Cisco Secure Firewall Threat Defense Virtual 7.4.2 - 思科下一代防火墙虚拟设备 (FTDv)
Cisco Secure Firewall Threat Defense Virtual 7.4.2 - 思科下一代防火墙虚拟设备 (FTDv)
Firepower Threat Defense (FTD) Software
请访问原文链接:https://sysin.org/blog/cisco-firepower-7/,查看最新版。原创作品,转载请保留出处。
为什么选择 Cisco Secure 防火墙?
Cisco Secure 防火墙为行业最完善和开放的安全平台提供基础支持。
保护网络免受日益复杂的威胁入侵,需要业界领先的情报和始终如一、无处不在的保护。借助 Cisco Secure 防火墙,立即改善安全状况。
新增功能
Resolved Bugs in Version 7.4.2
Table last updated: 2024-07-31
- Bug ID: Headline
- CSCvk60075: FMC HA synchronisation task failures should generate alarms
- CSCvx37329: Remove Syslog Messages 852001 and 852002 in Firewall Threat Defense
- CSCwb02701: FXOS does not retry NTP sync with servers
- CSCwb03293: IKEv2 debugs: Received Policies and Expected Policies are empty
- CSCwc28334: Cisco ASA and FTD Software RSA Private Key Leak Vulnerability
- CSCwc31953: Prevention of RSA private key leaks regardless of root cause.
- CSCwc33025: mgmt interface taking long time to come up and causing cluster registration issues
- CSCwc70142: Deleting a routed mode Etherchannel interface changes member interfaces to switch port mode
- CSCwc73773: FMC 7.0.2 Deployment error message is irrelevant | Deployment Failed due to configuration error
- CSCwc76419: Unnecessary FAN error logs needs to be removed from thermal file
- CSCwd39442: ssl policy errors: Unable to get server certificate's internal cached status
- CSCwd67100: ASA traceback and reload on Datapath process
- CSCwd80492: Device Management Applied Policies Widget Defaulting to classic theme when editting
- CSCwe02012: ASA/FTD may traceback and reload in Thread Name 'lina'
- CSCwe11124: ENH: Combine firmware bundle packages into FXOS MIO update packages
- CSCwe18462: ASA/FTD: Improve GTP Inspection Logging
- CSCwe18467: ASA/FTD: GTP Inspection engine serviceability
- CSCwe42986: Classic and Unified Events should handle cases when SMC is unreachable
- CSCwe47485: FTD: CLISH slowness due to command execution locking LINA prompt
- CSCwe79990: Cisco-Intelligence-Feed - Failed to download due to timeout
- CSCwe86964: Consul and Consul Enterprise allowed an authenticated user with service:
- CSCwe91008: Snort3 is crashing frequently on cd_pdts.so
- CSCwe93925: Deployment fails to FTD when reusing/reassigning existing vlan id to diff interface
- CSCwe96560: Cannot copy rules from one policy to another policy using the new AC policy UI
- CSCwe97939: ASA/FTD Cluster: Change "cluster replication delay" with max value increase from 15 to 50 sec
- CSCwf01954: FTD: ADI.conf - send_s2s_vpn_events is set to 0, even after applying s2s vpn health policy
- CSCwf16001: HashiCorp Vault's implementation of Shamir's secret sharing used precomp
- CSCwf17314: FMC deploy logs rotating faster because of /internal_rest_api/accesscontrol/rapplicationsavailable
- CSCwf26599: Error loading data in NAT page - When unused port object is used
- CSCwf27458: AC policy change is not reflected in instance page on edit
- CSCwf39108: Firewall rings may get stuck and cause packet loss when asp load-balance per-packet auto is used
- CSCwf47646: show version system prints errors about PM_Control.sock
- CSCwf59529: Identity Policy Active auth snort3 redirect hostname doesn't list all FQDN objects\u0009
- CSCwf61280: Failing to dowload FTD image via SAML SSO login
- CSCwf75694: ASA - The GTP inspection dropped the message 'Delete PDP Context Response' due to an invalid TEID=0
- CSCwf84318: ASA/FTD traceback and reload on thread DATAPATH
- CSCwf99303: Management UI presents self-signed cert rather than custom CA signed one after upgrade
- CSCwh12120: Incorrect exit interface choose for VTI traffic next-hop
- CSCwh16759: SNMP is not working on the primary active ASA unit in multi-context environment
- CSCwh19613: ASA crashed with Saml scenarios
- CSCwh22888: FXOS: Remove enforcement of blades going into degraded state after multiple DIMM correctable errors
- CSCwh29276: ASA: Traceback and reload when switching from single to multiple mode
- CSCwh30257: snort3 crashes observed due to memory corruption in file api
- CSCwh30346: ASA/FTD: 1 Second failover delay for each NLP NAT rule
- CSCwh34836: Getting an exception on the UI while editing and saving the intrusion policy
- CSCwh41606: Extensive logging for a problematic deployment caused logs to rollover important logs
- CSCwh43230: Strong Encryption license is not getting applied to ASA firewalls in HA.
- CSCwh43945: FTD/ASA traceback and reload may occur when ssl packet debugs are enabled
- CSCwh46657: Save button disabled when updating ZTNA policy
- CSCwh47053: ASA/FTD may traceback and reload in Thread Name 'dns_cache_timer'
- CSCwh47732: Vulnerabilities in linux-kernel 5.10.79 CVE-2023-3111 and others
- CSCwh51872: Message asa_log_client exited 1 time(s) seen multiple times
- CSCwh57814: The html/template package does not apply the proper rules for handling o
- CSCwh57976: Improve CPU utilization in ssl inspection for supported signature algorithm handling
- CSCwh58190: FMC Deployment failure in csm_snapshot_error
- CSCwh58467: ASA does not sent 'warmstart' snmp trap
- CSCwh58490: FMC Deployment failed due to internal errors after upgrade
- CSCwh60504: LINA would randomly generate a traceback and reload on FPR-1K
- CSCwh60971: NAT pool is not working properly despite is not reaching the 32k object ID limit.
