Cisco Secure Firewall Threat Defense Virtual 7.4.2 - 思科下一代防火墙虚拟设备 (FTDv)

Cisco Secure Firewall Threat Defense Virtual 7.4.2 - 思科下一代防火墙虚拟设备 (FTDv)

Firepower Threat Defense (FTD) Software

请访问原文链接:https://sysin.org/blog/cisco-firepower-7/,查看最新版。原创作品,转载请保留出处。

为什么选择 Cisco Secure 防火墙?

Cisco Secure 防火墙为行业最完善和开放的安全平台提供基础支持。

世界一流的安全控制

保护网络免受日益复杂的威胁入侵,需要业界领先的情报和始终如一、无处不在的保护。借助 Cisco Secure 防火墙,立即改善安全状况。

新增功能

Resolved Bugs in Version 7.4.2

Table last updated: 2024-07-31

  • Bug ID: Headline
  • CSCvk60075: FMC HA synchronisation task failures should generate alarms
  • CSCvx37329: Remove Syslog Messages 852001 and 852002 in Firewall Threat Defense
  • CSCwb02701: FXOS does not retry NTP sync with servers
  • CSCwb03293: IKEv2 debugs: Received Policies and Expected Policies are empty
  • CSCwc28334: Cisco ASA and FTD Software RSA Private Key Leak Vulnerability
  • CSCwc31953: Prevention of RSA private key leaks regardless of root cause.
  • CSCwc33025: mgmt interface taking long time to come up and causing cluster registration issues
  • CSCwc70142: Deleting a routed mode Etherchannel interface changes member interfaces to switch port mode
  • CSCwc73773: FMC 7.0.2 Deployment error message is irrelevant | Deployment Failed due to configuration error
  • CSCwc76419: Unnecessary FAN error logs needs to be removed from thermal file
  • CSCwd39442: ssl policy errors: Unable to get server certificate's internal cached status
  • CSCwd67100: ASA traceback and reload on Datapath process
  • CSCwd80492: Device Management Applied Policies Widget Defaulting to classic theme when editting
  • CSCwe02012: ASA/FTD may traceback and reload in Thread Name 'lina'
  • CSCwe11124: ENH: Combine firmware bundle packages into FXOS MIO update packages
  • CSCwe18462: ASA/FTD: Improve GTP Inspection Logging
  • CSCwe18467: ASA/FTD: GTP Inspection engine serviceability
  • CSCwe42986: Classic and Unified Events should handle cases when SMC is unreachable
  • CSCwe47485: FTD: CLISH slowness due to command execution locking LINA prompt
  • CSCwe79990: Cisco-Intelligence-Feed - Failed to download due to timeout
  • CSCwe86964: Consul and Consul Enterprise allowed an authenticated user with service:
  • CSCwe91008: Snort3 is crashing frequently on cd_pdts.so
  • CSCwe93925: Deployment fails to FTD when reusing/reassigning existing vlan id to diff interface
  • CSCwe96560: Cannot copy rules from one policy to another policy using the new AC policy UI
  • CSCwe97939: ASA/FTD Cluster: Change "cluster replication delay" with max value increase from 15 to 50 sec
  • CSCwf01954: FTD: ADI.conf - send_s2s_vpn_events is set to 0, even after applying s2s vpn health policy
  • CSCwf16001: HashiCorp Vault's implementation of Shamir's secret sharing used precomp
  • CSCwf17314: FMC deploy logs rotating faster because of /internal_rest_api/accesscontrol/rapplicationsavailable
  • CSCwf26599: Error loading data in NAT page - When unused port object is used
  • CSCwf27458: AC policy change is not reflected in instance page on edit
  • CSCwf39108: Firewall rings may get stuck and cause packet loss when asp load-balance per-packet auto is used
  • CSCwf47646: show version system prints errors about PM_Control.sock
  • CSCwf59529: Identity Policy Active auth snort3 redirect hostname doesn't list all FQDN objects\u0009
  • CSCwf61280: Failing to dowload FTD image via SAML SSO login
  • CSCwf75694: ASA - The GTP inspection dropped the message 'Delete PDP Context Response' due to an invalid TEID=0
  • CSCwf84318: ASA/FTD traceback and reload on thread DATAPATH
  • CSCwf99303: Management UI presents self-signed cert rather than custom CA signed one after upgrade
  • CSCwh12120: Incorrect exit interface choose for VTI traffic next-hop
  • CSCwh16759: SNMP is not working on the primary active ASA unit in multi-context environment
  • CSCwh19613: ASA crashed with Saml scenarios
  • CSCwh22888: FXOS: Remove enforcement of blades going into degraded state after multiple DIMM correctable errors
  • CSCwh29276: ASA: Traceback and reload when switching from single to multiple mode
  • CSCwh30257: snort3 crashes observed due to memory corruption in file api
  • CSCwh30346: ASA/FTD: 1 Second failover delay for each NLP NAT rule
  • CSCwh34836: Getting an exception on the UI while editing and saving the intrusion policy
  • CSCwh41606: Extensive logging for a problematic deployment caused logs to rollover important logs
  • CSCwh43230: Strong Encryption license is not getting applied to ASA firewalls in HA.
  • CSCwh43945: FTD/ASA traceback and reload may occur when ssl packet debugs are enabled
  • CSCwh46657: Save button disabled when updating ZTNA policy
  • CSCwh47053: ASA/FTD may traceback and reload in Thread Name 'dns_cache_timer'
  • CSCwh47732: Vulnerabilities in linux-kernel 5.10.79 CVE-2023-3111 and others
  • CSCwh51872: Message asa_log_client exited 1 time(s) seen multiple times
  • CSCwh57814: The html/template package does not apply the proper rules for handling o
  • CSCwh57976: Improve CPU utilization in ssl inspection for supported signature algorithm handling
  • CSCwh58190: FMC Deployment failure in csm_snapshot_error
  • CSCwh58467: ASA does not sent 'warmstart' snmp trap
  • CSCwh58490: FMC Deployment failed due to internal errors after upgrade
