Cisco Secure Firewall Threat Defense Virtual 7.4.2 - 思科下一代防火墙软件

sysin.org

于 2024-08-21 08:45:00 发布

阅读量899

点赞数 11

分类专栏： CiSCO 文章标签： Cisco Firepower FTD FTDv 防火墙

本文链接：https://blog.csdn.net/netgc/article/details/141281854

版权

CiSCO 专栏收录该内容

188 篇文章 9 订阅

订阅专栏

Cisco Secure Firewall Threat Defense Virtual 7.4.2 - 思科下一代防火墙软件

Firepower Threat Defense (FTD) Software

请访问原文链接：https://sysin.org/blog/cisco-firepower-7/，查看最新版。原创作品，转载请保留出处。

为什么选择 Cisco Secure 防火墙？

Cisco Secure 防火墙为行业最完善和开放的安全平台提供基础支持。

世界一流的安全控制

保护网络免受日益复杂的威胁入侵，需要业界领先的情报和始终如一、无处不在的保护。借助 Cisco Secure 防火墙，立即改善安全状况。

新增功能

Resolved Bugs in Version 7.4.2

Table last updated: 2024-07-31

Bug ID: Headline
CSCvk60075: FMC HA synchronisation task failures should generate alarms
CSCvx37329: Remove Syslog Messages 852001 and 852002 in Firewall Threat Defense
CSCwb02701: FXOS does not retry NTP sync with servers
CSCwb03293: IKEv2 debugs: Received Policies and Expected Policies are empty
CSCwc28334: Cisco ASA and FTD Software RSA Private Key Leak Vulnerability
CSCwc31953: Prevention of RSA private key leaks regardless of root cause.
CSCwc33025: mgmt interface taking long time to come up and causing cluster registration issues
CSCwc70142: Deleting a routed mode Etherchannel interface changes member interfaces to switch port mode
CSCwc73773: FMC 7.0.2 Deployment error message is irrelevant | Deployment Failed due to configuration error
CSCwc76419: Unnecessary FAN error logs needs to be removed from thermal file
CSCwd39442: ssl policy errors: Unable to get server certificate’s internal cached status
CSCwd67100: ASA traceback and reload on Datapath process
CSCwd80492: Device Management Applied Policies Widget Defaulting to classic theme when editting
CSCwe02012: ASA/FTD may traceback and reload in Thread Name ‘lina’
CSCwe11124: ENH: Combine firmware bundle packages into FXOS MIO update packages
CSCwe18462: ASA/FTD: Improve GTP Inspection Logging
CSCwe18467: ASA/FTD: GTP Inspection engine serviceability
CSCwe42986: Classic and Unified Events should handle cases when SMC is unreachable
CSCwe47485: FTD: CLISH slowness due to command execution locking LINA prompt
CSCwe79990: Cisco-Intelligence-Feed - Failed to download due to timeout
CSCwe86964: Consul and Consul Enterprise allowed an authenticated user with service:
CSCwe91008: Snort3 is crashing frequently on cd_pdts.so
CSCwe93925: Deployment fails to FTD when reusing/reassigning existing vlan id to diff interface
CSCwe96560: Cannot copy rules from one policy to another policy using the new AC policy UI
CSCwe97939: ASA/FTD Cluster: Change “cluster replication delay” with max value increase from 15 to 50 sec
CSCwf01954: FTD: ADI.conf - send_s2s_vpn_events is set to 0, even after applying s2s vpn health policy
CSCwf16001: HashiCorp Vault’s implementation of Shamir’s secret sharing used precomp
CSCwf17314: FMC deploy logs rotating faster because of /internal_rest_api/accesscontrol/rapplicationsavailable
CSCwf26599: Error loading data in NAT page - When unused port object is used
CSCwf27458: AC policy change is not reflected in instance page on edit
CSCwf39108: Firewall rings may get stuck and cause packet loss when asp load-balance per-packet auto is used
CSCwf47646: show version system prints errors about PM_Control.sock
CSCwf59529: Identity Policy Active auth snort3 redirect hostname doesn’t list all FQDN objects\u0009
CSCwf61280: Failing to dowload FTD image via SAML SSO login
CSCwf75694: ASA - The GTP inspection dropped the message ‘Delete PDP Context Response’ due to an invalid TEID=0
CSCwf84318: ASA/FTD traceback and reload on thread DATAPATH
CSCwf99303: Management UI presents self-signed cert rather than custom CA signed one after upgrade
CSCwh12120: Incorrect exit interface choose for VTI traffic next-hop
CSCwh16759: SNMP is not working on the primary active ASA unit in multi-context environment
CSCwh19613: ASA crashed with Saml scenarios
CSCwh22888: FXOS: Remove enforcement of blades going into degraded state after multiple DIMM correctable errors
CSCwh29276: ASA: Traceback and reload when switching from single to multiple mode
CSCwh30257: snort3 crashes observed due to memory corruption in file api
CSCwh30346: ASA/FTD: 1 Second failover delay for each NLP NAT rule
CSCwh34836: Getting an exception on the UI while editing and saving the intrusion policy
CSCwh41606: Extensive logging for a problematic deployment caused logs to rollover important logs
CSCwh43230: Strong Encryption license is not getting applied to ASA firewalls in HA.
CSCwh43945: FTD/ASA traceback and reload may occur when ssl packet debugs are enabled
CSCwh46657: Save button disabled when updating ZTNA policy
CSCwh47053: ASA/FTD may traceback and reload in Thread Name ‘dns_cache_timer’
CSCwh47732: Vulnerabilities in linux-kernel 5.10.79 CVE-2023-3111 and others
CSCwh51872: Message asa_log_client exited 1 time(s) seen multiple times
CSCwh57814: The html/template package does not apply the proper rules for handling o
CSCwh57976: Improve CPU utilization in ssl inspection for supported signature algorithm handling