- CSCwh61832: FDM: Allow turn on/off GSP mempool polling via Flexconfig
- CSCwh62731: FTD Upgrade from 6.6.5 to 7.2.5 removing OGS causing rule expansion on boot
- CSCwh65128: LINA show tech-support fails to generate as part of sf_troubleshoot.pl (Troubleshoot file)
- CSCwh68068: Firepower WCCP router-id changes randomly when VRFs are configured
- CSCwh69843: WM DT - ASA in transparent mode doesn't send equal IPv6 Router Advertisement packets to all nodes
- CSCwh71235: A flaw was found in QEMU. The async nature of hot-unplug enables a rac
- CSCwh71611: ENH: FMC - Ability to Filter Security Zone in Interface Drop Down Selection
- CSCwh71665: ASA traceback under match_partial_keyword during CPU profiling
- CSCwh72070: Reload takes forever when reload command is issued on the lina prompt when devices are on HA
- CSCwh75829: FMC Primary disk degraded error
- CSCwh75927: In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a
- CSCwh79546: No error message is given when deleting object referred in new object created in another ticket
- CSCwh83021: ASA/FTD HA pair EIGRP routes getting flushed after failover
- CSCwh83254: ASA/FTD: Traceback and reload on thread name CP Crypto Result Processing
- CSCwh83854: Cannot configure Correlation rule because there are no values for GID that exceed 2000
- CSCwh84376: In FPR4200/FPR3100-cluster observed core file ?core.lina? observed on device reboot.
- CSCwh84610: Disconnecting RA VPN users from the FMC gui fails.
- CSCwh84647: Backup restore: silent failure when the device managed locally
- CSCwh87058: FTD: Internal certificate generation results to certificate and private key mismatch
- CSCwh88150: Need ability to configure SSH public key auth without using root shell
- CSCwh89835: FMC plain-text passwords for radius server and certificate passphrase
- CSCwh91574: FTD: Traceback in threadname cli_xml_request_process
- CSCwh92345: crypto_archive file generated after the software upgrade.
- CSCwh92541: Random FTD snort3 traceback
- CSCwh93710: Last Rule hit shows a hex value ahead of current time in ASA and ASDM
- CSCwh94201: An issue was discovered in drivers/net/ethernet/intel/igb/igb_main.c i
- CSCwh95003: Init process spikes to 100% CPU usage after a failed backup
- CSCwh95010: Unexpected traceback on thread name Lina and device experienced reboot
- CSCwh95025: GTP connections, under certain circumstances do not get cleared on issuing clear conn.
- CSCwh95443: Datapath hogs causing clustering units to get kicked out of the cluster
- CSCwh96055: Management DNS Servers may be unreacheable if data interface is used as the gateway
- CSCwh99331: syslog not generated "ASA-3-202010: NAT pool exhausted" while passing traffic from iLinux to oLinux
- CSCwh99398: ASA/FTD may traceback and reload in Thread Name 'DATAPATH-34-17852'
- CSCwi01073: Event search with URL object ${example} is displaying no results
- CSCwi01085: FTD VMWare tracebacks at PTHREAD-3587
- CSCwi01381: ASA/FTD may traceback and reload in Thread Name 'lina'
- CSCwi01895: Connection drops during file transfers due to HeartBeat failures
- CSCwi01981: Thirty-day automatic upgrade revert-info deletion is not resilient to communication failures
- CSCwi02039: FMC clean_revert_backup script fails silently without creating any logs
- CSCwi02134: FTD sends multiple replicated NetFlow records for the same flow event
- CSCwi02599: SSX Eventing continues to go to old tenant upon FTD migration to CDO.
- CSCwi02754: FTD 1120 standby sudden reboot
- CSCwi02919: SNMP Unresponsive when snmp-server host specified
- CSCwi03407: Traceback on FP2140 without any trigger point.
- CSCwi04021: Daily Change Reconciliation Report Randomly Generating Reports with the same time periods
- CSCwi04351: FTD upgrade failling on script 999_finish/999_zz_install_bundle.sh
- CSCwi06690: Certificate Encoding Issue when using AnyConnect cert Authentication/Authorisation
- CSCwi06797: ASA/FTD traceback and reload on thread DATAPATH
- CSCwi08374: FMC backup fails with "Registration Blocking" failure caused by DCCSM issues
- CSCwi11520: FTD OSPFV3 IPV6 Routing: FTD is sending unsupported extended LSA request to neighbor routers
- CSCwi12388: HTTP/2 Rapid Reset Attack Affecting Cisco Products: October 2023 - Golang
- CSCwi12772: ASA cluster traceback Thread Name: DATAPATH-8-17824
- CSCwi13062: Debug messages seen on console on executing show tech-support fprm detail
- CSCwi13134: Hardware bypass not working as expected in FP3140
- CSCwi13223: Source of the VTI interface is getting empty
- CSCwi15409: ASA/FTD - may traceback and reload in Thread Name 'Unicorn Proxy Thread'
- CSCwi15595: ASA traceback and reload during ACL configuration modification
- CSCwi16034: FMC does not generate email health notifications for Database Integrity Check failures.