  • CSCwh60504: LINA would randomly generate a traceback and reload on FPR-1K
  • CSCwh60971: NAT pool is not working properly despite is not reaching the 32k object ID limit.
  • CSCwh61832: FDM: Allow turn on/off GSP mempool polling via Flexconfig
  • CSCwh62731: FTD Upgrade from 6.6.5 to 7.2.5 removing OGS causing rule expansion on boot
  • CSCwh65128: LINA show tech-support fails to generate as part of sf_troubleshoot.pl (Troubleshoot file)
  • CSCwh68068: Firepower WCCP router-id changes randomly when VRFs are configured
  • CSCwh69843: WM DT - ASA in transparent mode doesn't send equal IPv6 Router Advertisement packets to all nodes
  • CSCwh71235: A flaw was found in QEMU. The async nature of hot-unplug enables a rac
  • CSCwh71611: ENH: FMC - Ability to Filter Security Zone in Interface Drop Down Selection
  • CSCwh71665: ASA traceback under match_partial_keyword during CPU profiling
  • CSCwh72070: Reload takes forever when reload command is issued on the lina prompt when devices are on HA
  • CSCwh75829: FMC Primary disk degraded error
  • CSCwh75927: In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a
  • CSCwh79546: No error message is given when deleting object referred in new object created in another ticket
  • CSCwh83021: ASA/FTD HA pair EIGRP routes getting flushed after failover
  • CSCwh83254: ASA/FTD: Traceback and reload on thread name CP Crypto Result Processing
  • CSCwh83854: Cannot configure Correlation rule because there are no values for GID that exceed 2000
  • CSCwh84376: In FPR4200/FPR3100-cluster observed core file ?core.lina? observed on device reboot.
  • CSCwh84610: Disconnecting RA VPN users from the FMC gui fails.
  • CSCwh84647: Backup restore: silent failure when the device managed locally
  • CSCwh87058: FTD: Internal certificate generation results to certificate and private key mismatch
  • CSCwh88150: Need ability to configure SSH public key auth without using root shell
  • CSCwh89835: FMC plain-text passwords for radius server and certificate passphrase
  • CSCwh91574: FTD: Traceback in threadname cli_xml_request_process
  • CSCwh92345: crypto_archive file generated after the software upgrade.
  • CSCwh92541: Random FTD snort3 traceback
  • CSCwh93710: Last Rule hit shows a hex value ahead of current time in ASA and ASDM
  • CSCwh94201: An issue was discovered in drivers/net/ethernet/intel/igb/igb_main.c i
  • CSCwh95003: Init process spikes to 100% CPU usage after a failed backup
  • CSCwh95010: Unexpected traceback on thread name Lina and device experienced reboot
  • CSCwh95025: GTP connections, under certain circumstances do not get cleared on issuing clear conn.
  • CSCwh95443: Datapath hogs causing clustering units to get kicked out of the cluster
  • CSCwh96055: Management DNS Servers may be unreacheable if data interface is used as the gateway
  • CSCwh99331: syslog not generated "ASA-3-202010: NAT pool exhausted" while passing traffic from iLinux to oLinux
  • CSCwh99398: ASA/FTD may traceback and reload in Thread Name 'DATAPATH-34-17852'
  • CSCwi01073: Event search with URL object ${example} is displaying no results
  • CSCwi01085: FTD VMWare tracebacks at PTHREAD-3587
  • CSCwi01381: ASA/FTD may traceback and reload in Thread Name 'lina'
  • CSCwi01895: Connection drops during file transfers due to HeartBeat failures
  • CSCwi01981: Thirty-day automatic upgrade revert-info deletion is not resilient to communication failures
  • CSCwi02039: FMC clean_revert_backup script fails silently without creating any logs
  • CSCwi02134: FTD sends multiple replicated NetFlow records for the same flow event
  • CSCwi02599: SSX Eventing continues to go to old tenant upon FTD migration to CDO.
  • CSCwi02754: FTD 1120 standby sudden reboot
  • CSCwi02919: SNMP Unresponsive when snmp-server host specified
  • CSCwi03407: Traceback on FP2140 without any trigger point.
  • CSCwi04021: Daily Change Reconciliation Report Randomly Generating Reports with the same time periods
  • CSCwi04351: FTD upgrade failling on script 999_finish/999_zz_install_bundle.sh
  • CSCwi06690: Certificate Encoding Issue when using AnyConnect cert Authentication/Authorisation
  • CSCwi06797: ASA/FTD traceback and reload on thread DATAPATH
  • CSCwi08374: FMC backup fails with "Registration Blocking" failure caused by DCCSM issues
  • CSCwi11520: FTD OSPFV3 IPV6 Routing: FTD is sending unsupported extended LSA request to neighbor routers
  • CSCwi12388: HTTP/2 Rapid Reset Attack Affecting Cisco Products: October 2023 - Golang
  • CSCwi12772: ASA cluster traceback Thread Name: DATAPATH-8-17824
  • CSCwi13062: Debug messages seen on console on executing show tech-support fprm detail
  • CSCwi13134: Hardware bypass not working as expected in FP3140
  • CSCwi13223: Source of the VTI interface is getting empty
  • CSCwi15409: ASA/FTD - may traceback and reload in Thread Name 'Unicorn Proxy Thread'
  • CSCwi15595: ASA traceback and reload during ACL configuration modification
  • CSCwi16034: FMC does not generate email health notifications for Database Integrity Check failures.
  • CSCwi17193: CP Session Handling for per site auth is inaccurate for Cluster break and join scenarios
  • CSCwi17496: Error Text is repeated twice for Interface config if pool range is less than Cluster Nodes plus 1
