Cisco Cisco Firepower Management Center 2000
20
FireSIGHT System Release Notes
Resolved Issues
13.
Reapply access control policies to all managed devices.
Caution:
When you apply an access control policy, resource demands may result in a small number of packets
dropping without inspection. Additionally, applying some configurations requires the Snort process to restart, which
interrupts traffic inspection. Whether traffic drops during thei inlterruption or passes without further inspection
depends on the model of the managed device and how it handles traffic.For more information, see the
Configurations that Restart the Snort Process section in the FireSIGHT System User Guide.
interrupts traffic inspection. Whether traffic drops during thei inlterruption or passes without further inspection
depends on the model of the managed device and how it handles traffic.For more information, see the
Configurations that Restart the Snort Process section in the FireSIGHT System User Guide.
14.
If a patch for Version 5.4.0.7 is available on the Support site, apply the latest patch as described in the FireSIGHT
System Release Notes for that version.
System Release Notes for that version.
You must update to the latest patch to take advantage of the latest enhancements and security fixes.
Resolved Issues
You can track defects resolved in this release using the Cisco Bug Search Tool (
https://tools.cisco.com/bugsearch/
). A
Cisco account is required. To view defects addressed in older versions, refer to the legacy caveat tracking system.
Issues Resolved in Version 5.4.0.7 and Version 5.4.1.6:
Security Issue
Addressed an arbitrary script injection vulnerability allowing unauthenticated, remote attackers to
remote attackers to exploit GNU libc or libpng, as described in CVE-2014-7547 and CVE-2015-8126.
Security Issue
Addressed a vulnerability issue that generated denial of service in GNU utilities, as described in
CVE-2015-7547.
Security Issue
Addressed a cross-site scripting (XSS) and arbitrary HTML injection vulnerabilities, as described in
CVE-2015-0737.
Security Issue
Addressed an arbitrary HTTP header injection vulnerability allowing unauthenticated, remote
attackers to exploit managed devices as described in CVE-2016-1345.
Resolved an issue where, if you generated an intrusion even performance graph with Last Hour set as the time
range, the system incorrectly generated a blank graph. (145237/CSCze95774)
range, the system incorrectly generated a blank graph. (145237/CSCze95774)
Resolved an issue where updating the vulnerability database (VDB) on a paired Defense Center incorrectly switched
the peer of the pair from active to standby and from standby to active when it should not. (CSCur59343)
the peer of the pair from active to standby and from standby to active when it should not. (CSCur59343)
Resolved an issue where, if you configured Open Shortest Path First (OSPF) in the Dynamic Routing tab of the Virtual
router page (Devices > Devices Management > Virtual routers > Dynamic Routing) and added an Area, then
changed the value of the Cost column and deployed changes, the system did not update the OSPF. (CSCus31735)
router page (Devices > Devices Management > Virtual routers > Dynamic Routing) and added an Area, then
changed the value of the Cost column and deployed changes, the system did not update the OSPF. (CSCus31735)
Resolved an issue where Snort generated reporting statistics at inconsistently intervals. (CSCus42306)
Resolved an issue where, if you created an access control rule configured with an Interactive Block action and you
viewed a blocked web page in a Chrome web browser, the Continue button to bypass the block page did not work.
(CSCuu53237, CSCuv21748)
viewed a blocked web page in a Chrome web browser, the Continue button to bypass the block page did not work.
(CSCuu53237, CSCuv21748)
Resolved an issue where creating a search for an intrusion event with an original client IP using a negated subnet IP
address caused the system to incorrectly exclude intrusion events with no original client IP. (CSCuu68438)
address caused the system to incorrectly exclude intrusion events with no original client IP. (CSCuu68438)
Resolved an issue where you could not manually set the time zone on an ASA FirePOWER module managed by
ASDM. (CSCuu70250)
ASDM. (CSCuu70250)
Resolved an issue where internal CA certificates generated on the Object Management page (Objects > Object
Management > PKI) remained valid for 30 days when they should be valid for ten years. (CSCuv29004)
Management > PKI) remained valid for 30 days when they should be valid for ten years. (CSCuv29004)
Resolved an issue where, if you deployed an SSL policy and enabled SSL decryption, the system experienced a
disruption in traffic after a few hours of decrypting SSL traffic. (CSCux75036)
disruption in traffic after a few hours of decrypting SSL traffic. (CSCux75036)