CSCwh58190: FMC Deployment failure in csm_snapshot_error
CSCwh58467: ASA does not sent ‘warmstart’ snmp trap
CSCwh58490: FMC Deployment failed due to internal errors after upgrade
CSCwh60504: LINA would randomly generate a traceback and reload on FPR-1K
CSCwh60971: NAT pool is not working properly despite is not reaching the 32k object ID limit.
CSCwh61832: FDM: Allow turn on/off GSP mempool polling via Flexconfig
CSCwh62731: FTD Upgrade from 6.6.5 to 7.2.5 removing OGS causing rule expansion on boot
CSCwh65128: LINA show tech-support fails to generate as part of sf_troubleshoot.pl (Troubleshoot file)
CSCwh68068: Firepower WCCP router-id changes randomly when VRFs are configured
CSCwh69843: WM DT - ASA in transparent mode doesn’t send equal IPv6 Router Advertisement packets to all nodes
CSCwh71235: A flaw was found in QEMU. The async nature of hot-unplug enables a rac
CSCwh71611: ENH: FMC - Ability to Filter Security Zone in Interface Drop Down Selection
CSCwh71665: ASA traceback under match_partial_keyword during CPU profiling
CSCwh72070: Reload takes forever when reload command is issued on the lina prompt when devices are on HA
CSCwh75829: FMC Primary disk degraded error
CSCwh75927: In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a
CSCwh79546: No error message is given when deleting object referred in new object created in another ticket
CSCwh83021: ASA/FTD HA pair EIGRP routes getting flushed after failover
CSCwh83254: ASA/FTD: Traceback and reload on thread name CP Crypto Result Processing
CSCwh83854: Cannot configure Correlation rule because there are no values for GID that exceed 2000
CSCwh84376: In FPR4200/FPR3100-cluster observed core file ?core.lina? observed on device reboot.
CSCwh84610: Disconnecting RA VPN users from the FMC gui fails.
CSCwh84647: Backup restore: silent failure when the device managed locally
CSCwh87058: FTD: Internal certificate generation results to certificate and private key mismatch
CSCwh88150: Need ability to configure SSH public key auth without using root shell
CSCwh89835: FMC plain-text passwords for radius server and certificate passphrase
CSCwh91574: FTD: Traceback in threadname cli_xml_request_process
CSCwh92345: crypto_archive file generated after the software upgrade.
CSCwh92541: Random FTD snort3 traceback
CSCwh93710: Last Rule hit shows a hex value ahead of current time in ASA and ASDM
CSCwh94201: An issue was discovered in drivers/net/ethernet/intel/igb/igb_main.c i
CSCwh95003: Init process spikes to 100% CPU usage after a failed backup
CSCwh95010: Unexpected traceback on thread name Lina and device experienced reboot
CSCwh95025: GTP connections, under certain circumstances do not get cleared on issuing clear conn.
CSCwh95443: Datapath hogs causing clustering units to get kicked out of the cluster
CSCwh96055: Management DNS Servers may be unreacheable if data interface is used as the gateway
CSCwh99331: syslog not generated “ASA-3-202010: NAT pool exhausted” while passing traffic from iLinux to oLinux
CSCwh99398: ASA/FTD may traceback and reload in Thread Name ‘DATAPATH-34-17852’
CSCwi01073: Event search with URL object ${example} is displaying no results
CSCwi01085: FTD VMWare tracebacks at PTHREAD-3587
CSCwi01381: ASA/FTD may traceback and reload in Thread Name ‘lina’
CSCwi01895: Connection drops during file transfers due to HeartBeat failures
CSCwi01981: Thirty-day automatic upgrade revert-info deletion is not resilient to communication failures
CSCwi02039: FMC clean_revert_backup script fails silently without creating any logs
CSCwi02134: FTD sends multiple replicated NetFlow records for the same flow event
CSCwi02599: SSX Eventing continues to go to old tenant upon FTD migration to CDO.
CSCwi02754: FTD 1120 standby sudden reboot
CSCwi02919: SNMP Unresponsive when snmp-server host specified
CSCwi03407: Traceback on FP2140 without any trigger point.
CSCwi04021: Daily Change Reconciliation Report Randomly Generating Reports with the same time periods
CSCwi04351: FTD upgrade failling on script 999_finish/999_zz_install_bundle.sh
CSCwi06690: Certificate Encoding Issue when using AnyConnect cert Authentication/Authorisation
CSCwi06797: ASA/FTD traceback and reload on thread DATAPATH
CSCwi08374: FMC backup fails with “Registration Blocking” failure caused by DCCSM issues
CSCwi11520: FTD OSPFV3 IPV6 Routing: FTD is sending unsupported extended LSA request to neighbor routers
CSCwi12388: HTTP/2 Rapid Reset Attack Affecting Cisco Products: October 2023 - Golang
CSCwi12772: ASA cluster traceback Thread Name: DATAPATH-8-17824
CSCwi13062: Debug messages seen on console on executing show tech-support fprm detail
CSCwi13134: Hardware bypass not working as expected in FP3140
CSCwi13223: Source of the VTI interface is getting empty
CSCwi15409: ASA/FTD - may traceback and reload in Thread Name ‘Unicorn Proxy Thread’
CSCwi15595: ASA traceback and reload during ACL configuration modification
CSCwi16034: FMC does not generate email health notifications for Database Integrity Check failures.