  • CSCwi18581: Firewall traceback and reload due to SSH thread
  • CSCwi18663: FMC-4600: Pre-Filter policy is showing as none
  • CSCwi19015: ASA/FTD may traceback and reload in Thread Name 'DATAPATH-13-6022'
  • CSCwi19485: Fail open snort-down is off in inline pairs despite it being enabled and deployed from FMC
  • CSCwi19849: VPN load-balancing cluster encryption using Phase 2 deprecated ciphers
  • CSCwi20045: ASA/FTD may traceback and reload in Thread Name 'lina' due to a watchdog in 9.16.3.23 code
  • CSCwi20848: ASA/FTD high memory usage due to SNMP caused by RAVPN OID polling
  • CSCwi20955: FTD with may traceback in data-path during deployment when enabling TAP mode
  • CSCwi21625: FailSafe admin password is not properly sync'd with system context enable pw
  • CSCwi23545: HA CP clients statistics doesn't show actual Tx/Rx and Reliable Tx/Rx
  • CSCwi23964: Python 3.x through 3.10 has an open redirection vulnerability in lib/h
  • CSCwi24004: Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.Th
  • CSCwi24021: An issue was discovered in the Linux kernel before 6.5.9, exploitable
  • CSCwi24027: A use-after-free vulnerability was found in drivers/nvme/target/tcp.c`
  • CSCwi24032: A heap out-of-bounds write vulnerability in the Linux kernel's Linux K
  • CSCwi24368: Standby manager addition is failed on Primary FMC due to previous entries in table
  • CSCwi24370: Stale HA transactions need to be moved to failed and subsequent HA transaction needs to be created
  • CSCwi24461: Device/port-channel goes down with a core generated for portmanager
  • CSCwi24814: In FIPS mode, External auth with TLS config enabled, CLI logins are not working (FMC & FTDs)
  • CSCwi25842: FMC Analysis Vulnerabilities error "Unable to process this query. Please try the query again."
  • CSCwi26064: ASA : Modifying a route-map in one context affects other contexts
  • CSCwi26895: ASA SNMP OID cpmCPUTotalPhysicalIndex returning zero values instead of CPU index values
  • CSCwi27338: Stale asp entry for TCP 443 remains on standby after changing default port
  • CSCwi28645: User assigned to a read only custom role is not able to view content of intrusion policy for snort2
  • CSCwi29538: EIGRP migration failed using 'FlexConfig Policiies' script failed generating database corruption
  • CSCwi29934: Cisco FXOS Software Link Layer Discovery Protocol Denial of Service Vulnerability
  • CSCwi30843: Error Fetching Data in Exclude Policy Page when non permanent exclude periods are selected
  • CSCwi31008: Deployment stuck on FMC when device goes down during deploy and doesn't boot up
  • CSCwi31480: Alert: Decommission failed, reason: Internal error is not cleared from FCM or CLI after acknowledge
  • CSCwi31558: file-extracts.logs are not recognised by the diskmanager leading to High disk space
  • CSCwi31563: cdFMC: Table View of Rule Update Import Log UI is throwing error, unable to check SRU update log
  • CSCwi31766: PSU fan shows critical in show environment output while operating normally
  • CSCwi31966: FTD ADI debugs may show incorrect server_group and/or realm_id for SAML-authenticated sessions
  • CSCwi32063: ASA/FTD: SSL VPN Second Factor Fields Disappear
  • CSCwi32759: Username-from-certificate secondary attribute is not extracted if the first attribute is missing
  • CSCwi33710: ipv6 table flush exception when cli_firstboot installs bootstrap configuration multi instance
  • CSCwi34125: ASA: Snmpwalk shows "No Such Instance" for the OID ceSensorExtThresholdValue
  • CSCwi34323: After importing AC policy, Realm is not present in UI causing validation error for Azure AD users
  • CSCwi34719: Unable to SSH into FTD device using External authentication with Radius
  • CSCwi34730: tls website decryption breaks with ERR_HTTP2_PROTOCOL_ERROR
  • CSCwi35079: FTD Upgrade logs should contain the certificate name or files
  • CSCwi35267: TLS1.3: core decode points to tls_trk_try_switch_to_bypass_aux()
  • CSCwi36311: use kill tree function in SMA instead of SIGTERM
  • CSCwi36843: Detailed logging related to reason behind sub-interfce admin state change during operations
  • CSCwi38061: ASA/FTD traceback and reload due to file descriptor limit being exceeded
  • CSCwi38425: Health Monitor Alerts set in Global are not sending alert from devices assigned in leaf domain
  • CSCwi38440: Hostnames are replaced with IP addresses in alert email content
  • CSCwi38449: Module name displayed in the alert got changed and it is differ from the one set in FMC
  • CSCwi38662: FTD HA should not be created partially on FMC
  • CSCwi38708: FDM deployment failure
  • CSCwi38957: Policy Apply failed moving from FDM to FMC
  • CSCwi40193: Hairpinning of DCE/RPC traffic during the suboptimal lookup
  • CSCwi40302: Deployment fails on new AWS FTDv device with "no username admin"
  • CSCwi40487: FTD HA Failure after SNORT crash.
  • CSCwi40536: ASA/FTD: Traceback and reload when running show tech and under High Memory utilization condition
  • CSCwi40674: Umbrella Profile and others cleared incorrectly when editing group policy in the UI
  • CSCwi41666: MonetDB startup enhancement to clean up large files
  • CSCwi42295: Radius traffic not passing after ASA upgrade 9.18.2 and above version.
