Cisco Cisco Firepower Management Center 2000 發佈版本通知

FireSIGHT System Release Notes

Resolved Issues

: If you update the system to Version 6.0 from Version 5.4.0.5 or earlier, the system experiences issues processing traffic. If you 

plan on updating the system to Version 6.0, you must update the managed devices to at least Version 5.4.0.6 prior to updating to Version 6.0

Resolved Issues

You can track defects resolved in this release using the Cisco Bug Search Tool (

https://tools.cisco.com/bugsearch/

). A Cisco account is 

required. To view defects addressed in older versions, refer to the legacy caveat tracking system.

Issues Resolved in Version 5.4.0.6 and Version 5.4.1.5:


 Addressed multiple vulnerability issues in Linux, MYSQL, DNS, NTP, OpenSSL, and other third parties, as described 

in CVE-2013-1944, CVE-2013-4545, CVE-2014-0139, CVE-2014-9296, CVE-2015-0405, CVE-2015-0423, CVE-2015-0433, 
CVE-2015-0438, CVE-2015-0439, CVE-2015-0441, CVE-2015-0500, CVE-2015-0501, CVE-2015-0503, CVE-2015-0508, 
CVE-2015-1793, CVE-2015-2568, CVE-2015-2571, CVE-2015-2573, CVE-2015-2575, CVE-2015-6335, CVE-2015-7855, and 
CVE-2015-7871.



 Addressed an arbitrary script injection vulnerability allowing unauthenticated, remote attackers to exploit GNU C 

library DNS resolution functionality, as described in CVE-2013-7423.



Addressed multiple vulnerabilities in OpenSSL that allowed external attacks on client connections, as described in 

CVE-2014-8275 and CVE-2015-0204.



 Addressed multiple cross-site scripting (XSS) and arbitrary HTML injection vulnerabilities, including those described 

in CVE-2015-6353.



Addressed multiple vulnerability issues that generated denial of service in NTP, XML, OpenSSL, and other third parties 

as described in CVE-2015-7691, CVE-2015-7692, CVE-2015-7701, CVE-2015-7702, CVE-2015-7704, CVE-2015-7705, 
CVE-2015-7848, CVE-2015-7850, CVE-2015-7853.



Addressed multiple arbitrary script injection vulnerabilities allowing unauthenticated, remote attackers to exploit or 

overwrite functionality as described in CVE-2015-7703.



Addressed a vulnerability that allowed an authenticated user can access system files using path traversal as described 

in CVE-2015-7851.



Improved inspection of traffic tagged by Cisco Identity Service Engine (ISE). (143060/CSCze94478)



Resolved an issue where the memory usage health monitor erroneously generated false positives. (144593/CSCze94840)



Resolved an issue where, if you created an intrusion rule with the source IP set to !$HOME_NET and added the intrusion rule to an 
intrusion policy, then changed the rule state to Drop and Generate Events, the system does not allow you to save the intrusion policy. 
(CSCur53155)



Resolved an issue where the show traffic-statistics CLI command did not display data for the second interface of an inline pair on a 
virtual device. (CSCur59771)



Resolved an issue where the system generated excessive and extraneous logs in the system log (syslog). (CSCur75622)



Resolved an issue where, if you changed the selected time zone in the Time Zone Preference tab on the User Preferences page, the 
system did not reflect daylight savings time. (CSCur92028)



Syslog messages now populate information for the following fields: HTTP Referrer, User Agent, and Referenced Host. 
(CSCus18179)



Resolved an issue where the system included both raw HTTP packets and reassembled packets in event counts. (CSCus68893)



Resolved an issue where, if you applied an access control rule containing a network object or group that had been previously deleted 
from a primary or active Defense Center in a high availability configuration, the secondary or passive system did not recognize the 
network object or group as deleted and experienced issues. (CSCut54187)



The system only supports one normal IP address for virtual router interfaces on clustered Series 3 devices. (CSCut58601)