Cisco Cisco Firepower Management Center 2000
20
FireSIGHT System Release Notes
Version 5.3.1.3
Known Issues
•
Improved the stability of the SMB and DCE/RPC preprocessor. (142199/CSCze93232)
•
Resolved an issue where, if you edited an access control policy and policy apply failed, the policy
changes from the attempted policy apply were not restored to the previously applied policy.
(142907/CSCze94256)
changes from the attempted policy apply were not restored to the previously applied policy.
(142907/CSCze94256)
•
Resolved a third-party vulnerability in Java to address the following CVEs: CVE-2014-0429,
CVE-2013-5907, CVE-2013-5782, CVE-2013-5830, CVE-2013-1537, CVE-2013-0437,
CVE-2013-1478, CVE-2013-1480, CVE-2012-5083, CVE-2012-1531, CVE-2012-1713,
CVE-2014-0385, CVE-2013-5802, CVE-2013-2461, CVE-2013-2467, CVE-2013-2407,
CVE-2014-0460, CVE-2014-0423, CVE-2013-5905, CVE-2013-5906, CVE-2014-4264,
CVE-2013-6954, CVE-2013-6629, CVE-2013-5825, CVE-2013-4002, CVE-2013-5823,
CVE-2013-2457, CVE-2013-0440, CVE-2013-5780, CVE-2014-4244, CVE-2014-4263,
CVE-2014-0453, CVE-2014-0411, CVE-2013-0443, CVE-2013-2451, CVE-2013-5803,
CVE-2013-2415, CVE-2013-1489, CVE-2012-5085. (143620/CSCze94657)
CVE-2013-5907, CVE-2013-5782, CVE-2013-5830, CVE-2013-1537, CVE-2013-0437,
CVE-2013-1478, CVE-2013-1480, CVE-2012-5083, CVE-2012-1531, CVE-2012-1713,
CVE-2014-0385, CVE-2013-5802, CVE-2013-2461, CVE-2013-2467, CVE-2013-2407,
CVE-2014-0460, CVE-2014-0423, CVE-2013-5905, CVE-2013-5906, CVE-2014-4264,
CVE-2013-6954, CVE-2013-6629, CVE-2013-5825, CVE-2013-4002, CVE-2013-5823,
CVE-2013-2457, CVE-2013-0440, CVE-2013-5780, CVE-2014-4244, CVE-2014-4263,
CVE-2014-0453, CVE-2014-0411, CVE-2013-0443, CVE-2013-2451, CVE-2013-5803,
CVE-2013-2415, CVE-2013-1489, CVE-2012-5085. (143620/CSCze94657)
•
Resolved an issue where, if the system generated file events from the file traffic, the system
incorrectly truncated file event filenames with colons on several pages of the web interface.
(143666/CSCze94954)
incorrectly truncated file event filenames with colons on several pages of the web interface.
(143666/CSCze94954)
•
Resolved an issue where, if the system generated intrusion events matching a rule with a generator
ID (GID) other than 1 or 3, syslog alerts contained incorrect messages. (143725/CSCze94300)
ID (GID) other than 1 or 3, syslog alerts contained incorrect messages. (143725/CSCze94300)
•
Resolved an issue where, if you disabled any access control rules containing either an intrusion
policy or a variable set different from any enabled rules and the access control policy’s default
action, access control policy apply failed and the system experienced issues. (143870/CSCze94942)
policy or a variable set different from any enabled rules and the access control policy’s default
action, access control policy apply failed and the system experienced issues. (143870/CSCze94942)
•
Resolved an arbitrary injection vulnerability allowing unauthenticated, remote attackers to execute
commands via Bash. This addresses CVE-2014-6271 and CVE-2014-7169. For more information,
refer to the Cisco Security Advisory page at
commands via Bash. This addresses CVE-2014-6271 and CVE-2014-7169. For more information,
refer to the Cisco Security Advisory page at
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash
.
(144863/CSCze95512, 144942/CSCze95480, 144949/CSCze96202)
Issues Resolved in Version 5.3.1:
•
Resolved an issue where, in some cases, the intrusion event packet view displayed a rule message
that did not match the rule that generated the event. (138208/CSCze90592)
that did not match the rule that generated the event. (138208/CSCze90592)
•
Resolved an issue where you could not import an intrusion rule that referenced a custom variable.
(138211/CSCze90499)
(138211/CSCze90499)
•
Resolved an issue where enabling telnet on a Cisco IOS Null Route remediation module and
configuring the username for the Cisco IOS instance to enable by default on the Cisco IOS router
caused Cisco IOS Null Route remediations to fail on the Defense Center. (139506/CSCze91607)
configuring the username for the Cisco IOS instance to enable by default on the Cisco IOS router
caused Cisco IOS Null Route remediations to fail on the Defense Center. (139506/CSCze91607)
•
Resolved an issue where the system did not prevent you from creating a network variable with an
excluded network value that excluded all (any) networks. (139510/CSCze91770)
excluded network value that excluded all (any) networks. (139510/CSCze91770)
Known Issues
The following known issues are reported in Version 5.3.1.3:
•
You cannot reset the password for the
admin
user on a ASA5585-X device. (CSCus17991)
•
In some cases, managed devices stop processing traffic when the Defense Center updates a large
security intelligence feed referenced in an access control policy during a policy apply. As a
workaround, reapply the policies containing security intelligence feeds. (CSCus19921)
security intelligence feed referenced in an access control policy during a policy apply. As a
workaround, reapply the policies containing security intelligence feeds. (CSCus19921)