Cisco Cisco Firepower Management Center 2000 發佈版本通知

Firepower System Release Notes

Resolved Issues

Click Upload.

Optionally, run a readiness check on the ASA FirePOWER module

 as described in 

.

 If you encounter issues with the readiness check that you cannot resolve, do not begin the update. Instead, contact Support.

Select Monitoring > ASA FirePOWER Monitoring > Task Status to view the task queue and make sure that there are no jobs in process.

Tasks that are running when the update begins are stopped and cannot be resumed; you must manually delete them from the task queue after 
the update completes. The task queue automatically refreshes every 10 seconds. You must wait until any long-running tasks are complete before 
you begin the update.

Select Configuration > ASA FirePOWER Configuration > Updates.

Click the install icon next to the update you uploaded.

The update process begins. You can begin monitoring the update’s progress in the task queue.

After the update finishes, reconnect ASDM to the ASA device as described in the ASA Firepower Module Quick Start Guide.

Access the ASA FirePOWER module interface and refresh the page. Otherwise, the interface may exhibit unexpected behavior. If you are the 
first user to access the interface after a major update, the End User License Agreement (EULA) may appear. You must review and accept the 
EULA to continue.

If the intrusion rule update available on the Support site is newer than the rule set on your 

ASA FirePOWER module, import the newer rule 

set. Do not auto-apply the imported rules when working with Version 6.1.0.

For more information, see the ASA with FirePOWER Services Local Management Configuration Guide.

If the VDB available on the Support site is newer than the VDB installed during the update, install the latest VDB. Do not auto-deploy VDB 
updates when working with Version 6.1.0.

Installing a VDB update restarts the Snort process when you deploy configuration changes, temporarily interrupting traffic inspection. Whether 
traffic drops during this interruption or passes without further inspection depends on the model of the managed device and how it handles 
traffic. 

For more information, see the ASA with FirePOWER Services Local Management Configuration Guide.

Deploy configuration changes.

When you deploy, resource demands may result in a small number of packets dropping without inspection. Additionally, deploying some 
configurations requires the Snort process to restart, temporarily interrupting traffic inspection. Whether traffic drops during this interruption 
or passes without further inspection depends on the model of the managed device and how it handles traffic. For more information, see the ASA 
with FirePOWER Services Local Management Configuration Guide.

If a later patch is available on the Support site, update to the latest patch as described in the Firepower System Release Notes for that version. 
You must update to the latest patch to take advantage of product enhancements and security fixes.

Resolved Issues

If you have a Cisco account, you can view defects resolved in this release using the Cisco Bug Search Tool:

 https://tools.cisco.com/bugsearch/

. 

The following defects are resolved in Version 6.1.0:



Addressed multiple cross-site scripting (XSS) vulnerabilities, as described in CVE-2015-4270 and CVE-2016-1294.



Addressed multiple vulnerabilities within the third party OpenSSL, as described in CVE-2015-3193, CVE-2015-3194, 

CVE-2015-3195, CVE-2015-3196, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, and 
CVE-2016-2176.



Addressed multiple vulnerabilities within the third party Open SSH, as described in CVE-2015-5600, CVE-2015-6565, 

CVE-2016-0777, and CVE-2016-0778.