Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
905
Views
10
Helpful
3
Replies

Vulnerability FIX - CVE-2018-11763 for Cisco Firepower

Go to solution
NeWGuy1109
Level 1
Level 1

‎08-22-2019 08:11 AM - edited ‎02-21-2020 09:25 AM

Hello,

 

The Firepower with Fxos V 2.3(1.91) has been reported with the following vulnerability on port 443

CVE-2018-11763  

Fix suggested is to upgrade Apache Server to latest version. How can i achieve this ?

 

Thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to NeWGuy1109

‎08-25-2019 05:11 AM

You would upgrade the FXOS only for this particular bug.

The procedure is described here:

https://www.cisco.com/c/en/us/td/docs/security/firepower/fxos/fxos261/web-guide/b_GUI_FXOS_ConfigGuide_261/image_management.html#task_70E033727200421CBB24760B6129CAA3

For an HA pair, upgrade the standby unit first and verify it works. Then failover to make it active and then upgrade the other unit. Finally failover once again to come back to the "Primary - Active" and "Secondary - Standby Ready" normal state.

View solution in original post

3 Replies 3

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎08-22-2019 08:44 AM - edited ‎08-22-2019 08:46 AM

BugID CSCvj48872 applies:

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj48872/?rfs=iqvred

The FXOS release notes indicate FXOS 2.3.1.88 contains the fix:

https://www.cisco.com/c/en/us/td/docs/security/firepower/fxos/fxos231/release/notes/fxos231_rn.html

It may have cropped back up in 2.3.1.91 but it should be fixed in the current 2.3.1.155 or the later 2.5.x/2.6.x trains.

So upgrade the FXOS firmware for Firepower 4100 and 9300 series.

If you have Firepower 2100 series appliances with FTD, the FXOS firmware is embedded in the FTD image.

Go to solution
NeWGuy1109
Level 1
Level 1
In response to Marvin Rhoads

‎08-24-2019 08:44 AM

Thanks for the reply...i have two 4100 devices with ftd image in HA...to
upgrade the fxos version i can directly do it from chassis manager ? Do i
have to upgrade ftd or fmc as well along with this ?
Thanks
0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to NeWGuy1109

‎08-25-2019 05:11 AM

You would upgrade the FXOS only for this particular bug.

The procedure is described here:

https://www.cisco.com/c/en/us/td/docs/security/firepower/fxos/fxos261/web-guide/b_GUI_FXOS_ConfigGuide_261/image_management.html#task_70E033727200421CBB24760B6129CAA3

For an HA pair, upgrade the standby unit first and verify it works. Then failover to make it active and then upgrade the other unit. Finally failover once again to come back to the "Primary - Active" and "Secondary - Standby Ready" normal state.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card