CSCwi17193: CP Session Handling for per site auth is inaccurate for Cluster break and join scenarios
CSCwi17496: Error Text is repeated twice for Interface config if pool range is less than Cluster Nodes plus 1
CSCwi18581: Firewall traceback and reload due to SSH thread
CSCwi18663: FMC-4600: Pre-Filter policy is showing as none
CSCwi19015: ASA/FTD may traceback and reload in Thread Name ‘DATAPATH-13-6022’
CSCwi19485: Fail open snort-down is off in inline pairs despite it being enabled and deployed from FMC
CSCwi19849: VPN load-balancing cluster encryption using Phase 2 deprecated ciphers
CSCwi20045: ASA/FTD may traceback and reload in Thread Name ‘lina’ due to a watchdog in 9.16.3.23 code
CSCwi20848: ASA/FTD high memory usage due to SNMP caused by RAVPN OID polling
CSCwi20955: FTD with may traceback in data-path during deployment when enabling TAP mode
CSCwi21625: FailSafe admin password is not properly sync’d with system context enable pw
CSCwi23545: HA CP clients statistics doesn’t show actual Tx/Rx and Reliable Tx/Rx
CSCwi23964: Python 3.x through 3.10 has an open redirection vulnerability in lib/h
CSCwi24004: Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.Th
CSCwi24021: An issue was discovered in the Linux kernel before 6.5.9, exploitable
CSCwi24027: A use-after-free vulnerability was found in drivers/nvme/target/tcp.c`
CSCwi24032: A heap out-of-bounds write vulnerability in the Linux kernel’s Linux K
CSCwi24368: Standby manager addition is failed on Primary FMC due to previous entries in table
CSCwi24370: Stale HA transactions need to be moved to failed and subsequent HA transaction needs to be created
CSCwi24461: Device/port-channel goes down with a core generated for portmanager
CSCwi24814: In FIPS mode, External auth with TLS config enabled, CLI logins are not working (FMC & FTDs)
CSCwi25842: FMC Analysis Vulnerabilities error “Unable to process this query. Please try the query again.”
CSCwi26064: ASA : Modifying a route-map in one context affects other contexts
CSCwi26895: ASA SNMP OID cpmCPUTotalPhysicalIndex returning zero values instead of CPU index values
CSCwi27338: Stale asp entry for TCP 443 remains on standby after changing default port
CSCwi28645: User assigned to a read only custom role is not able to view content of intrusion policy for snort2
CSCwi29538: EIGRP migration failed using ‘FlexConfig Policiies’ script failed generating database corruption
CSCwi29934: Cisco FXOS Software Link Layer Discovery Protocol Denial of Service Vulnerability
CSCwi30843: Error Fetching Data in Exclude Policy Page when non permanent exclude periods are selected
CSCwi31008: Deployment stuck on FMC when device goes down during deploy and doesn’t boot up
CSCwi31480: Alert: Decommission failed, reason: Internal error is not cleared from FCM or CLI after acknowledge
CSCwi31558: file-extracts.logs are not recognised by the diskmanager leading to High disk space
CSCwi31563: cdFMC: Table View of Rule Update Import Log UI is throwing error, unable to check SRU update log
CSCwi31766: PSU fan shows critical in show environment output while operating normally
CSCwi31966: FTD ADI debugs may show incorrect server_group and/or realm_id for SAML-authenticated sessions
CSCwi32063: ASA/FTD: SSL VPN Second Factor Fields Disappear
CSCwi32759: Username-from-certificate secondary attribute is not extracted if the first attribute is missing
CSCwi33710: ipv6 table flush exception when cli_firstboot installs bootstrap configuration multi instance
CSCwi34125: ASA: Snmpwalk shows “No Such Instance” for the OID ceSensorExtThresholdValue
CSCwi34323: After importing AC policy, Realm is not present in UI causing validation error for Azure AD users
CSCwi34719: Unable to SSH into FTD device using External authentication with Radius
CSCwi34730: tls website decryption breaks with ERR_HTTP2_PROTOCOL_ERROR
CSCwi35079: FTD Upgrade logs should contain the certificate name or files
CSCwi35267: TLS1.3: core decode points to tls_trk_try_switch_to_bypass_aux()
CSCwi36311: use kill tree function in SMA instead of SIGTERM
CSCwi36843: Detailed logging related to reason behind sub-interfce admin state change during operations
CSCwi38061: ASA/FTD traceback and reload due to file descriptor limit being exceeded
CSCwi38425: Health Monitor Alerts set in Global are not sending alert from devices assigned in leaf domain
CSCwi38440: Hostnames are replaced with IP addresses in alert email content
CSCwi38449: Module name displayed in the alert got changed and it is differ from the one set in FMC
CSCwi38662: FTD HA should not be created partially on FMC
CSCwi38708: FDM deployment failure
CSCwi38957: Policy Apply failed moving from FDM to FMC
CSCwi40193: Hairpinning of DCE/RPC traffic during the suboptimal lookup
CSCwi40302: Deployment fails on new AWS FTDv device with “no username admin”
CSCwi40487: FTD HA Failure after SNORT crash.
CSCwi40536: ASA/FTD: Traceback and reload when running show tech and under High Memory utilization condition
CSCwi40674: Umbrella Profile and others cleared incorrectly when editing group policy in the UI
