12-13-2021 01:40 PM
Anyone know how FTD via FDM is affected? Is it affected from the outside if there is no management form the outside?
12-14-2021 08:16 PM
The FTDs are presenting https to the outside.
Can that be disabled while non impacting vpn users?
12-15-2021 07:21 AM
unfortunately no one knows yet. We don't even know if shutting off RAVPN is a proper workaround for protecting the firewall from the outside. CRAZY that it's taking so long for a response from Cisco.
12-15-2021 07:03 PM
I have logged a TAC case.
The reply was along the lines of "what's the emergency?" ( ͠° ͟ʖ ͡°)
Gently replied and waiting for TAC to come back and help.
12-16-2021 02:11 PM
Looks like the hotfix's are coming out on Dec 23rd. Right in time for an upgrade to break out firewalls right before xmas.
No details on workaround or conditions.
12-16-2021 02:37 PM
12-17-2021 12:47 PM
UPDATE: Workaround and Conditions have been added to the BUG
Conditions: Only the FTD-API associated with Firepower Device Manager is vulnerable. This is exposed by default on the management interface and the inside data interface (typically port 2) on devices in the on-device manager mode. This API interface can be disabled by configuration from data-plane interfaces. VPN and other features outside of Firepower Device Manager are not vulnerable. Firepower Management Center managed FTD devices are not vulnerable.
Workaround: Access Control can be added to both the management and data-plane interfaces to limit who can call this FTD-API interface removing the risk from external actors.
12-20-2021 02:30 AM - edited 12-20-2021 03:26 AM
Hi Ralphy, can I please ask where you got the details of the Conditions and Workarounds from? Cisco have released a hotfix for FTD 6.4.0 but still no details on how the devices are vulnerable that I can find.
Thanks
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: