Примечания к выпуску для Cisco Cisco Firepower Management Center 2000
22
FireSIGHT System Release Notes
Version 5.3.1.5
Known Issues
•
Resolved an issue where, if the system generated file events from the file traffic, the system
incorrectly truncated file event filenames with colons on several pages of the web interface.
(143666/CSCze94954)
incorrectly truncated file event filenames with colons on several pages of the web interface.
(143666/CSCze94954)
•
Resolved an issue where, if the system generated intrusion events matching a rule with a generator
ID (GID) other than 1 or 3, syslog alerts contained incorrect messages. (143725/CSCze94300)
ID (GID) other than 1 or 3, syslog alerts contained incorrect messages. (143725/CSCze94300)
•
Resolved an issue where, if you disabled any access control rules containing either an intrusion
policy or a variable set different from any enabled rules and the access control policy’s default
action, access control policy apply failed and the system experienced issues. (143870/CSCze94942)
policy or a variable set different from any enabled rules and the access control policy’s default
action, access control policy apply failed and the system experienced issues. (143870/CSCze94942)
•
Resolved an arbitrary injection vulnerability allowing unauthenticated, remote attackers to execute
commands via Bash. This addresses CVE-2014-6271 and CVE-2014-7169. For more information,
refer to the Cisco Security Advisory page at
commands via Bash. This addresses CVE-2014-6271 and CVE-2014-7169. For more information,
refer to the Cisco Security Advisory page at
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash
.
(144863/CSCze95512, 144942/CSCze95480, 144949/CSCze96202)
Issues Resolved in Version 5.3.1:
•
Resolved an issue where, in some cases, the intrusion event packet view displayed a rule message
that did not match the rule that generated the event. (138208/CSCze90592)
that did not match the rule that generated the event. (138208/CSCze90592)
•
Resolved an issue where you could not import an intrusion rule that referenced a custom variable.
(138211/CSCze90499)
(138211/CSCze90499)
•
Resolved an issue where enabling telnet on a Cisco IOS Null Route remediation module and
configuring the username for the Cisco IOS instance to enable by default on the Cisco IOS router
caused Cisco IOS Null Route remediations to fail on the Defense Center. (139506/CSCze91607)
configuring the username for the Cisco IOS instance to enable by default on the Cisco IOS router
caused Cisco IOS Null Route remediations to fail on the Defense Center. (139506/CSCze91607)
•
Resolved an issue where the system did not prevent you from creating a network variable with an
excluded network value that excluded all (any) networks. (139510/CSCze91770)
excluded network value that excluded all (any) networks. (139510/CSCze91770)
Known Issues
The following known issues are reported in Version 5.3.1.5:
•
Security Issue
Addressed a vulnerability in HTTP connection handling that allowed users to be
redirected to malicious websites, as described in CVE-2015-0706.
•
Security Issue
Addressed multiple vulnerability issues in Linux and other third parties, as described
in CVE-2011-1927, CVE-2012-2744. and CVE-2015-1781.
•
Security Issue
Addressed a cross-site scripting (XSS) vulnerability, as described in
CVE-2015-0707.
•
In some cases, if you create a new report template on the Report Templates page (
Overview > Reporting
> Report Templates
) with a static time window, the system may not correctly save the time range.
(CSCur61984)
•
If you reapply an active access control policy to an ASA FirePOWER module without editing the
policy, policy apply fails. (CSCuu14839)
policy, policy apply fails. (CSCuu14839)
•
If you experience an error or a failure while updating an appliance from Version 5.3.1 to Version
5.3.1.4 or later, contact Support. (CSCuu54653)
5.3.1.4 or later, contact Support. (CSCuu54653)
•
If you apply an access control policy set to Block on an ASA FirePOWER device, the system
incorrectly resets the session. (CSCuu60713)
incorrectly resets the session. (CSCuu60713)