CSCwi41666: MonetDB startup enhancement to clean up large files
CSCwi42295: Radius traffic not passing after ASA upgrade 9.18.2 and above version.
CSCwi42962: installing GeoDB country code package update to FMC does not automatically push updates to FTDs
CSCwi42992: ASA/FTD may traceback and reload in Thread Name IKEv2 Daemon
CSCwi43240: Deployment fails if Network Discovery policy reference is missing from FMC Database
CSCwi43492: ASA traceback and reload on Thread Name: DATAPATH
CSCwi43782: GTP inspection dropping packets with IE 152 due to header length being invalid for IE type 152
CSCwi44007: FMC Validation failure for large object range and success for object network in NAT64
CSCwi44208: low memory/stress causing traceback in SNMP
CSCwi45408: Monetdb having 14GB of unknown BAT data causing “High unmanaged disk usage on /Volume”
CSCwi45630: Snort3 traceback with fqdn traffics
CSCwi45878: ASA/FTD: DNS Load Balancing with SAML does not work with VPN Load Balancing
CSCwi46010: ASA/FTD: Cluster incorrectly generating syslog 202010 for invalid packets destined to PAT IP
CSCwi46023: FTD drops double tagged BPDUs.
CSCwi46163: Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.
CSCwi46641: FTDv may traceback and reload in Thread Name ‘PTHREAD-3744’ when changing interface status
CSCwi46676: API:/operational/commands not working as swagger indicate
CSCwi47029: “Update file is corrupted” for “Download Latest Cisco Firepower Geolocation Database Update.” in FMC
CSCwi48699: ASA traceback and reload on Thread Name: pix_flash_config_thread
CSCwi49076: Sftunnel DEBUG level not logged on FMC/FTD after running DEBUG script
CSCwi49128: Update logs - SSP object serialization during HA
CSCwi49360: A flaw was found in the 9p passthrough filesystem (9pfs) implementatio
CSCwi49506: Before Go 1.20, the RSA based TLS key exchanges used the math/big libr
CSCwi49770: ASA|FTD Traceback & reload in thread name Datapath
CSCwi49797: Event Searching with Objects and Networks Leads to only showing events matching Objects
CSCwi49829: Threat Defense Service Policy - Reset Connection Upon Timeout not working
CSCwi50343: Their standalone FTD running 7.2.2 on FPR-4112 experienced a traceback on the SNMP module
CSCwi51793: Error while trying to push SNMP configuration using API
CSCwi52008: Snort3 crash with race conditions
CSCwi52188: Filtering the Malware Events table by IP address removes events which should remain in the results.
CSCwi53150: Service object-group protocol type mismatch error seen while access-list referencing already
CSCwi53431: Unable to Synch more then 100 environment-data with data unit
CSCwi53987: SSL protocol settings does not modify the FDM GUI certificate configuration or disable TLSv1.1
CSCwi54171: Decryption policy page is empty if user that modified/created policy was deleted.
CSCwi54995: 413 Request Entity Too Large error due to cookies added by FMC/Amplitude
CSCwi55629: ASA/FTD : Port-channels remain down on Firepower 1010 devices after upgrade
CSCwi55842: 7.4 - If policy save in progress deploy might indicate failure for only few devices
CSCwi55938: The “show asp drop” command usage requires better updates for cluster-related drops
CSCwi56048: Interface fragment queue may get stuck at 2/3 of fragment database size
CSCwi56441: Readiness check failed on vFTD during upgrade from 741-172 to 760-1270
CSCwi56499: Cut-Through Proxy feature spikes CP CPU with a flood of un-authenticated traffic
CSCwi56667: ASA Traceback and reload on Thread Name “fover_parse” on Standby after Failover Group changes
CSCwi56733: Internal error when attempting to configure PBR in FMC
CSCwi56815: HMS process crash - “interface conversion: interface {} is nil, not map[string]interface {}”
CSCwi58754: Blocking SMB traffic with reason “Blocked by the firewall preprocessor”
CSCwi59271: Suppress “End of script output before headers” syslog on FXOS
CSCwi59525: Multiple lina cores on 7.2.6 KP2110 managed by cdFMC
CSCwi59831: ASA/FTD may traceback and reload in Thread Name ‘lina’
CSCwi59871: High disk usage caused by large write-ahead log in eventdb
CSCwi60151: ZTNA: FMC doesn’t accept IdP with local domain
CSCwi60248: A malicious HTTP sender can use chunk extensions to cause a receiver r
CSCwi60256: strongSwan before 5.9.12 has a buffer overflow and possible unauthenti
CSCwi60285: ASA/FTD may traceback and reload in Thread Name ‘lina’
CSCwi60430: CVE-2023-51385 (Medium Sev) In ssh in OpenSSH before 9.6, OS command injection might occur if a us
CSCwi61135: Debugs failed to be enabled on SSH session
CSCwi62683: The SSH transport protocol with certain OpenSSH extensions, found in … (CVE-2023-48795)
CSCwi62796: ASA/FTD Traceback and reload related to SSL/DTLS traffic processing
CSCwi62985: SFDataCorrelator timeout thread deadlock detection core on busy FMC
CSCwi63057: Threat Defense Upgrade wizard might incorrectly show clusters/HAs as disabled
CSCwi63113: Null pointer dereference in SNMP that results in traceback and reload
CSCwi63743: ASA/FTD may traceback and reload in Thread Name “appAgent_monitor_nd_thread” & Rip: _lina_assert.
CSCwi64429: MonetDB memory usage grows slowly over time
CSCwi64829: traceback and reload around function HA
CSCwi64993: Correlation policy not work when condition of the rule is “Intrusion Policy” is XXX
CSCwi65116: DHCPv6:ASA traceback on Thread Name: DHCPv6 CLIENT.
CSCwi66103: Lina traceback on RAVPN connection after enabling webvpn debug
CSCwi66461: WARN msg(speed not compatible, suspended) while creating port-channel on Victoria CE
CSCwi66570: The report doesn’t include “Default Variables” information after change “Variable Sets” name
CSCwi66676: ASA/FTD may traceback and reload in Thread Name ‘webvpn_task’
CSCwi67510: FMC: Packet-tracer showing a “Interface not supported” error for VLAN interfaces
CSCwi67629: Devices might change status to “missing the upgrade package” after Readiness Check is initiated
CSCwi67638: FMC configured DAP rule with Azure IDP SAML attributes does not match
CSCwi68083: Product Upgrades page: Download action creates a lot of “uninitialized value” error messages in log
CSCwi68132: A heap out-of-bounds write vulnerability in the Linux kernel’s Perform
CSCwi68133: A use-after-free vulnerability in the Linux kernel’s ipv4: igmp compon
CSCwi68135: A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classifie
CSCwi68320: During FMC hardware migration failure encountered due to missing prometheus directories
CSCwi68625: Continuous snmpd restarts observed if SNMP host is configured before the IP is configured
CSCwi68833: ASA/FTD: Memory leak caused by Failover not freeing dnscrypt key cache due to unsyned umbrella flow
CSCwi69091: ASA/FTD may traceback and reload in Thread Name ‘lina’
CSCwi69260: upgrade of FMC to 7.2.x removes FlexConfig-provided EIGRP authentication from interfaces on FTDs
CSCwi70371: Intermittent Packet Losses When VTI Is Sourced From Loopback
CSCwi70492: Firewall is in App Sync error in pseudo-standby mode and uses IPs from Active unit
CSCwi70940: standard error (stderr) not inserted into restore.log when restoring FMC backups
CSCwi71786: Download failed for Available Upgrade Packages
CSCwi71998: “Stream: TCP normalization error in NO_TIMESTAMP” is seen when SSL Policy decrypt all is used
CSCwi72054: Unable to delete custom DNS Server Group Object post upgrade 7.2.x
CSCwi72294: FTD: Improve or optimize LSP package verification logic to run it faster
CSCwi74214: ASA/FTD traceback and reload in Thread Name: IKEv2 Daemon when moving from active to standby HA
CSCwi75111: Configuring MTU value via CLI does not apply
CSCwi75198: Standby FTD experiencing periodic traceback and reload
CSCwi76002: Memory exhaustion due to absence of freeing up mechanism for tmatch
CSCwi76361: Transparent firewall MAC filter does not capture frames with STP-UplinkFast dst MAC consistently
CSCwi76630: FP2100/FP1000: ASA Smart licenses lost after reload
CSCwi77415: ASDM connection lost issue is observed in ASAv device due to config issue
CSCwi78189: It was discovered that when exec’ing from a non-leader thread, armed P
CSCwi78206: A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTL
CSCwi78210: An out-of-bounds memory write flaw was found in the Linux kernel\u2019s Tra
CSCwi78370: 41xx/93xx : Update CiscoSSH (Chassis Manager FXOS) to address CVE-2023-48795
CSCwi78626: tds-cloud-events.json getting updated from both cdFMCs (ftd migration from 1 tenant to another)
CSCwi78941: FDM deployment fails with error “Some interfaces have been added to or removed from the device”
CSCwi79037: IKEv2 client services is not getting enabled - XML profile is not downloaded
CSCwi79042: FTD/Lina traceback and reload of HA pairs, in data path, after adding NAT policy
CSCwi79120: some ssh sessions not timing out, leading to ssh and console unable to connect to the FXOS CLI
CSCwi79289: FMC: Add logging for PM functions
CSCwi79393: Policy Deployment Fails when removing the Umbrella DNS Policy from Security Intelligence
CSCwi79538: FMC API Call for Network Object Overrides Returns Different Results for Active vs Standby FW
CSCwi79703: Incorrect Timezone Format on FTD When Configured via FXOS
CSCwi80979: Snort stripping packet information and injects its packet with 0 bytes data
CSCwi81193: singlevar in lparser.c in Lua from (including) 5.4.0 up to 5.4.4
CSCwi81195: An issue in the component luaG_runerror of Lua v5.4.4 and below leads to …
CSCwi81503: HTTP/HTTPS detection for application needs to fail it’s detection earlier
CSCwi82189: ACP page goes blank or error thrown if one of the ACP rules has user created app filter
CSCwi82866: MonetDB Monitor triggers for restarting MonetDB based on WAL size are not effective
CSCwi84314: ASA CLI hangs with ‘show run’ on multiple SSH
CSCwi84809: Incorrect Variable set in derived policy when derived policy is same as default.
CSCwi85277: Upgrade Failed with error “Upgrade failed because of undeployed changes present on the device”
CSCwi85689: TLS Server Identify: ‘show asp table socket’ output shows multiple TLS_TRK entries
CSCwi85951: A use-after-free flaw was found in the __ext4_remount in fs/ext4/super
