Cisco Cisco Firepower Management Center 2000
20
FireSIGHT System Release Notes
Version 5.3.1.1
Known Issues
•
Resolved an arbitrary injection vulnerability allowing unauthenticated, remote attackers to execute
commands via Bash. This addresses CVE-2014-6271 and CVE-2014-7169. For more information,
refer to the Cisco Security Advisory page at
commands via Bash. This addresses CVE-2014-6271 and CVE-2014-7169. For more information,
refer to the Cisco Security Advisory page at
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash
.
(144863, 144942, 144949)
Because you can update your appliances from Version 5.3.1 to Version 5.3.1.1, this update also includes
the changes in all updates from Version 5.3.1. Previously resolved issues are listed by version.
the changes in all updates from Version 5.3.1. Previously resolved issues are listed by version.
Issues Resolved in Version 5.3.1:
•
Resolved an issue where, in some cases, the intrusion event packet view displayed a rule message
that did not match the rule that generated the event. (138208)
that did not match the rule that generated the event. (138208)
•
Resolved an issue where you could not import an intrusion rule that referenced a custom variable.
(138211)
(138211)
•
Resolved an issue where enabling telnet on a Cisco IOS Null Route remediation module and
configuring the username for the Cisco IOS instance to enable by default on the Cisco IOS router
caused Cisco IOS Null Route remediations to fail on the Defense Center. (139506)
configuring the username for the Cisco IOS instance to enable by default on the Cisco IOS router
caused Cisco IOS Null Route remediations to fail on the Defense Center. (139506)
•
Resolved an issue where the system did not prevent you from creating a network variable with an
excluded network value that excluded all (any) networks. (139510)
excluded network value that excluded all (any) networks. (139510)
Known Issues
The following known issues are reported in Version 5.3.1.1:
•
In some cases, applying changes to your access control policy, intrusion policy, network discovery
policy, or device configuration, or installing an intrusion rule update or update of the vulnerability
database (VDB) causes the system to experience a disruption in traffic that uses Link Aggregation
Control Protocol (LACP) in fast mode. As a workaround, configure LACP links in slow mode.
(112070)
policy, or device configuration, or installing an intrusion rule update or update of the vulnerability
database (VDB) causes the system to experience a disruption in traffic that uses Link Aggregation
Control Protocol (LACP) in fast mode. As a workaround, configure LACP links in slow mode.
(112070)
•
Configuring a proxy server to authenticate with a Message Digest 5 (MD5) password encryption for
malware cloud lookups is not supported. (135279)
malware cloud lookups is not supported. (135279)
•
The system requires additional time to reboot appliances or ASA FirePOWER devices running
Version 5.3 or later due to a database check. If errors are found during the database check, the reboot
requires additional time to repair the database. (135564, 136439)
Version 5.3 or later due to a database check. If errors are found during the database check, the reboot
requires additional time to repair the database. (135564, 136439)
•
In some cases, if you create a system policy on the primary Defense Center in a high availability
configuration and then manually synchronize the secondary Defense Center, the system generates
an
configuration and then manually synchronize the secondary Defense Center, the system generates
an
ERROR 500 Internal Server Error
message. (139685)
•
If you use Internet Explorer 11 to add a report parameter to the report section title bar while creating
a new report template (
a new report template (
Overview > Reporting > Report Templates
), no report fields are added to the
template. As a workaround, install and use Internet Explorer 10. (142950)
•
If you register a 3D9900 device running version Version 5.3.0.2 or earlier to a Defense Center
running Version 5.3.1.x or later, passive interfaces on the 3D9900 that are not in a security zone do
not generate intrusion events. (144171)
running Version 5.3.1.x or later, passive interfaces on the 3D9900 that are not in a security zone do
not generate intrusion events. (144171)
The following known issues were reported in previous releases:
•
If the system generates intrusion events with a
Destination Port/ICMP Code
of
0
, the Top 10 Destination
Ports section of the Intrusion Event Statistics page (
Overview > Summary > Intrusion Event Statistics
)
omits port numbers from the display. (125581)