  • CSCwi42962: installing GeoDB country code package update to FMC does not automatically push updates to FTDs
  • CSCwi42992: ASA/FTD may traceback and reload in Thread Name IKEv2 Daemon
  • CSCwi43240: Deployment fails if Network Discovery policy reference is missing from FMC Database
  • CSCwi43492: ASA traceback and reload on Thread Name: DATAPATH
  • CSCwi43782: GTP inspection dropping packets with IE 152 due to header length being invalid for IE type 152
  • CSCwi44007: FMC Validation failure for large object range and success for object network in NAT64
  • CSCwi44208: low memory/stress causing traceback in SNMP
  • CSCwi45408: Monetdb having 14GB of unknown BAT data causing "High unmanaged disk usage on /Volume"
  • CSCwi45630: Snort3 traceback with fqdn traffics
  • CSCwi45878: ASA/FTD: DNS Load Balancing with SAML does not work with VPN Load Balancing
  • CSCwi46010: ASA/FTD: Cluster incorrectly generating syslog 202010 for invalid packets destined to PAT IP
  • CSCwi46023: FTD drops double tagged BPDUs.
  • CSCwi46163: Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.
  • CSCwi46641: FTDv may traceback and reload in Thread Name 'PTHREAD-3744' when changing interface status
  • CSCwi46676: API:/operational/commands not working as swagger indicate
  • CSCwi47029: "Update file is corrupted" for "Download Latest Cisco Firepower Geolocation Database Update." in FMC
  • CSCwi48699: ASA traceback and reload on Thread Name: pix_flash_config_thread
  • CSCwi49076: Sftunnel DEBUG level not logged on FMC/FTD after running DEBUG script
  • CSCwi49128: Update logs - SSP object serialization during HA
  • CSCwi49360: A flaw was found in the 9p passthrough filesystem (9pfs) implementatio
  • CSCwi49506: Before Go 1.20, the RSA based TLS key exchanges used the math/big libr
  • CSCwi49770: ASA|FTD Traceback & reload in thread name Datapath
  • CSCwi49797: Event Searching with Objects and Networks Leads to only showing events matching Objects
  • CSCwi49829: Threat Defense Service Policy - Reset Connection Upon Timeout not working
  • CSCwi50343: Their standalone FTD running 7.2.2 on FPR-4112 experienced a traceback on the SNMP module
  • CSCwi51793: Error while trying to push SNMP configuration using API
  • CSCwi52008: Snort3 crash with race conditions
  • CSCwi52188: Filtering the Malware Events table by IP address removes events which should remain in the results.
  • CSCwi53150: Service object-group protocol type mismatch error seen while access-list referencing already
  • CSCwi53431: Unable to Synch more then 100 environment-data with data unit
  • CSCwi53987: SSL protocol settings does not modify the FDM GUI certificate configuration or disable TLSv1.1
  • CSCwi54171: Decryption policy page is empty if user that modified/created policy was deleted.
  • CSCwi54995: 413 Request Entity Too Large error due to cookies added by FMC/Amplitude
  • CSCwi55629: ASA/FTD : Port-channels remain down on Firepower 1010 devices after upgrade
  • CSCwi55842: 7.4 - If policy save in progress deploy might indicate failure for only few devices
  • CSCwi55938: The "show asp drop" command usage requires better updates for cluster-related drops
  • CSCwi56048: Interface fragment queue may get stuck at 2/3 of fragment database size
  • CSCwi56441: Readiness check failed on vFTD during upgrade from 741-172 to 760-1270
  • CSCwi56499: Cut-Through Proxy feature spikes CP CPU with a flood of un-authenticated traffic
  • CSCwi56667: ASA Traceback and reload on Thread Name "fover_parse" on Standby after Failover Group changes
  • CSCwi56733: Internal error when attempting to configure PBR in FMC
  • CSCwi56815: HMS process crash - "interface conversion: interface {} is nil, not map[string]interface {}"
  • CSCwi58754: Blocking SMB traffic with reason "Blocked by the firewall preprocessor"
  • CSCwi59271: Suppress "End of script output before headers" syslog on FXOS
  • CSCwi59525: Multiple lina cores on 7.2.6 KP2110 managed by cdFMC
  • CSCwi59831: ASA/FTD may traceback and reload in Thread Name 'lina'
  • CSCwi59871: High disk usage caused by large write-ahead log in eventdb
  • CSCwi60151: ZTNA: FMC doesn't accept IdP with local domain
  • CSCwi60248: A malicious HTTP sender can use chunk extensions to cause a receiver r
  • CSCwi60256: strongSwan before 5.9.12 has a buffer overflow and possible unauthenti
  • CSCwi60285: ASA/FTD may traceback and reload in Thread Name 'lina'
  • CSCwi60430: CVE-2023-51385 (Medium Sev) In ssh in OpenSSH before 9.6, OS command injection might occur if a us
  • CSCwi61135: Debugs failed to be enabled on SSH session
  • CSCwi62683: The SSH transport protocol with certain OpenSSH extensions, found in ... (CVE-2023-48795)
  • CSCwi62796: ASA/FTD Traceback and reload related to SSL/DTLS traffic processing
  • CSCwi62985: SFDataCorrelator timeout thread deadlock detection core on busy FMC
  • CSCwi63057: Threat Defense Upgrade wizard might incorrectly show clusters/HAs as disabled
  • CSCwi63113: Null pointer dereference in SNMP that results in traceback and reload
  • CSCwi63743: ASA/FTD may traceback and reload in Thread Name "appAgent_monitor_nd_thread" & Rip: _lina_assert.
  • CSCwi64429: MonetDB memory usage grows slowly over time
  • CSCwi64829: traceback and reload around function HA