CSCwi86036: External Radius authentication fails post upgrade if radius key includes special characters
CSCwi86198: SFData correlator keep terminating on FTDs configured for IDS
CSCwi87382: Traceback and reload on Primary unit while running debugs over the SSH session
CSCwi89447: Every realm sync indicates an access control policy change
CSCwi90040: Cisco ASA and FTD Software Command Injection Vulnerability
CSCwi90399: FTD/ASA system clock resets to year 2023
CSCwi90571: Access to website via Clientless SSL VPN Fails
CSCwi90998: ASA SNMP Polling Failure for environmental FXOS DME MIB (.1.3.6.1.4.1.9.9.826.2)
CSCwi91588: Heap-use-after-free in Discovery Filter on Snort shutdown
CSCwi91602: 7.2 - Deployment doesn’t timeout, runs for hours after LSP install
CSCwi92875: Check metadata cache size when generating retrospective events
CSCwi92914: A flaw was found in the networking subsystem of the Linux kernel withi
CSCwi92917: Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulner
CSCwi92927: A use-after-free vulnerability in the Linux kernel’s netfilter: nf_tab
CSCwi95228: “crypto ikev2 limit queue sa_init” resets after reboot
CSCwi95708: FTD: Hostname Missing from Syslog Message
CSCwi95796: FTD SNMP OID 1.3.6.1.4.1.9.9.109.1.1.1.1.7 always returns 0% for SysProc Average
CSCwi95871: SSH/SNMP connections to non-admin contexts fail after software upgrade
CSCwi95994: Chromium-based browsers have SSL connection conflicts when FIPS CC is enabled on the firewall.
CSCwi97836: ASA traceback and reload after configuring capture on nlp_int_tap and deleting context
CSCwi97839: FTD traceback assert in vni_idb_get_mode and reloaded
CSCwi98147: Tomcat restarts in the middle of the LTP flow due to certificate update
CSCwi98284: Cisco ASA and FTD Software Persistent Local Code Execution Vulnerability
CSCwi99429: Policy deployment failure rollback didnt reconfigure the FTD devices
CSCwj00659: FMC: Multiple Email address in Email Alert not working
CSCwj00956: Snort process spamming syslog-ng messages so our on KP platform syslog-ng is being killed
CSCwj02259: Backup failures needs to be displayed with the correct state on GUI
CSCwj02505: ASA Checkheaps traceback while entering same engineID twice
CSCwj02708: Backup generation on FDM fails with the error “Unable to backup Legacy data.”
CSCwj03112: pmtool restart of monetdb fails to bring up monetdb, too many files in monetdb Volume directory
CSCwj03253: SFDataCorrelator creates huge numbers of to_import files when MonetDB table partition creation fails
CSCwj03285: FMC : Health Monitor Alert is not properly issued regarding disk usage
CSCwj03348: vFMC25 OCI to vFMC300 OCI migration failed ‘Migration from Y to a is not allowed.’
CSCwj03764: In Spoke dual ISP case if ISP2 is down, VTI tunnels related to ISP1 flapping.
CSCwj05151: ASA/FTD may traceback and reload in Thread Name DATAPATH due to GTP Spin Lock Assertion
CSCwj05464: FMC Server Certificate shows Only First 20 Objects
CSCwj05484: ASA upgrade from 9.16 to 9.18 causing change in AAA ldap attribute values by adding extra slash ‘’
CSCwj06197: “pmtool restartbyid ” should give some indication of error
CSCwj07837: Deployment failure due to exceeding logging event list name size
CSCwj08073: libuv is a multi-platform support library with a focus on asynchronous
CSCwj08083: An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.1
CSCwj08203: FMC: fireamp generating too many logs
CSCwj08302: FTD: HostScan scanning results not processed in version 7.4.1
CSCwj08822: cdFMC Multiple health monitor widgets throwing Error while fetching data
CSCwj09110: Upload files through Clientless portal is not working as expected after the ASA upgrade
CSCwj09373: BBManager text based search - lucene
CSCwj09613: User not entitled for packet captures, is still able to open it from the Device Management
CSCwj09938: Unable to remove suppression from snort3 rule once added
CSCwj09999: FP 3100 MTU change on management interface is NOT persistent across reboots (returns to default MTU)
CSCwj10009: In Snort 3 policy editor, selecting a Rule Action of \u201cRule Action\u201d causes UI to spin indefinitely
CSCwj10451: The secondary device reloaded while rebooting the primary device.
CSCwj10955: Cisco ASA and FTD Software Web Services Denial of Service Vulnerability
CSCwj12131: Bailout when lina_io_write fails persistent with EPIPE errno.
CSCwj12168: Never expiring machine user not logged out at various places
CSCwj12173: Policy cache cleanup thread should cleanup any cache that is left open for a logged out session
CSCwj13910: Crypto IPSEC SA Output Showing NO SA ERROR With IPSEC Offload Enabled
CSCwj14492: fpr1k/2k/3k/4200:Need ability to configure SSH public key auth without using root shell
CSCwj14614: FMC: Upgrade fails at “800_post/991_update_scheduled_tasks.pl”
CSCwj14832: SAML: Single sign-on AnyConnect token verification failure is seen after successful authentication
CSCwj15821: Page getting expaned while getting continuous task notifications
CSCwj16119: FP2110: When Leaving On-Box (FDM) Mode Platform API Fails
CSCwj16633: Issues with FMC Deployment preview (Advanced Preview)
CSCwj17677: PM restart needs to be blocked or warned the user that it may go for reboot
CSCwj17852: FMC - Inheritance Settings Select Base Policy Menu disappears while scrolling using Light or Dusk UI
CSCwj19236: In Object page able to delete and create system provided object
CSCwj19252: Object optimisation gets disabled on FMC if next deployment is after two hours
CSCwj19653: FTD - Trace back and reload due to NAT involving fqdn objects
CSCwj20067: ASA: Warning messages not displayed when Static interface NAT are configured
CSCwj20118: FTDv reloads and generate backtrace after push EIGRP config
CSCwj21880: FTD with Interface object optimization enabled is blocking traffic after renaming of zone names
CSCwj22086: Active unit goes to disabled state when there is a mismatch in firewall mode
CSCwj22235: Lina traceback and reload due to mps_hash_memory pointing to null hash table
CSCwj22990: After upgrading the ASA, \u201cSlot 1: ATA Compact Flash memory\u201d shows a ditterent value
CSCwj23192: extra file check is not reporting with pmtool SecureLSP lsp-rel-xxx command
CSCwj24517: LSP Deployment fails in multi instance FP 41xx / 93xx
CSCwj24573: Rabbitmq queues on FMC vHost may not be cleaned up after element removal
CSCwj25066: CCM ID 68 - LTS21 - CISCO_LTS21_R2160 release branch
CSCwj25975: FTD/ASA : CSR generation with comma between \u201cCompany Name\u201d attribute does not work expected
CSCwj26627: FMC shows a non-User-Friendly Error during a Policy Deployment failure due to snapshot failure
CSCwj27112: Rest API ‘/devices/devicerecords’ is returning mismatch of values for (RA VPN) policy object id
CSCwj28049: Identity Mapping Filter field gets updated with newly created network objects.
CSCwj28153: Lina contains outdated libexpat source code
CSCwj28437: Snort3: SQL traffic failure after upgrade due to large invalid sequence numbers and invalid ACKs
CSCwj29351: Health Policy Configuration - Unable to remove device from the policy
CSCwj30825: SFDataCorrelator memory leak after unregistering an active device
CSCwj30962: 3140 3 MI instances upgrade failed
CSCwj30980: Addition of debugs & a show command to capture the ID usage in the CTS SXP flow.
CSCwj31816: TLS Secure Client sessions cannot be established on ASA 9.19 and 9.20
CSCwj32035: Clientless VPN users are unable to reach pages with HTTP Basic Authentication
CSCwj33487: ASA/FTD may traceback and reload while handling DTLS traffic
CSCwj33503: Snort3 event PCAPs contain only header data when decrypting HTTP/2
CSCwj33580: IKEv2 tunnels flap due to fragmentation and throttling caused by multiple ciphers/proposal
CSCwj33891: ASA/FTD Cluster memory exhaustion caused by NAT process during release of port blocks allocations
CSCwj34881: Command to show counters for access-policy filtered with a source IP address gives incorrect result
CSCwj34975: Multiple context interfaces fail to pass traffic
CSCwj36559: rsync is not happening to standby unit when perform oob changes in active unit.
CSCwj38871: ASA traceback with thread name SSH
CSCwj38928: High latency observed on FPR3120
CSCwj39107: SFDataCorrelator memory growth when pruning a huge number of old service identities
CSCwj39984: Unable to approve ticket due to monitored int in HA and getting Error to contact Cisco Support.
CSCwj40124: FMC 7.3 Deployment failed due to OOM in PBR Configuration
CSCwj40597: Backups fail on multi-instance with error “Backup died unexpectedly”
CSCwj40665: Additional memory tracking in SFDataCorrelator
CSCwj40761: ASA/FTD may traceback in Threadname: CTM KC FPGA stats handler
CSCwj41427: FTD-HA creation is failing because FMC takes longer time to save overrides.
CSCwj41916: FTD-HA upgrade fails to start - Configuration is out of sync between active and standby
CSCwj42025: CCM ID LTS21-100 with RCPL21 update
CSCwj43345: SNMP poll for some OIDs may cause CPU hogs and high latency can be observed for ICMP packets
CSCwj44398: when set the route-map in route RIP on FTD, routes update is not working after FTD reload
CSCwj48308: Stale Health Alerts seen on the UMS after model migration
CSCwj48704: ASA traceback and reload when accessing file system from ASDM
CSCwj48754: SFDataCorrelator high memory usage when restart with large network map hosts
CSCwj48801: 4200s have high UDP latency at low packet rates.
CSCwj49958: Crypto IPSEC Negotiation Failing At “Failed to compute a hash value”
CSCwj50064: SSE connection events, FirewallRuleList field is not sent in proper format
CSCwj50406: All IPV6 BGP routes configured in device flapping
CSCwj50557: Snort creating too many snort-unified log files when frequent policy deploys
CSCwj50603: Large write-ahead log may leave monetdb in disabled state
CSCwj51115: FMC backup remote server copy to Solar Winds remote server failing after upgrading to 7.x versions.
CSCwj54717: Radius secret key of over 14 characters for external authentication does not get deployed (FPR3100)
CSCwj55036: ASA/FTD: A delay in an async crypto command induces a traceback and subsequently a reload.