- CSCwi17193: CP Session Handling for per site auth is inaccurate for Cluster break and join scenarios
- CSCwi17496: Error Text is repeated twice for Interface config if pool range is less than Cluster Nodes plus 1
- CSCwi18581: Firewall traceback and reload due to SSH thread
- CSCwi18663: FMC-4600: Pre-Filter policy is showing as none
- CSCwi19015: ASA/FTD may traceback and reload in Thread Name 'DATAPATH-13-6022'
- CSCwi19485: Fail open snort-down is off in inline pairs despite it being enabled and deployed from FMC
- CSCwi19849: VPN load-balancing cluster encryption using Phase 2 deprecated ciphers
- CSCwi20045: ASA/FTD may traceback and reload in Thread Name 'lina' due to a watchdog in 9.16.3.23 code
- CSCwi20848: ASA/FTD high memory usage due to SNMP caused by RAVPN OID polling
- CSCwi20955: FTD with may traceback in data-path during deployment when enabling TAP mode
- CSCwi21625: FailSafe admin password is not properly sync'd with system context enable pw
- CSCwi23545: HA CP clients statistics doesn't show actual Tx/Rx and Reliable Tx/Rx
- CSCwi23964: Python 3.x through 3.10 has an open redirection vulnerability in lib/h
- CSCwi24004: Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.Th
- CSCwi24021: An issue was discovered in the Linux kernel before 6.5.9, exploitable
- CSCwi24027: A use-after-free vulnerability was found in drivers/nvme/target/tcp.c`
- CSCwi24032: A heap out-of-bounds write vulnerability in the Linux kernel's Linux K
- CSCwi24368: Standby manager addition is failed on Primary FMC due to previous entries in table
- CSCwi24370: Stale HA transactions need to be moved to failed and subsequent HA transaction needs to be created
- CSCwi24461: Device/port-channel goes down with a core generated for portmanager
- CSCwi24814: In FIPS mode, External auth with TLS config enabled, CLI logins are not working (FMC & FTDs)
- CSCwi25842: FMC Analysis Vulnerabilities error "Unable to process this query. Please try the query again."
- CSCwi26064: ASA : Modifying a route-map in one context affects other contexts
- CSCwi26895: ASA SNMP OID cpmCPUTotalPhysicalIndex returning zero values instead of CPU index values
- CSCwi27338: Stale asp entry for TCP 443 remains on standby after changing default port
- CSCwi28645: User assigned to a read only custom role is not able to view content of intrusion policy for snort2
- CSCwi29538: EIGRP migration failed using 'FlexConfig Policiies' script failed generating database corruption
- CSCwi29934: Cisco FXOS Software Link Layer Discovery Protocol Denial of Service Vulnerability
- CSCwi30843: Error Fetching Data in Exclude Policy Page when non permanent exclude periods are selected
- CSCwi31008: Deployment stuck on FMC when device goes down during deploy and doesn't boot up
- CSCwi31480: Alert: Decommission failed, reason: Internal error is not cleared from FCM or CLI after acknowledge
- CSCwi31558: file-extracts.logs are not recognised by the diskmanager leading to High disk space
- CSCwi31563: cdFMC: Table View of Rule Update Import Log UI is throwing error, unable to check SRU update log
- CSCwi31766: PSU fan shows critical in show environment output while operating normally
- CSCwi31966: FTD ADI debugs may show incorrect server_group and/or realm_id for SAML-authenticated sessions
- CSCwi32063: ASA/FTD: SSL VPN Second Factor Fields Disappear
- CSCwi32759: Username-from-certificate secondary attribute is not extracted if the first attribute is missing
- CSCwi33710: ipv6 table flush exception when cli_firstboot installs bootstrap configuration multi instance
- CSCwi34125: ASA: Snmpwalk shows "No Such Instance" for the OID ceSensorExtThresholdValue
- CSCwi34323: After importing AC policy, Realm is not present in UI causing validation error for Azure AD users
- CSCwi34719: Unable to SSH into FTD device using External authentication with Radius
- CSCwi34730: tls website decryption breaks with ERR_HTTP2_PROTOCOL_ERROR
- CSCwi35079: FTD Upgrade logs should contain the certificate name or files
- CSCwi35267: TLS1.3: core decode points to tls_trk_try_switch_to_bypass_aux()
- CSCwi36311: use kill tree function in SMA instead of SIGTERM
- CSCwi36843: Detailed logging related to reason behind sub-interfce admin state change during operations
- CSCwi38061: ASA/FTD traceback and reload due to file descriptor limit being exceeded
- CSCwi38425: Health Monitor Alerts set in Global are not sending alert from devices assigned in leaf domain
- CSCwi38440: Hostnames are replaced with IP addresses in alert email content
- CSCwi38449: Module name displayed in the alert got changed and it is differ from the one set in FMC
- CSCwi38662: FTD HA should not be created partially on FMC
- CSCwi38708: FDM deployment failure
- CSCwi38957: Policy Apply failed moving from FDM to FMC
- CSCwi40193: Hairpinning of DCE/RPC traffic during the suboptimal lookup
- CSCwi40302: Deployment fails on new AWS FTDv device with "no username admin"
- CSCwi40487: FTD HA Failure after SNORT crash.
- CSCwi40536: ASA/FTD: Traceback and reload when running show tech and under High Memory utilization condition
- CSCwi40674: Umbrella Profile and others cleared incorrectly when editing group policy in the UI
- CSCwi41666: MonetDB startup enhancement to clean up large files
- CSCwi42295: Radius traffic not passing after ASA upgrade 9.18.2 and above version.
