https://community.cisco.com/t5/network-security/clarification-on-required-patches-for-cve-2022-20715-and-asa/m-p/4667884#M1092603 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/255588">@MauryJ</a> those packages are for different hardware. </P> <P class="p">Firepower 1000 series:<A class="xref" href="https://software.cisco.com/download/home/286323330/type/286306337/release/6.7.0.3" target="_blank" rel="noopener">Cisco_FTD_SSP_FP1K_Hotfix_AA-6.7.0.4-2</A></P> <P class="p">Firepower 2100 series: <A class="xref" href="https://software.cisco.com/download/home/286312096/type/286306337/release/6.7.0.3" target="_blank" rel="noopener">Cisco_FTD_SSP_FP2K_Hotfix_AA-6.7.0.4-2</A></P> <P class="p">Firepower 4100/9300: <A class="xref" href="https://software.cisco.com/download/home/286287252/type/286306337/release/6.7.0.3" target="_blank" rel="noopener">Cisco_FTD_SSP_Hotfix_AA-6.7.0.4-2</A></P> <P class="p">ASA 5500-X series and ISA 3000: <A class="xref" href="https://software.cisco.com/download/home/286285782/type/286306337/release/6.7.0.3?catid=268438162" target="_blank" rel="noopener">Cisco_FTD_Hotfix_AA-6.7.0.4-2</A></P> <P class="p">FTDv: <A class="xref" href="https://software.cisco.com/download/home/286306503/type/286306337/release/6.7.0.3" target="_blank" rel="noopener">Cisco_FTD_Hotfix_AA-6.7.0.4-2</A></P> <P class="p">What hardware are you running? Are you sure your hardware even supports 6.7</P> Thu, 11 Aug 2022 14:56:57 GMT Rob Ingram 2022-08-11T14:56:57Z https://community.cisco.com/t5/network-security/clarification-on-required-patches-for-cve-2022-20715-and-asa/m-p/4667879#M1092601 <P>Hello,</P><P>I am reviewing the details for the <SPAN>CVE-2022-20715 notice, at:<BR /><A href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-dos-tL4uA4AA" target="_blank">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-dos-tL4uA4AA</A><BR /></SPAN></P><P><SPAN>We are using an ASA with Firepower Services, v6.7.0.3.&nbsp; &nbsp; &nbsp;About 3/4 of the way down the page, on the table for FTD software, this is listed:</SPAN></P><P><SPAN>Cisco FTD Software Release:<BR />6.7.0</SPAN></P><P><SPAN>First Fixed Release for This Vulnerability:<BR />Cisco_FTD_Hotfix_AA-6.7.0.4-2.sh.REL.tar<BR />Cisco_FTD_SSP_FP1K_Hotfix_AA-6.7.0.4-2.sh.REL.tar<BR />Cisco_FTD_SSP_FP2K_Hotfix_AA-6.7.0.4-2.sh.REL.tar<BR />Cisco_FTD_SSP_Hotfix_AA-6.7.0.4-2.sh.REL.tar<BR /></SPAN></P><P><SPAN>First Fixed Release for All Vulnerabilities Described in the Bundle of Advisories:<BR />Migrate to a fixed release.<BR /></SPAN></P><P><SPAN>I'm not clear on what exactly I need to patch with.&nbsp; &nbsp;Do I need to apply all four of the packages listed under the second column?&nbsp; &nbsp;And for 'first fixed release for all vuln described in the bundle...' is that indicating that we need to upgrade to a later release to address other vulnerabilities besides those addressed in this advisory?<BR /><BR />Thanks</SPAN></P> Thu, 11 Aug 2022 14:47:16 GMT https://community.cisco.com/t5/network-security/clarification-on-required-patches-for-cve-2022-20715-and-asa/m-p/4667879#M1092601 MauryJ 2022-08-11T14:47:16Z https://community.cisco.com/t5/network-security/clarification-on-required-patches-for-cve-2022-20715-and-asa/m-p/4667884#M1092603 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/255588">@MauryJ</a> those packages are for different hardware. </P> <P class="p">Firepower 1000 series:<A class="xref" href="https://software.cisco.com/download/home/286323330/type/286306337/release/6.7.0.3" target="_blank" rel="noopener">Cisco_FTD_SSP_FP1K_Hotfix_AA-6.7.0.4-2</A></P> <P class="p">Firepower 2100 series: <A class="xref" href="https://software.cisco.com/download/home/286312096/type/286306337/release/6.7.0.3" target="_blank" rel="noopener">Cisco_FTD_SSP_FP2K_Hotfix_AA-6.7.0.4-2</A></P> <P class="p">Firepower 4100/9300: <A class="xref" href="https://software.cisco.com/download/home/286287252/type/286306337/release/6.7.0.3" target="_blank" rel="noopener">Cisco_FTD_SSP_Hotfix_AA-6.7.0.4-2</A></P> <P class="p">ASA 5500-X series and ISA 3000: <A class="xref" href="https://software.cisco.com/download/home/286285782/type/286306337/release/6.7.0.3?catid=268438162" target="_blank" rel="noopener">Cisco_FTD_Hotfix_AA-6.7.0.4-2</A></P> <P class="p">FTDv: <A class="xref" href="https://software.cisco.com/download/home/286306503/type/286306337/release/6.7.0.3" target="_blank" rel="noopener">Cisco_FTD_Hotfix_AA-6.7.0.4-2</A></P> <P class="p">What hardware are you running? Are you sure your hardware even supports 6.7</P> Thu, 11 Aug 2022 14:56:57 GMT https://community.cisco.com/t5/network-security/clarification-on-required-patches-for-cve-2022-20715-and-asa/m-p/4667884#M1092603 Rob Ingram 2022-08-11T14:56:57Z https://community.cisco.com/t5/network-security/clarification-on-required-patches-for-cve-2022-20715-and-asa/m-p/4671957#M1092787 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/97036">@Rob Ingram</a>&nbsp; Thanks Rob-</P><P>We are using an ASA-5516X with Firepower Services, and it is running 6.7.0.3 currently.&nbsp; &nbsp;Last I checked, it could go up to at least 7.0.</P> Thu, 18 Aug 2022 18:25:43 GMT https://community.cisco.com/t5/network-security/clarification-on-required-patches-for-cve-2022-20715-and-asa/m-p/4671957#M1092787 MauryJ 2022-08-18T18:25:43Z https://community.cisco.com/t5/network-security/clarification-on-required-patches-for-cve-2022-20715-and-asa/m-p/4671960#M1092788 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/255588">@MauryJ</a> if you are running ASA with Firepower then you'd want to upgrade the FPR module, the latest is 7.0.4 - there doesn't appear to be 6.7.0.4 for FPR module. <A href="https://software.cisco.com/download/home/286285782/type/286277393/release/7.0.4" target="_blank">https://software.cisco.com/download/home/286285782/type/286277393/release/7.0.4</A></P> <P>The images you provided in the first post are for the FTD image, which is different to the FPR module, which also uses the ASA image.</P> Thu, 18 Aug 2022 18:31:33 GMT https://community.cisco.com/t5/network-security/clarification-on-required-patches-for-cve-2022-20715-and-asa/m-p/4671960#M1092788 Rob Ingram 2022-08-18T18:31:33Z