Cisco Cisco Catalyst 6500 Series 7600 Series ASA Services Module 發佈版本通知
1
Cisco Systems, Inc.
www.cisco.com
Release Notes for the Cisco ASA Series,
Version 9.3(x)
Version 9.3(x)
First Published: July 24, 2014
Last Updated: July 12, 2016
Last Updated: July 12, 2016
This document contains release information for Cisco ASA software Version 9.3(x).
Important Notes
Cisco ASA Clientless SSL VPN Portal Customization Integrity Vulnerability—Multiple vulnerabilities have been fixed
for clientless SSL VPN in ASA software, so you should upgrade your software to a fixed version. See
for clientless SSL VPN in ASA software, so you should upgrade your software to a fixed version. See
for details about
the vulnerability and a list of fixed ASA versions. Also, if you ever ran an earlier ASA version that had a vulnerable
configuration, then regardless of the version you are currently running, you should verify that the portal customization
was not compromised. If an attacker compromised a customization object in the past, then the compromised object
stays persistent after you upgrade the ASA to a fixed version. Upgrading the ASA prevents this vulnerability from
being exploited further, but it will not modify any customization objects that were already compromised and are still
present on the system.
configuration, then regardless of the version you are currently running, you should verify that the portal customization
was not compromised. If an attacker compromised a customization object in the past, then the compromised object
stays persistent after you upgrade the ASA to a fixed version. Upgrading the ASA prevents this vulnerability from
being exploited further, but it will not modify any customization objects that were already compromised and are still
present on the system.
The ASA 5505 is not supported in this release or later. ASA Version 9.2 was the final release for the ASA 5505.
Windows NT AAA server was deprecated—In ASA Version 9.3, the Windows NT AAA server is no longer supported.
(9.3(2) and later) SSLv3 deprecation and SSL server version default change—SSLv3 is now deprecated. The default
for the ssl server-version command is now tlsv1 instead of any. If you configure any, sslv3, or sslv3-only, the
command is accepted with a warning. In the next major ASA release, these keywords will be removed from the ASA.
for the ssl server-version command is now tlsv1 instead of any. If you configure any, sslv3, or sslv3-only, the
command is accepted with a warning. In the next major ASA release, these keywords will be removed from the ASA.
ASA CX module upgrade requirements—For ASA Version 9.3(2) and later, only ASA CX Version 9.3.2.1 and later is
supported. When upgrading your ASA, first upgrade the ASA CX software; otherwise the ASA CX module will
become unresponsive.
supported. When upgrading your ASA, first upgrade the ASA CX software; otherwise the ASA CX module will
become unresponsive.
System Requirements
For information about ASA/ASDM software and hardware requirements and compatibility, including module compatibility,
see
see