cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2427
Views
10
Helpful
3
Replies

Clarification on required patches for CVE-2022-20715 and ASA with FTD

MauryJ
Level 1
Level 1

Hello,

I am reviewing the details for the CVE-2022-20715 notice, at:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-dos-tL4uA4AA

We are using an ASA with Firepower Services, v6.7.0.3.     About 3/4 of the way down the page, on the table for FTD software, this is listed:

Cisco FTD Software Release:
6.7.0

First Fixed Release for This Vulnerability:
Cisco_FTD_Hotfix_AA-6.7.0.4-2.sh.REL.tar
Cisco_FTD_SSP_FP1K_Hotfix_AA-6.7.0.4-2.sh.REL.tar
Cisco_FTD_SSP_FP2K_Hotfix_AA-6.7.0.4-2.sh.REL.tar
Cisco_FTD_SSP_Hotfix_AA-6.7.0.4-2.sh.REL.tar

First Fixed Release for All Vulnerabilities Described in the Bundle of Advisories:
Migrate to a fixed release.

I'm not clear on what exactly I need to patch with.   Do I need to apply all four of the packages listed under the second column?   And for 'first fixed release for all vuln described in the bundle...' is that indicating that we need to upgrade to a later release to address other vulnerabilities besides those addressed in this advisory?

Thanks

1 Accepted Solution

Accepted Solutions

@MauryJ if you are running ASA with Firepower then you'd want to upgrade the FPR module, the latest is 7.0.4 - there doesn't appear to be 6.7.0.4 for FPR module. https://software.cisco.com/download/home/286285782/type/286277393/release/7.0.4

The images you provided in the first post are for the FTD image, which is different to the FPR module, which also uses the ASA image.

View solution in original post

3 Replies 3

@MauryJ those packages are for different hardware.

Firepower 1000 series:Cisco_FTD_SSP_FP1K_Hotfix_AA-6.7.0.4-2

Firepower 2100 series: Cisco_FTD_SSP_FP2K_Hotfix_AA-6.7.0.4-2

Firepower 4100/9300: Cisco_FTD_SSP_Hotfix_AA-6.7.0.4-2

ASA 5500-X series and ISA 3000: Cisco_FTD_Hotfix_AA-6.7.0.4-2

FTDv: Cisco_FTD_Hotfix_AA-6.7.0.4-2

What hardware are you running? Are you sure your hardware even supports 6.7

@Rob Ingram  Thanks Rob-

We are using an ASA-5516X with Firepower Services, and it is running 6.7.0.3 currently.   Last I checked, it could go up to at least 7.0.

@MauryJ if you are running ASA with Firepower then you'd want to upgrade the FPR module, the latest is 7.0.4 - there doesn't appear to be 6.7.0.4 for FPR module. https://software.cisco.com/download/home/286285782/type/286277393/release/7.0.4

The images you provided in the first post are for the FTD image, which is different to the FPR module, which also uses the ASA image.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: