cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
234
Views
10
Helpful
3
Replies
Beginner

Vulnerability FIX - CVE-2018-11763 for Cisco Firepower

Hello,

 

The Firepower with Fxos V 2.3(1.91) has been reported with the following vulnerability on port 443

CVE-2018-11763  

Fix suggested is to upgrade Apache Server to latest version. How can i achieve this ?

 

Thanks

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Master

Re: Vulnerability FIX - CVE-2018-11763 for Cisco Firepower

You would upgrade the FXOS only for this particular bug.

The procedure is described here:

https://www.cisco.com/c/en/us/td/docs/security/firepower/fxos/fxos261/web-guide/b_GUI_FXOS_ConfigGuide_261/image_management.html#task_70E033727200421CBB24760B6129CAA3

For an HA pair, upgrade the standby unit first and verify it works. Then failover to make it active and then upgrade the other unit. Finally failover once again to come back to the "Primary - Active" and "Secondary - Standby Ready" normal state.

3 REPLIES 3
Highlighted
Hall of Fame Master

Re: Vulnerability FIX - CVE-2018-11763 for Cisco Firepower

BugID CSCvj48872 applies:

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj48872/?rfs=iqvred

The FXOS release notes indicate FXOS 2.3.1.88 contains the fix:

https://www.cisco.com/c/en/us/td/docs/security/firepower/fxos/fxos231/release/notes/fxos231_rn.html

It may have cropped back up in 2.3.1.91 but it should be fixed in the current 2.3.1.155 or the later 2.5.x/2.6.x trains.

So upgrade the FXOS firmware for Firepower 4100 and 9300 series.

If you have Firepower 2100 series appliances with FTD, the FXOS firmware is embedded in the FTD image.

Beginner

Re: Vulnerability FIX - CVE-2018-11763 for Cisco Firepower

Thanks for the reply...i have two 4100 devices with ftd image in HA...to
upgrade the fxos version i can directly do it from chassis manager ? Do i
have to upgrade ftd or fmc as well along with this ?
Thanks
Hall of Fame Master

Re: Vulnerability FIX - CVE-2018-11763 for Cisco Firepower

You would upgrade the FXOS only for this particular bug.

The procedure is described here:

https://www.cisco.com/c/en/us/td/docs/security/firepower/fxos/fxos261/web-guide/b_GUI_FXOS_ConfigGuide_261/image_management.html#task_70E033727200421CBB24760B6129CAA3

For an HA pair, upgrade the standby unit first and verify it works. Then failover to make it active and then upgrade the other unit. Finally failover once again to come back to the "Primary - Active" and "Secondary - Standby Ready" normal state.