
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-15-2016 02:40 AM
We are running the latest software version 9.7.0-125 and the vulnerability scanner is Nessus. According to FreeBSD the Engineering Release version 9.2 is end of support whereas version 9 Stable Release support is 31/12/2016.
Is it reasonable to confirm with Cisco that the Nessus output is false positive or is there an alternative patch for this?
I assume that CISCO ESA is using a modified version of FreeBSD, that the above is irrelevant, I am correct this in thought process.
Solved! Go to Solution.
- Labels:
-
Email Security
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-17-2016 03:04 AM
We had similar problems and upon raising a support incident, we were informed that Cisco was aware of this and FreeBSD version in asyncOS would be upgraded in version 10.x
Hope this information helps.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-22-2016 12:11 PM
AsyncOS 10.x for Email Security is tracking at this time for June 2016 release, pending successful Beta and Beta exit. And yes, to confirm to the current thread, FreeBSD 10 is one of the Beta features being incorporated and tested.
-Robert
Robert Sherwin

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-15-2016 08:17 PM
Hello,
It depends on what the vulnerability the scanner is picking up -- we could perhaps provide more information if it's within scope.
However the ESA does run a modified version of FreeBSD
Regards,
Matthew

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-16-2016 11:26 PM
Nessus has identified that the version of FreeBSD is 9.2 and reports this finding as critical, as running an unsupported OS is non-PCI compliant.
It is not a vulnerability (no CVE) but rather a finding. It is similar to running WindowsXP in a PCI environment. I do understand that AsyncOS is a modified version of FreeBSD but still it is up to audit interpretation if this is sufficient enough.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-17-2016 03:04 AM
We had similar problems and upon raising a support incident, we were informed that Cisco was aware of this and FreeBSD version in asyncOS would be upgraded in version 10.x
Hope this information helps.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-22-2016 11:32 AM
Does anyone have an idea when 10.x is to be released?
Thanks Aditya and Mathew for the replies.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-22-2016 12:11 PM
AsyncOS 10.x for Email Security is tracking at this time for June 2016 release, pending successful Beta and Beta exit. And yes, to confirm to the current thread, FreeBSD 10 is one of the Beta features being incorporated and tested.
-Robert
Robert Sherwin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-26-2018 12:48 AM
Hi, coming back to this again.
In order to get FreeBSD 10.x, is it required to reinitialize the device, or with the upgrade is it applied.
We are now running version 11 and noticed that the FreeBSD is still reported as version 9.3.
I'm now trying to identify in the is a reporting error or something else.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-26-2018 10:56 AM
The FreeBSD version that our AsyncOS relies on is only upgraded from Cisco w/in the OS itself.
If you are running 11.0 or 11.1, you should be running:
FreeBSD <hostname> 10.1-RELEASE FreeBSD 10.1-RELEASE #0: Fri Jan 19 19:58:49 IST 2018
I verified the above from my lab on 11.1.0-069.
How were you detecting that you are only running 9.3?
Robert Sherwin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-26-2018 11:07 AM
The security department has a software analysis tool, I don’t have the details
I’m curious to know if you upgrade from version AsyncOS 9.7 to version 11, does the FreeBSD also get upgraded or only patched. Version 9.7 was running was running FreeBSD 9.3 and version 11.0 should be running 10.0. I don’t know how to detect the underlying OS, so I can’t confirm in manually, to also test in my lab.
See attached screen grab, sorry for the black blob, but you can understand 😊.
[cid:image001.png@01D3AF45.B6EA02B0]
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-26-2018 10:41 PM
The answer to how it is identified, they are using Nessus Professional.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-27-2018 07:23 AM
I do not see the image you posted in the reply.
But, anytime that the AsyncOS version is upgraded, it will upgrade the underlying OS that we base the version on. There should be no patching, or any cause that there would be a version mis-match. You can open a support tunnel to the appliance, and we can work to provide the direct 'uname' output for you, if needed.
Looking @ Nessus scan I ran against my 11.1.0-069 build:
And looking @ Metasploit scan that I ran against my 11.1.0-069 build:
Hope this helps.
Robert Sherwin
