topic Re: ASA 5508 running 7.0.1 needs ROMMON and FPGA Upgrade in Network Security

ASA 5508 running 7.0.1 needs ROMMON and FPGA Upgrade

ABaker94985 — Tue, 11 Jan 2022 23:07:48 GMT

The ASA is acting flaky, and I noticed today the following in "show ver":

FPGA UPGRADE Version : 2.4
FPGA GOLDEN Version : unavailable
ROMMON Version : 1.1.14
WARNING: Platform FPGA version is older than minimum recommended image.
WARNING: Platform ROMMON version is older than minimum recommended image.
Image type : Release
Key Version : A

I've downloaded the firmware for ROMMON, but I can't find anything on the FPGA. Is there a file for this, or will the firmware take care of this?

Is this upgraded through CLI, or is this somehow through the GUI. The only thing I can find is through the CLI, but I don't want to brick this firewall.

Thank you.

Re: ASA 5508 running 7.0.1 needs ROMMON and FPGA Upgrade

Leo Laohoo — Tue, 11 Jan 2022 23:27:27 GMT

7.0.1? The ASA may be under attack from Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Interface Cross-Site Scripting Vulnerabilities.

Update June 28, 2021: Cisco has become aware that public exploit code exists for CVE-2020-3580, and this vulnerability is being actively exploited.

Re: ASA 5508 running 7.0.1 needs ROMMON and FPGA Upgrade

balaji.bandi — Wed, 12 Jan 2022 09:29:22 GMT

May be worth giving shot to upgrade, rather sorry with attack.

https://www.cisco.com/c/en/us/td/docs/security/asa/upgrade/asa-upgrade/planning.html#ID-2152-0000000a

Re: ASA 5508 running 7.0.1 needs ROMMON and FPGA Upgrade

ABaker94985 — Wed, 12 Jan 2022 15:18:09 GMT

I wasn't clear that this firewall is running FTD 7.0.1, not ASA firmware.

Re: ASA 5508 running 7.0.1 needs ROMMON and FPGA Upgrade

ABaker94985 — Wed, 12 Jan 2022 15:23:42 GMT

If this was running ASA firmware, I would be a simple process to upgrade ROMMON through CLI. When you're in FTD and you have to get to the ASA-like CLI using "system support diagnostic-cli" then "en" and then try to upgrade ROMMON at that point, I'm concerned it will fail. I'd expect to have to upgrade possibly in expert mode, but I can't find any documentation. Hopefully, this is more clear.

Re: ASA 5508 running 7.0.1 needs ROMMON and FPGA Upgrade

Marvin Rhoads — Thu, 13 Jan 2022 12:42:49 GMT

A rommon upgrade should fix both the rommon and FPGA versions.

Please see this document for detailed instructions on upgrading the rommon of the ASA running FTD image:

https://community.cisco.com/t5/security-documents/asa-x-rommon-upgrade-for-ftd-sensors/ta-p/3746210