Cisco Cisco Firepower Management Center 2000
Firepower System Release Notes
Resolved Issues
The Install Update page appears.
Step 7
Select the devices where you want to install the update.
If you are updating a stacked pair, selecting one member of the pair automatically selects the other. You must update
members of a stacked pair together.
members of a stacked pair together.
Step 8
Click
Install
. Confirm that you want to install the update and reboot the devices.
Step 9
The update process begins. You can monitor the update's progress in the Firepower Management
Center’s task queue by clicking the System Status icon, then clicking the Tasks tab.
Center’s task queue by clicking the System Status icon, then clicking the Tasks tab.
Note that managed devices may reboot twice during the update; this is expected behavior.
Caution:
If you encounter issues with the update (for example, if the Message Center indicates that the update has
failed, or shows no progress on the update task for several minutes), do not restart the update. Instead, contact
Support.
Support.
Step 10
Select
Devices > Device Management
and confirm that the devices you updated have the correct software
version: Version 6.0.
Step 11
Verify that the appliances in your deployment are successfully communicating and that there are no
issues reported by the health monitor.
issues reported by the health monitor.
Step 12
Redeploy your configurations to all managed devices.
Deployment may cause a short pause in traffic flow and processing, and may also cause a few packets to pass
uninspected. For more information, see the Firepower Management Center User Guide.
uninspected. For more information, see the Firepower Management Center User Guide.
Step 13
If a patch for Version 6.0 is available on the Support site, apply the latest patch as described in the for
that version.
that version.
Resolved Issues
You can view defects resolved in this release using the Cisco Bug Search Tool (
https://tools.cisco.com/bugsearch/
). A
Cisco account is required.
The following issues are resolved in Version 6.0:
Security Issue
Addressed a cross-site request forgery (CSRF) vulnerability.
Security Issue
Addressed a vulnerability that allowed an authenticated user can access system files using path
traversal.
Security Issue
Addressed multiple cross-site scripting (XSS) vulnerabilities, including those described in
CVE-2015-0737, CVE-2015-4270, and CVE-2015-6353.
Security Issue
Addressed multiple cross-site scripting (XSS) and arbitrary HTML injection vulnerabilities including
those described in CVE-2015-0707.
Security Issue
Addressed multiple vulnerability issues in MYSQL, DNS, NTP, and OpenSSL as described in
CVE-2010-3614, CVE-2014-3569, CVE-2014-3570, CVE-2014-3572, CVE-2014-6568, CVE-2014-9293,
CVE-2014-9294, CVE-2014-9295, CVE-2014-9296, CVE-2014-9297, CVE-2014-9298, CVE-2015-0205,
CVE-2015-0287, CVE-2015-0292, CVE-2015-0374, CVE-2015-0381, CVE-2015-0382, CVE-2015-0385,
CVE-2015-0391, CVE-2015-0409, CVE-2015-0411, CVE-2015-0432, CVE-2015-0498, CVE-2015-0505,
CVE-2015-0506, CVE-2015-0507, CVE-2015-0511, CVE-2015-1798, CVE-2015-1799, CVE-2015-1499,
CVE-2015-2566, CVE-2015-2567, CVE-2015-3405, CVE-2015-3676.
CVE-2014-9294, CVE-2014-9295, CVE-2014-9296, CVE-2014-9297, CVE-2014-9298, CVE-2015-0205,
CVE-2015-0287, CVE-2015-0292, CVE-2015-0374, CVE-2015-0381, CVE-2015-0382, CVE-2015-0385,
CVE-2015-0391, CVE-2015-0409, CVE-2015-0411, CVE-2015-0432, CVE-2015-0498, CVE-2015-0505,
CVE-2015-0506, CVE-2015-0507, CVE-2015-0511, CVE-2015-1798, CVE-2015-1799, CVE-2015-1499,
CVE-2015-2566, CVE-2015-2567, CVE-2015-3405, CVE-2015-3676.
Security Issue
Addressed multiple vulnerability issues that generated denial of service in MYSQL, Linux, GNU C
Library, NTP, XML, OpenSSL, and other third parties as described in CVE-2009-0696, CVE-2011-1155,
CVE-2012-0876, CVE-2012-2807, CVE-2012-287, CVE-2012-3509, CVE-2012-3400, CVE-2012-3480,
CVE-2012-0876, CVE-2012-2807, CVE-2012-287, CVE-2012-3509, CVE-2012-3400, CVE-2012-3480,