CSCwj55081: FPR3K loses connectivity to FMC via mgmt data interface on reboot of FPR3K
CSCwj56639: FDM1010E 7.4.1 unable to register to SA, getting “Invalid entitlement tag”
CSCwj56668: False positive ISE bulk download alert error seen on FMC
CSCwj58431: FMC REST API not sending ‘deploymentStatus’ Attribute
CSCwj59861: ASA/FTD may traceback and reload in Thread Name ‘lina’ due to SCP/SSH process
CSCwj59981: FMC only accepts a maximum of 30 characters for shared secret key when connecting to RADIUS server
CSCwj60265: ASA/FTD may traceback and reload in Thread Name ‘DATAPATH-1-16803’
CSCwj62723: Error message spammed to console on Firepower 2100 devices while enabling SSH config
CSCwj62984: Snort3: MSSQL query traffic corrupted by stream_tcp overlap handling causing SQL HY000
CSCwj66339: OGO changing the order of custom object group contents causing an outage at static NAT
CSCwj66537: Snort3 crashes due to processing pdf tokenizer with no limits.
CSCwj66923: cdFMC : Support for new regions in Aus and India
CSCwj67600: Autodeployment failing on cdFMC v20240307 when onboarding a 1010 v7.2.5
CSCwj67787: New User activity page does not load because the VPN bytes in and out are long.
CSCwj68096: Console Access Stuck for ASAv hosted in CSP after Upgrade to 9.18.3.56
CSCwj68783: FTD/ASA-HA configs not in sync as the command sync process is sending configs with special chars
CSCwj69632: Default Hashing Algorithm is SHA1 for Firepower Chassis Manager Certificate on 4110
CSCwj71064: Snort dropping connections with reason blocked or blacklisted by the firewall preprocessor
CSCwj72683: ASA - Bookmarks on the WebVPN portal are unreachable after successful login.
CSCwj73053: ASA may traceback and reload in Thread Name ‘DATAPATH-21-16432’
CSCwj73061: SNMP OID for CPUTotal1min omits snort cpu cores entries when polled
CSCwj77700: FTD LINA Traceback and Reload idfw_proc Thread
CSCwj79481: Deployment fails on FTD HA while doing LINA ONLY DEPLOYMENT
CSCwj79736: eStreamer memory leak when the FMC receives events from CDO-managed FTDs
CSCwj80324: Access rule getting pushed with “deny tcp any any” on snort
CSCwj82127: IP-SGT mappings on Lina-side are not being removed, when FMC pxGrid connection is disabled
CSCwj82285: ASA/FTD may traceback and reload in Thread Name ‘sdi_work’
CSCwj85333: FPR might drop TLS1.3 connections when hybridized kyber cipher is enabled in web browser
CSCwj86116: High LINA CPU observed due to NetFlow configuration
CSCwj88925: net-snmp provides various tools relating to the Simple Network Managem
CSCwj88928: net-snmp provides various tools relating to the Simple Network Managem
CSCwj88929: net-snmp provides various tools relating to the Simple Network Managem
CSCwj88930: net-snmp provides various tools relating to the Simple Network Managem
CSCwj88931: net-snmp provides various tools relating to the Simple Network Managem
CSCwj88932: net-snmp provides various tools relating to the Simple Network Managem
CSCwj89126: HTTP Response splitting in multiple modules in Apache HTTP Server allows
CSCwj89264: FTD HA: Traceback and reload in netsnmp_oid_compare_ll
CSCwj92784: RAVPN: Failure to create SGT-IP mapping due to ID table exhaustion
CSCwj93921: ASA after upgrade to 9.18.4.24 not able to save config with error: “Configuration line too long”
CSCwj95590: Browser redirects to logon page when the user clicks the WebVPN bookmark
CSCwj98451: FMC got deregistered from Smart License after upgrade
CSCwk00628: Captive portal returns bad request for snort 2 for FMC 7.4.x , FTD version < 7.4
CSCwk02928: ASA/FTD may traceback and reload in Thread Name PTHREAD
CSCwk04492: ASA CLI hangs with ‘show run’ with multiple ssh sessions
CSCwk05851: “set ip next-hop” line deleted from config at reload if IP address is ma
CSCwk07934: Clock skew between FXOS and Lina causes SAML assertion processing failure
CSCwk08576: command to print the debug menu setting of service worker
CSCwk12065: LSP downloads are not using the Web proxy, when configured.
CSCwk12673: TCP Session Interrupted if Keep-Alive with 1 Byte is Received
CSCwk33634: TLS Client Hello packet is dropped by snort
CSCwk44366: cdFMC Fails to configure-geneve-encapsulation on interface
CSCwk62296: Address SSP OpenSSH regreSSHion vulnerability
CSCwk62297: Evaluation of ssp for OpenSSH regreSSHion vulnerability
CSCwk66252: It was discovered that a nft object or expression could reference a nf
CSCwk66253: An out-of-bounds access vulnerability involving netfilter was reported

下载地址

Secure Firewall Threat Defense Virtual Release 7.4.1 (include 7.4.2 release)

Firepower Threat Defense (FTD) Software:

File Information	Filename	Release Date	Size
Firepower Threat Defense upgrade (Do not untar)	Cisco_FTD_Upgrade-7.4.1-172.sh.REL.tar	13-Dec-2023	1251.67 MB
FTDv: KVM install package	Cisco_Secure_Firewall_Threat_Defense_Virtual-7.4.1-172.qcow2	13-Dec-2023	1314.50 MB
FTDv: VMware install package for ESXi 6.5, 6.7, or 7.0	Cisco_Secure_Firewall_Threat_Defense_Virtual-7.4.1-172.tar.gz	13-Dec-2023	1297.34 MB