  • CSCwi64993: Correlation policy not work when condition of the rule is "Intrusion Policy" is XXX
  • CSCwi65116: DHCPv6:ASA traceback on Thread Name: DHCPv6 CLIENT.
  • CSCwi66103: Lina traceback on RAVPN connection after enabling webvpn debug
  • CSCwi66461: WARN msg(speed not compatible, suspended) while creating port-channel on Victoria CE
  • CSCwi66570: The report doesn't include "Default Variables" information after change "Variable Sets" name
  • CSCwi66676: ASA/FTD may traceback and reload in Thread Name 'webvpn_task'
  • CSCwi67510: FMC: Packet-tracer showing a "Interface not supported" error for VLAN interfaces
  • CSCwi67629: Devices might change status to "missing the upgrade package" after Readiness Check is initiated
  • CSCwi67638: FMC configured DAP rule with Azure IDP SAML attributes does not match
  • CSCwi68083: Product Upgrades page: Download action creates a lot of "uninitialized value" error messages in log
  • CSCwi68132: A heap out-of-bounds write vulnerability in the Linux kernel's Perform
  • CSCwi68133: A use-after-free vulnerability in the Linux kernel's ipv4: igmp compon
  • CSCwi68135: A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classifie
  • CSCwi68320: During FMC hardware migration failure encountered due to missing prometheus directories
  • CSCwi68625: Continuous snmpd restarts observed if SNMP host is configured before the IP is configured
  • CSCwi68833: ASA/FTD: Memory leak caused by Failover not freeing dnscrypt key cache due to unsyned umbrella flow
  • CSCwi69091: ASA/FTD may traceback and reload in Thread Name 'lina'
  • CSCwi69260: upgrade of FMC to 7.2.x removes FlexConfig-provided EIGRP authentication from interfaces on FTDs
  • CSCwi70371: Intermittent Packet Losses When VTI Is Sourced From Loopback
  • CSCwi70492: Firewall is in App Sync error in pseudo-standby mode and uses IPs from Active unit
  • CSCwi70940: standard error (stderr) not inserted into restore.log when restoring FMC backups
  • CSCwi71786: Download failed for Available Upgrade Packages
  • CSCwi71998: "Stream: TCP normalization error in NO_TIMESTAMP" is seen when SSL Policy decrypt all is used
  • CSCwi72054: Unable to delete custom DNS Server Group Object post upgrade 7.2.x
  • CSCwi72294: FTD: Improve or optimize LSP package verification logic to run it faster
  • CSCwi74214: ASA/FTD traceback and reload in Thread Name: IKEv2 Daemon when moving from active to standby HA
  • CSCwi75111: Configuring MTU value via CLI does not apply
  • CSCwi75198: Standby FTD experiencing periodic traceback and reload
  • CSCwi76002: Memory exhaustion due to absence of freeing up mechanism for tmatch
  • CSCwi76361: Transparent firewall MAC filter does not capture frames with STP-UplinkFast dst MAC consistently
  • CSCwi76630: FP2100/FP1000: ASA Smart licenses lost after reload
  • CSCwi77415: ASDM connection lost issue is observed in ASAv device due to config issue
  • CSCwi78189: It was discovered that when exec'ing from a non-leader thread, armed P
  • CSCwi78206: A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTL
  • CSCwi78210: An out-of-bounds memory write flaw was found in the Linux kernel\u2019s Tra
  • CSCwi78370: 41xx/93xx : Update CiscoSSH (Chassis Manager FXOS) to address CVE-2023-48795
  • CSCwi78626: tds-cloud-events.json getting updated from both cdFMCs (ftd migration from 1 tenant to another)
  • CSCwi78941: FDM deployment fails with error "Some interfaces have been added to or removed from the device"
  • CSCwi79037: IKEv2 client services is not getting enabled - XML profile is not downloaded
  • CSCwi79042: FTD/Lina traceback and reload of HA pairs, in data path, after adding NAT policy
  • CSCwi79120: some ssh sessions not timing out, leading to ssh and console unable to connect to the FXOS CLI
  • CSCwi79289: FMC: Add logging for PM functions
  • CSCwi79393: Policy Deployment Fails when removing the Umbrella DNS Policy from Security Intelligence
  • CSCwi79538: FMC API Call for Network Object Overrides Returns Different Results for Active vs Standby FW
  • CSCwi79703: Incorrect Timezone Format on FTD When Configured via FXOS
  • CSCwi80979: Snort stripping packet information and injects its packet with 0 bytes data
  • CSCwi81193: singlevar in lparser.c in Lua from (including) 5.4.0 up to 5.4.4
  • CSCwi81195: An issue in the component luaG_runerror of Lua v5.4.4 and below leads to ...
  • CSCwi81503: HTTP/HTTPS detection for application needs to fail it's detection earlier
  • CSCwi82189: ACP page goes blank or error thrown if one of the ACP rules has user created app filter
  • CSCwi82866: MonetDB Monitor triggers for restarting MonetDB based on WAL size are not effective
  • CSCwi84314: ASA CLI hangs with 'show run' on multiple SSH
  • CSCwi84809: Incorrect Variable set in derived policy when derived policy is same as default.
  • CSCwi85277: Upgrade Failed with error "Upgrade failed because of undeployed changes present on the device"
  • CSCwi85689: TLS Server Identify: 'show asp table socket' output shows multiple TLS_TRK entries
  • CSCwi85951: A use-after-free flaw was found in the __ext4_remount in fs/ext4/super
  • CSCwi86036: External Radius authentication fails post upgrade if radius key includes special characters
