Cisco Cisco Firepower Management Center 2000
22
FireSIGHT System Release Notes
Version 5.3.1.6
Resolved Issues
•
Resolved an issue where, in rare cases, the system did not generate a health alert when reapplying
device configuration failed. (141625/CSCze93130, 141628/CSCze93009)
device configuration failed. (141625/CSCze93130, 141628/CSCze93009)
•
Resolved an issue where, one or more unresponsive detection resources on a managed device after
installing an update of the vulnerability database (VDB) caused system issues.
(141758CSCze93100)
installing an update of the vulnerability database (VDB) caused system issues.
(141758CSCze93100)
•
Resolved an issue where, in rare cases, the system triggered an alert on the first data packet of a TCP
session from a server in which the egress interface would not be recorded. (141817/CSCze93047)
session from a server in which the egress interface would not be recorded. (141817/CSCze93047)
•
Resolved an issue where, in rare cases, applying multiple access control policies caused system
issues and high unmanaged disk usage health alerts. (141830/CSCze92990)
issues and high unmanaged disk usage health alerts. (141830/CSCze92990)
•
Resolved a third-party vulnerability in OpenSSL to address CVE-2-014-0224.
(141901/CSCze93310)
(141901/CSCze93310)
•
Improved the stability of the SMB and DCE/RPC preprocessor. (142199/CSCze93232)
•
Resolved an issue where, if you edited an access control policy and policy apply failed, the policy
changes from the attempted policy apply were not restored to the previously applied policy.
(142907/CSCze94256)
changes from the attempted policy apply were not restored to the previously applied policy.
(142907/CSCze94256)
•
Resolved a third-party vulnerability in Java to address the following CVEs: CVE-2014-0429,
CVE-2013-5907, CVE-2013-5782, CVE-2013-5830, CVE-2013-1537, CVE-2013-0437,
CVE-2013-1478, CVE-2013-1480, CVE-2012-5083, CVE-2012-1531, CVE-2012-1713,
CVE-2014-0385, CVE-2013-5802, CVE-2013-2461, CVE-2013-2467, CVE-2013-2407,
CVE-2014-0460, CVE-2014-0423, CVE-2013-5905, CVE-2013-5906, CVE-2014-4264,
CVE-2013-6954, CVE-2013-6629, CVE-2013-5825, CVE-2013-4002, CVE-2013-5823,
CVE-2013-2457, CVE-2013-0440, CVE-2013-5780, CVE-2014-4244, CVE-2014-4263,
CVE-2014-0453, CVE-2014-0411, CVE-2013-0443, CVE-2013-2451, CVE-2013-5803,
CVE-2013-2415, CVE-2013-1489, CVE-2012-5085. (143620/CSCze94657)
CVE-2013-5907, CVE-2013-5782, CVE-2013-5830, CVE-2013-1537, CVE-2013-0437,
CVE-2013-1478, CVE-2013-1480, CVE-2012-5083, CVE-2012-1531, CVE-2012-1713,
CVE-2014-0385, CVE-2013-5802, CVE-2013-2461, CVE-2013-2467, CVE-2013-2407,
CVE-2014-0460, CVE-2014-0423, CVE-2013-5905, CVE-2013-5906, CVE-2014-4264,
CVE-2013-6954, CVE-2013-6629, CVE-2013-5825, CVE-2013-4002, CVE-2013-5823,
CVE-2013-2457, CVE-2013-0440, CVE-2013-5780, CVE-2014-4244, CVE-2014-4263,
CVE-2014-0453, CVE-2014-0411, CVE-2013-0443, CVE-2013-2451, CVE-2013-5803,
CVE-2013-2415, CVE-2013-1489, CVE-2012-5085. (143620/CSCze94657)
•
Resolved an issue where, if the system generated file events from the file traffic, the system
incorrectly truncated file event filenames with colons on several pages of the web interface.
(143666/CSCze94954)
incorrectly truncated file event filenames with colons on several pages of the web interface.
(143666/CSCze94954)
•
Resolved an issue where, if the system generated intrusion events matching a rule with a generator
ID (GID) other than 1 or 3, syslog alerts contained incorrect messages. (143725/CSCze94300)
ID (GID) other than 1 or 3, syslog alerts contained incorrect messages. (143725/CSCze94300)
•
Resolved an issue where, if you disabled any access control rules containing either an intrusion
policy or a variable set different from any enabled rules and the access control policy’s default
action, access control policy apply failed and the system experienced issues. (143870/CSCze94942)
policy or a variable set different from any enabled rules and the access control policy’s default
action, access control policy apply failed and the system experienced issues. (143870/CSCze94942)
•
Resolved an arbitrary injection vulnerability allowing unauthenticated, remote attackers to execute
commands via Bash. This addresses CVE-2014-6271 and CVE-2014-7169. For more information,
refer to the Cisco Security Advisory page at
commands via Bash. This addresses CVE-2014-6271 and CVE-2014-7169. For more information,
refer to the Cisco Security Advisory page at
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash
.
(144863/CSCze95512, 144942/CSCze95480, 144949/CSCze96202)
Issues Resolved in Version 5.3.1:
•
Resolved an issue where, in some cases, the intrusion event packet view displayed a rule message
that did not match the rule that generated the event. (138208/CSCze90592)
that did not match the rule that generated the event. (138208/CSCze90592)
•
Resolved an issue where you could not import an intrusion rule that referenced a custom variable.
(138211/CSCze90499)
(138211/CSCze90499)
•
Resolved an issue where enabling telnet on a Cisco IOS Null Route remediation module and
configuring the username for the Cisco IOS instance to enable by default on the Cisco IOS router
caused Cisco IOS Null Route remediations to fail on the Defense Center. (139506/CSCze91607)
configuring the username for the Cisco IOS instance to enable by default on the Cisco IOS router
caused Cisco IOS Null Route remediations to fail on the Defense Center. (139506/CSCze91607)