Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2121
Views
15
Helpful
2
Replies

CSCwa46963 - Security: CVE-2021-44228 -> Log4j 2 Vulnerability

theerapongpomp
Level 1
Level 1

‎12-14-2021 12:23 AM

Hi All,

 

Regarding CSCwa46963 mentioned the Log4j vulnerability with FTD managed by FDM.

I have a question if FTD managed by FMC only, it can be included to this?

 

Thanks in advance.

Nong.

22 people had this problem
Labels:
2 Replies 2

TheDan27
Level 1
Level 1

‎12-15-2021 12:43 AM

Its classified as "not vulnerable" if managed by FMC:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd

 

Vulnerable:

  • Cisco Firepower Threat Defense (FTD) managed by Firepower Device Manager (FDM)

 

Not Vulnerable:

  • Firepower Thread Defense (FTD) managed by Cisco Firepower Management Center
  • Cisco Firepower Management Center

othydojo
Level 1
Level 1

‎12-16-2021 09:46 AM

@TheDan27Right, but FDM is dormant in the FTD, not gone. I guess this boils down to how is the vulnerability affecting the devices managed by FDM? If it's invoked specifically through the web server servicing the firewall, then I would safely assume that devices managed from FMC won't be affected due to the web server being "turned off" on the FTD? Can someone at Cisco confirm, please?

0 Helpful
Customers Also Viewed These Support Documents