongs to is set as the primary group on the Active Directory server, the user is not included in the
list of access-controlled users downloaded from the Active Directory server and you cannot add that
user to an access control rule. (CSCuv03821)