  • CSCwi86198: SFData correlator keep terminating on FTDs configured for IDS
  • CSCwi87382: Traceback and reload on Primary unit while running debugs over the SSH session
  • CSCwi89447: Every realm sync indicates an access control policy change
  • CSCwi90040: Cisco ASA and FTD Software Command Injection Vulnerability
  • CSCwi90399: FTD/ASA system clock resets to year 2023
  • CSCwi90571: Access to website via Clientless SSL VPN Fails
  • CSCwi90998: ASA SNMP Polling Failure for environmental FXOS DME MIB (.1.3.6.1.4.1.9.9.826.2)
  • CSCwi91588: Heap-use-after-free in Discovery Filter on Snort shutdown
  • CSCwi91602: 7.2 - Deployment doesn't timeout, runs for hours after LSP install
  • CSCwi92875: Check metadata cache size when generating retrospective events
  • CSCwi92914: A flaw was found in the networking subsystem of the Linux kernel withi
  • CSCwi92917: Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulner
  • CSCwi92927: A use-after-free vulnerability in the Linux kernel's netfilter: nf_tab
  • CSCwi95228: "crypto ikev2 limit queue sa_init" resets after reboot
  • CSCwi95708: FTD: Hostname Missing from Syslog Message
  • CSCwi95796: FTD SNMP OID 1.3.6.1.4.1.9.9.109.1.1.1.1.7 always returns 0% for SysProc Average
  • CSCwi95871: SSH/SNMP connections to non-admin contexts fail after software upgrade
  • CSCwi95994: Chromium-based browsers have SSL connection conflicts when FIPS CC is enabled on the firewall.
  • CSCwi97836: ASA traceback and reload after configuring capture on nlp_int_tap and deleting context
  • CSCwi97839: FTD traceback assert in vni_idb_get_mode and reloaded
  • CSCwi98147: Tomcat restarts in the middle of the LTP flow due to certificate update
  • CSCwi98284: Cisco ASA and FTD Software Persistent Local Code Execution Vulnerability
  • CSCwi99429: Policy deployment failure rollback didnt reconfigure the FTD devices
  • CSCwj00659: FMC: Multiple Email address in Email Alert not working
  • CSCwj00956: Snort process spamming syslog-ng messages so our on KP platform syslog-ng is being killed
  • CSCwj02259: Backup failures needs to be displayed with the correct state on GUI
  • CSCwj02505: ASA Checkheaps traceback while entering same engineID twice
  • CSCwj02708: Backup generation on FDM fails with the error "Unable to backup Legacy data."
  • CSCwj03112: pmtool restart of monetdb fails to bring up monetdb, too many files in monetdb Volume directory
  • CSCwj03253: SFDataCorrelator creates huge numbers of to_import files when MonetDB table partition creation fails
  • CSCwj03285: FMC : Health Monitor Alert is not properly issued regarding disk usage
  • CSCwj03348: vFMC25 OCI to vFMC300 OCI migration failed 'Migration from Y to a is not allowed.'
  • CSCwj03764: In Spoke dual ISP case if ISP2 is down, VTI tunnels related to ISP1 flapping.
  • CSCwj05151: ASA/FTD may traceback and reload in Thread Name DATAPATH due to GTP Spin Lock Assertion
  • CSCwj05464: FMC Server Certificate shows Only First 20 Objects
  • CSCwj05484: ASA upgrade from 9.16 to 9.18 causing change in AAA ldap attribute values by adding extra slash ''
  • CSCwj06197: "pmtool restartbyid " should give some indication of error
  • CSCwj07837: Deployment failure due to exceeding logging event list name size
  • CSCwj08073: libuv is a multi-platform support library with a focus on asynchronous
  • CSCwj08083: An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.1
  • CSCwj08203: FMC: fireamp generating too many logs
  • CSCwj08302: FTD: HostScan scanning results not processed in version 7.4.1
  • CSCwj08822: cdFMC Multiple health monitor widgets throwing Error while fetching data
  • CSCwj09110: Upload files through Clientless portal is not working as expected after the ASA upgrade
  • CSCwj09373: BBManager text based search - lucene
  • CSCwj09613: User not entitled for packet captures, is still able to open it from the Device Management
  • CSCwj09938: Unable to remove suppression from snort3 rule once added
  • CSCwj09999: FP 3100 MTU change on management interface is NOT persistent across reboots (returns to default MTU)
  • CSCwj10009: In Snort 3 policy editor, selecting a Rule Action of \u201cRule Action\u201d causes UI to spin indefinitely
  • CSCwj10451: The secondary device reloaded while rebooting the primary device.
  • CSCwj10955: Cisco ASA and FTD Software Web Services Denial of Service Vulnerability
  • CSCwj12131: Bailout when lina_io_write fails persistent with EPIPE errno.
  • CSCwj12168: Never expiring machine user not logged out at various places
  • CSCwj12173: Policy cache cleanup thread should cleanup any cache that is left open for a logged out session
  • CSCwj13910: Crypto IPSEC SA Output Showing NO SA ERROR With IPSEC Offload Enabled
  • CSCwj14492: fpr1k/2k/3k/4200:Need ability to configure SSH public key auth without using root shell
  • CSCwj14614: FMC: Upgrade fails at "800_post/991_update_scheduled_tasks.pl"
  • CSCwj14832: SAML: Single sign-on AnyConnect token verification failure is seen after successful authentication
  • CSCwj15821: Page getting expaned while getting continuous task notifications
  • CSCwj16119: FP2110: When Leaving On-Box (FDM) Mode Platform API Fails
  • CSCwj16633: Issues with FMC Deployment preview (Advanced Preview)
