Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3519
Views
0
Helpful
5
Replies

ASA 5508 running 7.0.1 needs ROMMON and FPGA Upgrade

Go to solution
ABaker94985
Spotlight
Spotlight

‎01-11-2022 03:07 PM

The ASA is acting flaky, and I noticed today the following in "show ver":

 

FPGA UPGRADE Version : 2.4
FPGA GOLDEN Version : unavailable
ROMMON Version : 1.1.14
WARNING: Platform FPGA version is older than minimum recommended image.
WARNING: Platform ROMMON version is older than minimum recommended image.
Image type : Release
Key Version : A

 

I've downloaded the firmware for ROMMON, but I can't find anything on the FPGA. Is there a file for this, or will the firmware take care of this?

 

Is this upgraded through CLI, or is this somehow through the GUI. The only thing I can find is through the CLI, but I don't want to brick this firewall.

 

Thank you.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎01-13-2022 04:42 AM

A rommon upgrade should fix both the rommon and FPGA versions.

Please see this document for detailed instructions on upgrading the rommon of the ASA running FTD image:

https://community.cisco.com/t5/security-documents/asa-x-rommon-upgrade-for-ftd-sensors/ta-p/3746210

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Leo Laohoo
Hall of Fame
Hall of Fame

‎01-11-2022 03:27 PM

7.0.1?  The ASA may be under attack from Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Interface Cross-Site Scripting Vulnerabilities.

 

Update June 28, 2021: Cisco has become aware that public exploit code exists for CVE-2020-3580, and this vulnerability is being actively exploited.

 

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎01-12-2022 01:29 AM

May be worth giving shot to upgrade, rather sorry with attack.

 

https://www.cisco.com/c/en/us/td/docs/security/asa/upgrade/asa-upgrade/planning.html#ID-2152-0000000a

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
ABaker94985
Spotlight
Spotlight
In response to balaji.bandi

‎01-12-2022 07:23 AM

If this was running ASA firmware, I would be a simple process to upgrade ROMMON through CLI. When you're in FTD and you have to get to the ASA-like CLI using "system support diagnostic-cli" then "en" and then try to upgrade ROMMON at that point, I'm concerned it will fail. I'd expect to have to upgrade possibly in expert mode, but I can't find any documentation. Hopefully, this is more clear. 

0 Helpful

Go to solution
ABaker94985
Spotlight
Spotlight

‎01-12-2022 07:18 AM

I wasn't clear that this firewall is running FTD 7.0.1, not ASA firmware. 

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎01-13-2022 04:42 AM

A rommon upgrade should fix both the rommon and FPGA versions.

Please see this document for detailed instructions on upgrading the rommon of the ASA running FTD image:

https://community.cisco.com/t5/security-documents/asa-x-rommon-upgrade-for-ftd-sensors/ta-p/3746210

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card