- CSCwi42962: installing GeoDB country code package update to FMC does not automatically push updates to FTDs
- CSCwi42992: ASA/FTD may traceback and reload in Thread Name IKEv2 Daemon
- CSCwi43240: Deployment fails if Network Discovery policy reference is missing from FMC Database
- CSCwi43492: ASA traceback and reload on Thread Name: DATAPATH
- CSCwi43782: GTP inspection dropping packets with IE 152 due to header length being invalid for IE type 152
- CSCwi44007: FMC Validation failure for large object range and success for object network in NAT64
- CSCwi44208: low memory/stress causing traceback in SNMP
- CSCwi45408: Monetdb having 14GB of unknown BAT data causing "High unmanaged disk usage on /Volume"
- CSCwi45630: Snort3 traceback with fqdn traffics
- CSCwi45878: ASA/FTD: DNS Load Balancing with SAML does not work with VPN Load Balancing
- CSCwi46010: ASA/FTD: Cluster incorrectly generating syslog 202010 for invalid packets destined to PAT IP
- CSCwi46023: FTD drops double tagged BPDUs.
- CSCwi46163: Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.
- CSCwi46641: FTDv may traceback and reload in Thread Name 'PTHREAD-3744' when changing interface status
- CSCwi46676: API:/operational/commands not working as swagger indicate
- CSCwi47029: "Update file is corrupted" for "Download Latest Cisco Firepower Geolocation Database Update." in FMC
- CSCwi48699: ASA traceback and reload on Thread Name: pix_flash_config_thread
- CSCwi49076: Sftunnel DEBUG level not logged on FMC/FTD after running DEBUG script
- CSCwi49128: Update logs - SSP object serialization during HA
- CSCwi49360: A flaw was found in the 9p passthrough filesystem (9pfs) implementatio
- CSCwi49506: Before Go 1.20, the RSA based TLS key exchanges used the math/big libr
- CSCwi49770: ASA|FTD Traceback & reload in thread name Datapath
- CSCwi49797: Event Searching with Objects and Networks Leads to only showing events matching Objects
- CSCwi49829: Threat Defense Service Policy - Reset Connection Upon Timeout not working
- CSCwi50343: Their standalone FTD running 7.2.2 on FPR-4112 experienced a traceback on the SNMP module
- CSCwi51793: Error while trying to push SNMP configuration using API
- CSCwi52008: Snort3 crash with race conditions
- CSCwi52188: Filtering the Malware Events table by IP address removes events which should remain in the results.
- CSCwi53150: Service object-group protocol type mismatch error seen while access-list referencing already
- CSCwi53431: Unable to Synch more then 100 environment-data with data unit
- CSCwi53987: SSL protocol settings does not modify the FDM GUI certificate configuration or disable TLSv1.1
- CSCwi54171: Decryption policy page is empty if user that modified/created policy was deleted.
- CSCwi54995: 413 Request Entity Too Large error due to cookies added by FMC/Amplitude
- CSCwi55629: ASA/FTD : Port-channels remain down on Firepower 1010 devices after upgrade
- CSCwi55842: 7.4 - If policy save in progress deploy might indicate failure for only few devices
- CSCwi55938: The "show asp drop" command usage requires better updates for cluster-related drops
- CSCwi56048: Interface fragment queue may get stuck at 2/3 of fragment database size
- CSCwi56441: Readiness check failed on vFTD during upgrade from 741-172 to 760-1270
- CSCwi56499: Cut-Through Proxy feature spikes CP CPU with a flood of un-authenticated traffic
- CSCwi56667: ASA Traceback and reload on Thread Name "fover_parse" on Standby after Failover Group changes
- CSCwi56733: Internal error when attempting to configure PBR in FMC
- CSCwi56815: HMS process crash - "interface conversion: interface {} is nil, not map[string]interface {}"
- CSCwi58754: Blocking SMB traffic with reason "Blocked by the firewall preprocessor"
- CSCwi59271: Suppress "End of script output before headers" syslog on FXOS
- CSCwi59525: Multiple lina cores on 7.2.6 KP2110 managed by cdFMC
- CSCwi59831: ASA/FTD may traceback and reload in Thread Name 'lina'
- CSCwi59871: High disk usage caused by large write-ahead log in eventdb
- CSCwi60151: ZTNA: FMC doesn't accept IdP with local domain
- CSCwi60248: A malicious HTTP sender can use chunk extensions to cause a receiver r
- CSCwi60256: strongSwan before 5.9.12 has a buffer overflow and possible unauthenti
- CSCwi60285: ASA/FTD may traceback and reload in Thread Name 'lina'
- CSCwi60430: CVE-2023-51385 (Medium Sev) In ssh in OpenSSH before 9.6, OS command injection might occur if a us
- CSCwi61135: Debugs failed to be enabled on SSH session
- CSCwi62683: The SSH transport protocol with certain OpenSSH extensions, found in ... (CVE-2023-48795)
- CSCwi62796: ASA/FTD Traceback and reload related to SSL/DTLS traffic processing
- CSCwi62985: SFDataCorrelator timeout thread deadlock detection core on busy FMC
- CSCwi63057: Threat Defense Upgrade wizard might incorrectly show clusters/HAs as disabled
- CSCwi63113: Null pointer dereference in SNMP that results in traceback and reload
- CSCwi63743: ASA/FTD may traceback and reload in Thread Name "appAgent_monitor_nd_thread" & Rip: _lina_assert.