  • CSCwj17677: PM restart needs to be blocked or warned the user that it may go for reboot
  • CSCwj17852: FMC - Inheritance Settings Select Base Policy Menu disappears while scrolling using Light or Dusk UI
  • CSCwj19236: In Object page able to delete and create system provided object
  • CSCwj19252: Object optimisation gets disabled on FMC if next deployment is after two hours
  • CSCwj19653: FTD - Trace back and reload due to NAT involving fqdn objects
  • CSCwj20067: ASA: Warning messages not displayed when Static interface NAT are configured
  • CSCwj20118: FTDv reloads and generate backtrace after push EIGRP config
  • CSCwj21880: FTD with Interface object optimization enabled is blocking traffic after renaming of zone names
  • CSCwj22086: Active unit goes to disabled state when there is a mismatch in firewall mode
  • CSCwj22235: Lina traceback and reload due to mps_hash_memory pointing to null hash table
  • CSCwj22990: After upgrading the ASA, \u201cSlot 1: ATA Compact Flash memory\u201d shows a ditterent value
  • CSCwj23192: extra file check is not reporting with pmtool SecureLSP lsp-rel-xxx command
  • CSCwj24517: LSP Deployment fails in multi instance FP 41xx / 93xx
  • CSCwj24573: Rabbitmq queues on FMC vHost may not be cleaned up after element removal
  • CSCwj25066: CCM ID 68 - LTS21 - CISCO_LTS21_R2160 release branch
  • CSCwj25975: FTD/ASA : CSR generation with comma between \u201cCompany Name\u201d attribute does not work expected
  • CSCwj26627: FMC shows a non-User-Friendly Error during a Policy Deployment failure due to snapshot failure
  • CSCwj27112: Rest API '/devices/devicerecords' is returning mismatch of values for (RA VPN) policy object id
  • CSCwj28049: Identity Mapping Filter field gets updated with newly created network objects.
  • CSCwj28153: Lina contains outdated libexpat source code
  • CSCwj28437: Snort3: SQL traffic failure after upgrade due to large invalid sequence numbers and invalid ACKs
  • CSCwj29351: Health Policy Configuration - Unable to remove device from the policy
  • CSCwj30825: SFDataCorrelator memory leak after unregistering an active device
  • CSCwj30962: 3140 3 MI instances upgrade failed
  • CSCwj30980: Addition of debugs & a show command to capture the ID usage in the CTS SXP flow.
  • CSCwj31816: TLS Secure Client sessions cannot be established on ASA 9.19 and 9.20
  • CSCwj32035: Clientless VPN users are unable to reach pages with HTTP Basic Authentication
  • CSCwj33487: ASA/FTD may traceback and reload while handling DTLS traffic
  • CSCwj33503: Snort3 event PCAPs contain only header data when decrypting HTTP/2
  • CSCwj33580: IKEv2 tunnels flap due to fragmentation and throttling caused by multiple ciphers/proposal
  • CSCwj33891: ASA/FTD Cluster memory exhaustion caused by NAT process during release of port blocks allocations
  • CSCwj34881: Command to show counters for access-policy filtered with a source IP address gives incorrect result
  • CSCwj34975: Multiple context interfaces fail to pass traffic
  • CSCwj36559: rsync is not happening to standby unit when perform oob changes in active unit.
  • CSCwj38871: ASA traceback with thread name SSH
  • CSCwj38928: High latency observed on FPR3120
  • CSCwj39107: SFDataCorrelator memory growth when pruning a huge number of old service identities
  • CSCwj39984: Unable to approve ticket due to monitored int in HA and getting Error to contact Cisco Support.
  • CSCwj40124: FMC 7.3 Deployment failed due to OOM in PBR Configuration
  • CSCwj40597: Backups fail on multi-instance with error "Backup died unexpectedly"
  • CSCwj40665: Additional memory tracking in SFDataCorrelator
  • CSCwj40761: ASA/FTD may traceback in Threadname: CTM KC FPGA stats handler
  • CSCwj41427: FTD-HA creation is failing because FMC takes longer time to save overrides.
  • CSCwj41916: FTD-HA upgrade fails to start - Configuration is out of sync between active and standby
  • CSCwj42025: CCM ID LTS21-100 with RCPL21 update
  • CSCwj43345: SNMP poll for some OIDs may cause CPU hogs and high latency can be observed for ICMP packets
  • CSCwj44398: when set the route-map in route RIP on FTD, routes update is not working after FTD reload
  • CSCwj48308: Stale Health Alerts seen on the UMS after model migration
  • CSCwj48704: ASA traceback and reload when accessing file system from ASDM
  • CSCwj48754: SFDataCorrelator high memory usage when restart with large network map hosts
  • CSCwj48801: 4200s have high UDP latency at low packet rates.
  • CSCwj49958: Crypto IPSEC Negotiation Failing At "Failed to compute a hash value"
  • CSCwj50064: SSE connection events, FirewallRuleList field is not sent in proper format
  • CSCwj50406: All IPV6 BGP routes configured in device flapping
  • CSCwj50557: Snort creating too many snort-unified log files when frequent policy deploys
  • CSCwj50603: Large write-ahead log may leave monetdb in disabled state
  • CSCwj51115: FMC backup remote server copy to Solar Winds remote server failing after upgrading to 7.x versions.
  • CSCwj54717: Radius secret key of over 14 characters for external authentication does not get deployed (FPR3100)
  • CSCwj55036: ASA/FTD: A delay in an async crypto command induces a traceback and subsequently a reload.
  • CSCwj55081: FPR3K loses connectivity to FMC via mgmt data interface on reboot of FPR3K
