Re: CSCwa46963 - Security: CVE-2021-44228 -> Log4j 2 Vulnerability

Ralphy006 · ‎12-13-2021

Anyone know how FTD via FDM is affected? Is it affected from the outside if there is no management form the outside?

yvesjvccnastudy · ‎12-14-2021

The FTDs are presenting https to the outside.

Can that be disabled while non impacting vpn users?

Ralphy006 · ‎12-15-2021

unfortunately no one knows yet. We don't even know if shutting off RAVPN is a proper workaround for protecting the firewall from the outside. CRAZY that it's taking so long for a response from Cisco.

yvesjvccnastudy · ‎12-15-2021

I have logged a TAC case.

The reply was along the lines of "what's the emergency?" ( ͠° ͟ʖ ͡°)

Gently replied and waiting for TAC to come back and help.

Ralphy006 · ‎12-16-2021

Looks like the hotfix's are coming out on Dec 23rd. Right in time for an upgrade to break out firewalls right before xmas.

No details on workaround or conditions.

yvesjvccnastudy · ‎12-16-2021

You are right.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd

Ralphy006 · ‎12-17-2021

UPDATE: Workaround and Conditions have been added to the BUG

Conditions: Only the FTD-API associated with Firepower Device Manager is vulnerable. This is exposed by default on the management interface and the inside data interface (typically port 2) on devices in the on-device manager mode. This API interface can be disabled by configuration from data-plane interfaces. VPN and other features outside of Firepower Device Manager are not vulnerable. Firepower Management Center managed FTD devices are not vulnerable.

Workaround: Access Control can be added to both the management and data-plane interfaces to limit who can call this FTD-API interface removing the risk from external actors.

IT22 · ‎12-20-2021

Hi Ralphy, can I please ask where you got the details of the Conditions and Workarounds from? Cisco have released a hotfix for FTD 6.4.0 but still no details on how the devices are vulnerable that I can find.

Thanks