- CSCwi64429: MonetDB memory usage grows slowly over time
- CSCwi64829: traceback and reload around function HA
- CSCwi64993: Correlation policy not work when condition of the rule is "Intrusion Policy" is XXX
- CSCwi65116: DHCPv6:ASA traceback on Thread Name: DHCPv6 CLIENT.
- CSCwi66103: Lina traceback on RAVPN connection after enabling webvpn debug
- CSCwi66461: WARN msg(speed not compatible, suspended) while creating port-channel on Victoria CE
- CSCwi66570: The report doesn't include "Default Variables" information after change "Variable Sets" name
- CSCwi66676: ASA/FTD may traceback and reload in Thread Name 'webvpn_task'
- CSCwi67510: FMC: Packet-tracer showing a "Interface not supported" error for VLAN interfaces
- CSCwi67629: Devices might change status to "missing the upgrade package" after Readiness Check is initiated
- CSCwi67638: FMC configured DAP rule with Azure IDP SAML attributes does not match
- CSCwi68083: Product Upgrades page: Download action creates a lot of "uninitialized value" error messages in log
- CSCwi68132: A heap out-of-bounds write vulnerability in the Linux kernel's Perform
- CSCwi68133: A use-after-free vulnerability in the Linux kernel's ipv4: igmp compon
- CSCwi68135: A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classifie
- CSCwi68320: During FMC hardware migration failure encountered due to missing prometheus directories
- CSCwi68625: Continuous snmpd restarts observed if SNMP host is configured before the IP is configured
- CSCwi68833: ASA/FTD: Memory leak caused by Failover not freeing dnscrypt key cache due to unsyned umbrella flow
- CSCwi69091: ASA/FTD may traceback and reload in Thread Name 'lina'
- CSCwi69260: upgrade of FMC to 7.2.x removes FlexConfig-provided EIGRP authentication from interfaces on FTDs
- CSCwi70371: Intermittent Packet Losses When VTI Is Sourced From Loopback
- CSCwi70492: Firewall is in App Sync error in pseudo-standby mode and uses IPs from Active unit
- CSCwi70940: standard error (stderr) not inserted into restore.log when restoring FMC backups
- CSCwi71786: Download failed for Available Upgrade Packages
- CSCwi71998: "Stream: TCP normalization error in NO_TIMESTAMP" is seen when SSL Policy decrypt all is used
- CSCwi72054: Unable to delete custom DNS Server Group Object post upgrade 7.2.x
- CSCwi72294: FTD: Improve or optimize LSP package verification logic to run it faster
- CSCwi74214: ASA/FTD traceback and reload in Thread Name: IKEv2 Daemon when moving from active to standby HA
- CSCwi75111: Configuring MTU value via CLI does not apply
- CSCwi75198: Standby FTD experiencing periodic traceback and reload
- CSCwi76002: Memory exhaustion due to absence of freeing up mechanism for tmatch
- CSCwi76361: Transparent firewall MAC filter does not capture frames with STP-UplinkFast dst MAC consistently
- CSCwi76630: FP2100/FP1000: ASA Smart licenses lost after reload
- CSCwi77415: ASDM connection lost issue is observed in ASAv device due to config issue
- CSCwi78189: It was discovered that when exec'ing from a non-leader thread, armed P
- CSCwi78206: A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTL
- CSCwi78210: An out-of-bounds memory write flaw was found in the Linux kernel\u2019s Tra
- CSCwi78370: 41xx/93xx : Update CiscoSSH (Chassis Manager FXOS) to address CVE-2023-48795
- CSCwi78626: tds-cloud-events.json getting updated from both cdFMCs (ftd migration from 1 tenant to another)
- CSCwi78941: FDM deployment fails with error "Some interfaces have been added to or removed from the device"
- CSCwi79037: IKEv2 client services is not getting enabled - XML profile is not downloaded
- CSCwi79042: FTD/Lina traceback and reload of HA pairs, in data path, after adding NAT policy
- CSCwi79120: some ssh sessions not timing out, leading to ssh and console unable to connect to the FXOS CLI
- CSCwi79289: FMC: Add logging for PM functions
- CSCwi79393: Policy Deployment Fails when removing the Umbrella DNS Policy from Security Intelligence
- CSCwi79538: FMC API Call for Network Object Overrides Returns Different Results for Active vs Standby FW
- CSCwi79703: Incorrect Timezone Format on FTD When Configured via FXOS
- CSCwi80979: Snort stripping packet information and injects its packet with 0 bytes data
- CSCwi81193: singlevar in lparser.c in Lua from (including) 5.4.0 up to 5.4.4
- CSCwi81195: An issue in the component luaG_runerror of Lua v5.4.4 and below leads to ...
- CSCwi81503: HTTP/HTTPS detection for application needs to fail it's detection earlier
- CSCwi82189: ACP page goes blank or error thrown if one of the ACP rules has user created app filter
- CSCwi82866: MonetDB Monitor triggers for restarting MonetDB based on WAL size are not effective
- CSCwi84314: ASA CLI hangs with 'show run' on multiple SSH
- CSCwi84809: Incorrect Variable set in derived policy when derived policy is same as default.