  • CSCwj56639: FDM1010E 7.4.1 unable to register to SA, getting "Invalid entitlement tag"
  • CSCwj56668: False positive ISE bulk download alert error seen on FMC
  • CSCwj58431: FMC REST API not sending 'deploymentStatus' Attribute
  • CSCwj59861: ASA/FTD may traceback and reload in Thread Name 'lina' due to SCP/SSH process
  • CSCwj59981: FMC only accepts a maximum of 30 characters for shared secret key when connecting to RADIUS server
  • CSCwj60265: ASA/FTD may traceback and reload in Thread Name 'DATAPATH-1-16803'
  • CSCwj62723: Error message spammed to console on Firepower 2100 devices while enabling SSH config
  • CSCwj62984: Snort3: MSSQL query traffic corrupted by stream_tcp overlap handling causing SQL HY000
  • CSCwj66339: OGO changing the order of custom object group contents causing an outage at static NAT
  • CSCwj66537: Snort3 crashes due to processing pdf tokenizer with no limits.
  • CSCwj66923: cdFMC : Support for new regions in Aus and India
  • CSCwj67600: Autodeployment failing on cdFMC v20240307 when onboarding a 1010 v7.2.5
  • CSCwj67787: New User activity page does not load because the VPN bytes in and out are long.
  • CSCwj68096: Console Access Stuck for ASAv hosted in CSP after Upgrade to 9.18.3.56
  • CSCwj68783: FTD/ASA-HA configs not in sync as the command sync process is sending configs with special chars
  • CSCwj69632: Default Hashing Algorithm is SHA1 for Firepower Chassis Manager Certificate on 4110
  • CSCwj71064: Snort dropping connections with reason blocked or blacklisted by the firewall preprocessor
  • CSCwj72683: ASA - Bookmarks on the WebVPN portal are unreachable after successful login.
  • CSCwj73053: ASA may traceback and reload in Thread Name 'DATAPATH-21-16432'
  • CSCwj73061: SNMP OID for CPUTotal1min omits snort cpu cores entries when polled
  • CSCwj77700: FTD LINA Traceback and Reload idfw_proc Thread
  • CSCwj79481: Deployment fails on FTD HA while doing LINA ONLY DEPLOYMENT
  • CSCwj79736: eStreamer memory leak when the FMC receives events from CDO-managed FTDs
  • CSCwj80324: Access rule getting pushed with "deny tcp any any" on snort
  • CSCwj82127: IP-SGT mappings on Lina-side are not being removed, when FMC pxGrid connection is disabled
  • CSCwj82285: ASA/FTD may traceback and reload in Thread Name 'sdi_work'
  • CSCwj85333: FPR might drop TLS1.3 connections when hybridized kyber cipher is enabled in web browser
  • CSCwj86116: High LINA CPU observed due to NetFlow configuration
  • CSCwj88925: net-snmp provides various tools relating to the Simple Network Managem
  • CSCwj88928: net-snmp provides various tools relating to the Simple Network Managem
  • CSCwj88929: net-snmp provides various tools relating to the Simple Network Managem
  • CSCwj88930: net-snmp provides various tools relating to the Simple Network Managem
  • CSCwj88931: net-snmp provides various tools relating to the Simple Network Managem
  • CSCwj88932: net-snmp provides various tools relating to the Simple Network Managem
  • CSCwj89126: HTTP Response splitting in multiple modules in Apache HTTP Server allows
  • CSCwj89264: FTD HA: Traceback and reload in netsnmp_oid_compare_ll
  • CSCwj92784: RAVPN: Failure to create SGT-IP mapping due to ID table exhaustion
  • CSCwj93921: ASA after upgrade to 9.18.4.24 not able to save config with error: "Configuration line too long"
  • CSCwj95590: Browser redirects to logon page when the user clicks the WebVPN bookmark
  • CSCwj98451: FMC got deregistered from Smart License after upgrade
  • CSCwk00628: Captive portal returns bad request for snort 2 for FMC 7.4.x , FTD version < 7.4
  • CSCwk02928: ASA/FTD may traceback and reload in Thread Name PTHREAD
  • CSCwk04492: ASA CLI hangs with 'show run' with multiple ssh sessions
  • CSCwk05851: "set ip next-hop" line deleted from config at reload if IP address is ma
  • CSCwk07934: Clock skew between FXOS and Lina causes SAML assertion processing failure
  • CSCwk08576: command to print the debug menu setting of service worker
  • CSCwk12065: LSP downloads are not using the Web proxy, when configured.
  • CSCwk12673: TCP Session Interrupted if Keep-Alive with 1 Byte is Received
  • CSCwk33634: TLS Client Hello packet is dropped by snort
  • CSCwk44366: cdFMC Fails to configure-geneve-encapsulation on interface
  • CSCwk62296: Address SSP OpenSSH regreSSHion vulnerability
  • CSCwk62297: Evaluation of ssp for OpenSSH regreSSHion vulnerability
  • CSCwk66252: It was discovered that a nft object or expression could reference a nf
  • CSCwk66253: An out-of-bounds access vulnerability involving netfilter was reported

下载地址

Secure Firewall Threat Defense Virtual Release 7.4.1 (include 7.4.2 release)

Firepower Threat Defense (FTD) Software:

File Information Filename Release Date Size
Firepower Threat Defense upgrade (Do not untar) Cisco_FTD_Upgrade-7.4.1-172.sh.REL.tar 13-Dec-2023 1251.67 MB
FTDv: KVM install package Cisco_Secure_Firewall_Threat_Defense_Virtual-7.4.1-172.qcow2 13-Dec-2023 1314.50 MB
FTDv: VMware install package for ESXi 6.5, 6.7, or 7.0 Cisco_Secure_Firewall_Threat_Defense_Virtual-7.4.1-172.tar.gz 13-Dec-2023 1297.34 MB

更多:Cisco 产品下载链接汇总

更多:Firewall 产品链接汇总

posted @ 2024-08-13 09:05  sysin  阅读(163)  评论(0编辑  收藏  举报