https://community.cisco.com/t5/network-security/firepower-still-missing-latest-f5-cve-s/m-p/4312298#M1079505 <P>Looking for the Intrusion Rules that match these CVE's; the first one shows up but the others do not.</P><P>&nbsp;</P><P>Alerts about these from F5 were sent out around 3/10/21, does anyone now where the other Intrusion rules for these might be?</P><P>&nbsp;</P><P><SPAN>CVE-2021-22986&nbsp; &nbsp; &nbsp;(found, corresponds to SID&nbsp;57298)</SPAN><BR /><SPAN>CVE-2021-22987</SPAN><BR /><SPAN>CVE-2021-22991</SPAN><BR /><SPAN>CVE-2021-22992</SPAN></P> Tue, 23 Mar 2021 14:12:11 GMT ashaw216 2021-03-23T14:12:11Z https://community.cisco.com/t5/network-security/firepower-still-missing-latest-f5-cve-s/m-p/4312298#M1079505 <P>Looking for the Intrusion Rules that match these CVE's; the first one shows up but the others do not.</P><P>&nbsp;</P><P>Alerts about these from F5 were sent out around 3/10/21, does anyone now where the other Intrusion rules for these might be?</P><P>&nbsp;</P><P><SPAN>CVE-2021-22986&nbsp; &nbsp; &nbsp;(found, corresponds to SID&nbsp;57298)</SPAN><BR /><SPAN>CVE-2021-22987</SPAN><BR /><SPAN>CVE-2021-22991</SPAN><BR /><SPAN>CVE-2021-22992</SPAN></P> Tue, 23 Mar 2021 14:12:11 GMT https://community.cisco.com/t5/network-security/firepower-still-missing-latest-f5-cve-s/m-p/4312298#M1079505 ashaw216 2021-03-23T14:12:11Z https://community.cisco.com/t5/network-security/firepower-still-missing-latest-f5-cve-s/m-p/4312461#M1079513 <P>I noticed that <STRONG>2021-03-17-001-vrt</STRONG> didn't have the rules. It looks like Firepower Management Center wasn't recognizing the newer <STRONG>2021-03-22-001-vrt </STRONG>ruleset. That one added SIDs 57336 and 57337 (among others) which address two of the F5 vulnerabilities. You can download it manually and upload it to your FMC.</P> <P><A href="https://software.cisco.com/download/home/286259687/type/286321931/release/SRU" target="_blank">https://software.cisco.com/download/home/286259687/type/286321931/release/SRU</A></P> <P>Short of opening a TAC case, we can can only wait for Talos to publish a newer SRU to see about the other ones.</P> Tue, 23 Mar 2021 17:48:52 GMT https://community.cisco.com/t5/network-security/firepower-still-missing-latest-f5-cve-s/m-p/4312461#M1079513 Marvin Rhoads 2021-03-23T17:48:52Z https://community.cisco.com/t5/network-security/firepower-still-missing-latest-f5-cve-s/m-p/4313025#M1079558 <P>Thanks for the suggestion. Our FMC shows that it's running the 03-22 vrt and I found those SIDs, but how did you figure out which CVEs these go to? The Rule Documentation reference link leads to a "Missing documentation" page on Snort.</P> Wed, 24 Mar 2021 11:56:43 GMT https://community.cisco.com/t5/network-security/firepower-still-missing-latest-f5-cve-s/m-p/4313025#M1079558 ashaw216 2021-03-24T11:56:43Z https://community.cisco.com/t5/network-security/firepower-still-missing-latest-f5-cve-s/m-p/4313207#M1079569 <P>I cross-referenced them by looking at the description in the SRU vs. the description on F5's notice which did include the associated CVEs.</P> Wed, 24 Mar 2021 16:47:07 GMT https://community.cisco.com/t5/network-security/firepower-still-missing-latest-f5-cve-s/m-p/4313207#M1079569 Marvin Rhoads 2021-03-24T16:47:07Z