- CSCwi85277: Upgrade Failed with error "Upgrade failed because of undeployed changes present on the device"
- CSCwi85689: TLS Server Identify: 'show asp table socket' output shows multiple TLS_TRK entries
- CSCwi85951: A use-after-free flaw was found in the __ext4_remount in fs/ext4/super
- CSCwi86036: External Radius authentication fails post upgrade if radius key includes special characters
- CSCwi86198: SFData correlator keep terminating on FTDs configured for IDS
- CSCwi87382: Traceback and reload on Primary unit while running debugs over the SSH session
- CSCwi89447: Every realm sync indicates an access control policy change
- CSCwi90040: Cisco ASA and FTD Software Command Injection Vulnerability
- CSCwi90399: FTD/ASA system clock resets to year 2023
- CSCwi90571: Access to website via Clientless SSL VPN Fails
- CSCwi90998: ASA SNMP Polling Failure for environmental FXOS DME MIB (.1.3.6.1.4.1.9.9.826.2)
- CSCwi91588: Heap-use-after-free in Discovery Filter on Snort shutdown
- CSCwi91602: 7.2 - Deployment doesn't timeout, runs for hours after LSP install
- CSCwi92875: Check metadata cache size when generating retrospective events
- CSCwi92914: A flaw was found in the networking subsystem of the Linux kernel withi
- CSCwi92917: Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulner
- CSCwi92927: A use-after-free vulnerability in the Linux kernel's netfilter: nf_tab
- CSCwi95228: "crypto ikev2 limit queue sa_init" resets after reboot
- CSCwi95708: FTD: Hostname Missing from Syslog Message
- CSCwi95796: FTD SNMP OID 1.3.6.1.4.1.9.9.109.1.1.1.1.7 always returns 0% for SysProc Average
- CSCwi95871: SSH/SNMP connections to non-admin contexts fail after software upgrade
- CSCwi95994: Chromium-based browsers have SSL connection conflicts when FIPS CC is enabled on the firewall.
- CSCwi97836: ASA traceback and reload after configuring capture on nlp_int_tap and deleting context
- CSCwi97839: FTD traceback assert in vni_idb_get_mode and reloaded
- CSCwi98147: Tomcat restarts in the middle of the LTP flow due to certificate update
- CSCwi98284: Cisco ASA and FTD Software Persistent Local Code Execution Vulnerability
- CSCwi99429: Policy deployment failure rollback didnt reconfigure the FTD devices
- CSCwj00659: FMC: Multiple Email address in Email Alert not working
- CSCwj00956: Snort process spamming syslog-ng messages so our on KP platform syslog-ng is being killed
- CSCwj02259: Backup failures needs to be displayed with the correct state on GUI
- CSCwj02505: ASA Checkheaps traceback while entering same engineID twice
- CSCwj02708: Backup generation on FDM fails with the error "Unable to backup Legacy data."
- CSCwj03112: pmtool restart of monetdb fails to bring up monetdb, too many files in monetdb Volume directory
- CSCwj03253: SFDataCorrelator creates huge numbers of to_import files when MonetDB table partition creation fails
- CSCwj03285: FMC : Health Monitor Alert is not properly issued regarding disk usage
- CSCwj03348: vFMC25 OCI to vFMC300 OCI migration failed 'Migration from Y to a is not allowed.'
- CSCwj03764: In Spoke dual ISP case if ISP2 is down, VTI tunnels related to ISP1 flapping.
- CSCwj05151: ASA/FTD may traceback and reload in Thread Name DATAPATH due to GTP Spin Lock Assertion
- CSCwj05464: FMC Server Certificate shows Only First 20 Objects
- CSCwj05484: ASA upgrade from 9.16 to 9.18 causing change in AAA ldap attribute values by adding extra slash ''
- CSCwj06197: "pmtool restartbyid
" should give some indication of error - CSCwj07837: Deployment failure due to exceeding logging event list name size
- CSCwj08073: libuv is a multi-platform support library with a focus on asynchronous
- CSCwj08083: An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.1
- CSCwj08203: FMC: fireamp generating too many logs
- CSCwj08302: FTD: HostScan scanning results not processed in version 7.4.1
- CSCwj08822: cdFMC Multiple health monitor widgets throwing Error while fetching data
- CSCwj09110: Upload files through Clientless portal is not working as expected after the ASA upgrade
- CSCwj09373: BBManager text based search - lucene
- CSCwj09613: User not entitled for packet captures, is still able to open it from the Device Management
- CSCwj09938: Unable to remove suppression from snort3 rule once added
- CSCwj09999: FP 3100 MTU change on management interface is NOT persistent across reboots (returns to default MTU)
- CSCwj10009: In Snort 3 policy editor, selecting a Rule Action of \u201cRule Action\u201d causes UI to spin indefinitely
- CSCwj10451: The secondary device reloaded while rebooting the primary device.
- CSCwj10955: Cisco ASA and FTD Software Web Services Denial of Service Vulnerability
- CSCwj12131: Bailout when lina_io_write fails persistent with EPIPE errno.
- CSCwj12168: Never expiring machine user not logged out at various places
- CSCwj12173: Policy cache cleanup thread should cleanup any cache that is left open for a logged out session
- CSCwj13910: Crypto IPSEC SA Output Showing NO SA ERROR With IPSEC Offload Enabled
- CSCwj14492: fpr1k/2k/3k/4200:Need ability to configure SSH public key auth without using root shell
- CSCwj14614: FMC: Upgrade fails at "800_post/991_update_scheduled_tasks.pl"
- CSCwj14832: SAML: Single sign-on AnyConnect token verification failure is seen after successful authentication
- CSCwj15821: Page getting expaned while getting continuous task notifications
- CSCwj16119: FP2110: When Leaving On-Box (FDM) Mode Platform API Fails
- CSCwj16633: Issues with FMC Deployment preview (Advanced Preview)
- CSCwj17677: PM restart needs to be blocked or warned the user that it may go for reboot
- CSCwj17852: FMC - Inheritance Settings Select Base Policy Menu disappears while scrolling using Light or Dusk UI
- CSCwj19236: In Object page able to delete and create system provided object
- CSCwj19252: Object optimisation gets disabled on FMC if next deployment is after two hours
- CSCwj19653: FTD - Trace back and reload due to NAT involving fqdn objects
- CSCwj20067: ASA: Warning messages not displayed when Static interface NAT are configured
- CSCwj20118: FTDv reloads and generate backtrace after push EIGRP config
- CSCwj21880: FTD with Interface object optimization enabled is blocking traffic after renaming of zone names
- CSCwj22086: Active unit goes to disabled state when there is a mismatch in firewall mode
- CSCwj22235: Lina traceback and reload due to mps_hash_memory pointing to null hash table
- CSCwj22990: After upgrading the ASA, \u201cSlot 1: ATA Compact Flash memory\u201d shows a ditterent value
- CSCwj23192: extra file check is not reporting with pmtool SecureLSP lsp-rel-xxx command
- CSCwj24517: LSP Deployment fails in multi instance FP 41xx / 93xx
- CSCwj24573: Rabbitmq queues on FMC vHost may not be cleaned up after element removal
- CSCwj25066: CCM ID 68 - LTS21 - CISCO_LTS21_R2160 release branch
- CSCwj25975: FTD/ASA : CSR generation with comma between \u201cCompany Name\u201d attribute does not work expected
- CSCwj26627: FMC shows a non-User-Friendly Error during a Policy Deployment failure due to snapshot failure
- CSCwj27112: Rest API '/devices/devicerecords' is returning mismatch of values for (RA VPN) policy object id
- CSCwj28049: Identity Mapping Filter field gets updated with newly created network objects.
- CSCwj28153: Lina contains outdated libexpat source code
- CSCwj28437: Snort3: SQL traffic failure after upgrade due to large invalid sequence numbers and invalid ACKs
- CSCwj29351: Health Policy Configuration - Unable to remove device from the policy
- CSCwj30825: SFDataCorrelator memory leak after unregistering an active device
- CSCwj30962: 3140 3 MI instances upgrade failed
- CSCwj30980: Addition of debugs & a show command to capture the ID usage in the CTS SXP flow.
- CSCwj31816: TLS Secure Client sessions cannot be established on ASA 9.19 and 9.20
- CSCwj32035: Clientless VPN users are unable to reach pages with HTTP Basic Authentication
- CSCwj33487: ASA/FTD may traceback and reload while handling DTLS traffic
- CSCwj33503: Snort3 event PCAPs contain only header data when decrypting HTTP/2
- CSCwj33580: IKEv2 tunnels flap due to fragmentation and throttling caused by multiple ciphers/proposal
- CSCwj33891: ASA/FTD Cluster memory exhaustion caused by NAT process during release of port blocks allocations
- CSCwj34881: Command to show counters for access-policy filtered with a source IP address gives incorrect result
- CSCwj34975: Multiple context interfaces fail to pass traffic
- CSCwj36559: rsync is not happening to standby unit when perform oob changes in active unit.
- CSCwj38871: ASA traceback with thread name SSH
- CSCwj38928: High latency observed on FPR3120
- CSCwj39107: SFDataCorrelator memory growth when pruning a huge number of old service identities
- CSCwj39984: Unable to approve ticket due to monitored int in HA and getting Error to contact Cisco Support.
- CSCwj40124: FMC 7.3 Deployment failed due to OOM in PBR Configuration
- CSCwj40597: Backups fail on multi-instance with error "Backup died unexpectedly"
- CSCwj40665: Additional memory tracking in SFDataCorrelator
- CSCwj40761: ASA/FTD may traceback in Threadname: CTM KC FPGA stats handler
- CSCwj41427: FTD-HA creation is failing because FMC takes longer time to save overrides.
- CSCwj41916: FTD-HA upgrade fails to start - Configuration is out of sync between active and standby
- CSCwj42025: CCM ID LTS21-100 with RCPL21 update
- CSCwj43345: SNMP poll for some OIDs may cause CPU hogs and high latency can be observed for ICMP packets
- CSCwj44398: when set the route-map in route RIP on FTD, routes update is not working after FTD reload
- CSCwj48308: Stale Health Alerts seen on the UMS after model migration
- CSCwj48704: ASA traceback and reload when accessing file system from ASDM
- CSCwj48754: SFDataCorrelator high memory usage when restart with large network map hosts
- CSCwj48801: 4200s have high UDP latency at low packet rates.
- CSCwj49958: Crypto IPSEC Negotiation Failing At "Failed to compute a hash value"
- CSCwj50064: SSE connection events, FirewallRuleList field is not sent in proper format
- CSCwj50406: All IPV6 BGP routes configured in device flapping
- CSCwj50557: Snort creating too many snort-unified log files when frequent policy deploys
- CSCwj50603: Large write-ahead log may leave monetdb in disabled state
- CSCwj51115: FMC backup remote server copy to Solar Winds remote server failing after upgrading to 7.x versions.
- CSCwj54717: Radius secret key of over 14 characters for external authentication does not get deployed (FPR3100)
- CSCwj55036: ASA/FTD: A delay in an async crypto command induces a traceback and subsequently a reload.
- CSCwj55081: FPR3K loses connectivity to FMC via mgmt data interface on reboot of FPR3K
- CSCwj56639: FDM1010E 7.4.1 unable to register to SA, getting "Invalid entitlement tag"
- CSCwj56668: False positive ISE bulk download alert error seen on FMC
- CSCwj58431: FMC REST API not sending 'deploymentStatus' Attribute
- CSCwj59861: ASA/FTD may traceback and reload in Thread Name 'lina' due to SCP/SSH process
- CSCwj59981: FMC only accepts a maximum of 30 characters for shared secret key when connecting to RADIUS server
- CSCwj60265: ASA/FTD may traceback and reload in Thread Name 'DATAPATH-1-16803'
- CSCwj62723: Error message spammed to console on Firepower 2100 devices while enabling SSH config
- CSCwj62984: Snort3: MSSQL query traffic corrupted by stream_tcp overlap handling causing SQL HY000
- CSCwj66339: OGO changing the order of custom object group contents causing an outage at static NAT
- CSCwj66537: Snort3 crashes due to processing pdf tokenizer with no limits.
- CSCwj66923: cdFMC : Support for new regions in Aus and India
- CSCwj67600: Autodeployment failing on cdFMC v20240307 when onboarding a 1010 v7.2.5
- CSCwj67787: New User activity page does not load because the VPN bytes in and out are long.
- CSCwj68096: Console Access Stuck for ASAv hosted in CSP after Upgrade to 9.18.3.56
- CSCwj68783: FTD/ASA-HA configs not in sync as the command sync process is sending configs with special chars
- CSCwj69632: Default Hashing Algorithm is SHA1 for Firepower Chassis Manager Certificate on 4110
- CSCwj71064: Snort dropping connections with reason blocked or blacklisted by the firewall preprocessor
- CSCwj72683: ASA - Bookmarks on the WebVPN portal are unreachable after successful login.
- CSCwj73053: ASA may traceback and reload in Thread Name 'DATAPATH-21-16432'
- CSCwj73061: SNMP OID for CPUTotal1min omits snort cpu cores entries when polled
- CSCwj77700: FTD LINA Traceback and Reload idfw_proc Thread
- CSCwj79481: Deployment fails on FTD HA while doing LINA ONLY DEPLOYMENT
- CSCwj79736: eStreamer memory leak when the FMC receives events from CDO-managed FTDs
- CSCwj80324: Access rule getting pushed with "deny tcp any any" on snort
- CSCwj82127: IP-SGT mappings on Lina-side are not being removed, when FMC pxGrid connection is disabled
- CSCwj82285: ASA/FTD may traceback and reload in Thread Name 'sdi_work'
- CSCwj85333: FPR might drop TLS1.3 connections when hybridized kyber cipher is enabled in web browser
- CSCwj86116: High LINA CPU observed due to NetFlow configuration
- CSCwj88925: net-snmp provides various tools relating to the Simple Network Managem
- CSCwj88928: net-snmp provides various tools relating to the Simple Network Managem
- CSCwj88929: net-snmp provides various tools relating to the Simple Network Managem
- CSCwj88930: net-snmp provides various tools relating to the Simple Network Managem
- CSCwj88931: net-snmp provides various tools relating to the Simple Network Managem
- CSCwj88932: net-snmp provides various tools relating to the Simple Network Managem
- CSCwj89126: HTTP Response splitting in multiple modules in Apache HTTP Server allows
- CSCwj89264: FTD HA: Traceback and reload in netsnmp_oid_compare_ll
- CSCwj92784: RAVPN: Failure to create SGT-IP mapping due to ID table exhaustion
- CSCwj93921: ASA after upgrade to 9.18.4.24 not able to save config with error: "Configuration line too long"
- CSCwj95590: Browser redirects to logon page when the user clicks the WebVPN bookmark
- CSCwj98451: FMC got deregistered from Smart License after upgrade
- CSCwk00628: Captive portal returns bad request for snort 2 for FMC 7.4.x , FTD version < 7.4
- CSCwk02928: ASA/FTD may traceback and reload in Thread Name PTHREAD
- CSCwk04492: ASA CLI hangs with 'show run' with multiple ssh sessions
- CSCwk05851: "set ip next-hop" line deleted from config at reload if IP address is ma
- CSCwk07934: Clock skew between FXOS and Lina causes SAML assertion processing failure
- CSCwk08576: command to print the debug menu setting of service worker
- CSCwk12065: LSP downloads are not using the Web proxy, when configured.
- CSCwk12673: TCP Session Interrupted if Keep-Alive with 1 Byte is Received
- CSCwk33634: TLS Client Hello packet is dropped by snort
- CSCwk44366: cdFMC Fails to configure-geneve-encapsulation on interface
- CSCwk62296: Address SSP OpenSSH regreSSHion vulnerability
- CSCwk62297: Evaluation of ssp for OpenSSH regreSSHion vulnerability
- CSCwk66252: It was discovered that a nft object or expression could reference a nf
- CSCwk66253: An out-of-bounds access vulnerability involving netfilter was reported
下载地址
Secure Firewall Threat Defense Virtual Release 7.4.1 (include 7.4.2 release)
Firepower Threat Defense (FTD) Software:
File Information | Filename | Release Date | Size |
---|---|---|---|
Firepower Threat Defense upgrade (Do not untar) | Cisco_FTD_Upgrade-7.4.1-172.sh.REL.tar | 13-Dec-2023 | 1251.67 MB |
FTDv: KVM install package | Cisco_Secure_Firewall_Threat_Defense_Virtual-7.4.1-172.qcow2 | 13-Dec-2023 | 1314.50 MB |
FTDv: VMware install package for ESXi 6.5, 6.7, or 7.0 | Cisco_Secure_Firewall_Threat_Defense_Virtual-7.4.1-172.tar.gz | 13-Dec-2023 | 1297.34 MB |