08-11-2022 07:47 AM
Hello,
I am reviewing the details for the CVE-2022-20715 notice, at:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-dos-tL4uA4AA
We are using an ASA with Firepower Services, v6.7.0.3. About 3/4 of the way down the page, on the table for FTD software, this is listed:
Cisco FTD Software Release:
6.7.0
First Fixed Release for This Vulnerability:
Cisco_FTD_Hotfix_AA-6.7.0.4-2.sh.REL.tar
Cisco_FTD_SSP_FP1K_Hotfix_AA-6.7.0.4-2.sh.REL.tar
Cisco_FTD_SSP_FP2K_Hotfix_AA-6.7.0.4-2.sh.REL.tar
Cisco_FTD_SSP_Hotfix_AA-6.7.0.4-2.sh.REL.tar
First Fixed Release for All Vulnerabilities Described in the Bundle of Advisories:
Migrate to a fixed release.
I'm not clear on what exactly I need to patch with. Do I need to apply all four of the packages listed under the second column? And for 'first fixed release for all vuln described in the bundle...' is that indicating that we need to upgrade to a later release to address other vulnerabilities besides those addressed in this advisory?
Thanks
Solved! Go to Solution.
08-18-2022 11:31 AM
@MauryJ if you are running ASA with Firepower then you'd want to upgrade the FPR module, the latest is 7.0.4 - there doesn't appear to be 6.7.0.4 for FPR module. https://software.cisco.com/download/home/286285782/type/286277393/release/7.0.4
The images you provided in the first post are for the FTD image, which is different to the FPR module, which also uses the ASA image.
08-11-2022 07:56 AM
@MauryJ those packages are for different hardware.
Firepower 1000 series:Cisco_FTD_SSP_FP1K_Hotfix_AA-6.7.0.4-2
Firepower 2100 series: Cisco_FTD_SSP_FP2K_Hotfix_AA-6.7.0.4-2
Firepower 4100/9300: Cisco_FTD_SSP_Hotfix_AA-6.7.0.4-2
ASA 5500-X series and ISA 3000: Cisco_FTD_Hotfix_AA-6.7.0.4-2
FTDv: Cisco_FTD_Hotfix_AA-6.7.0.4-2
What hardware are you running? Are you sure your hardware even supports 6.7
08-18-2022 11:25 AM
@Rob Ingram Thanks Rob-
We are using an ASA-5516X with Firepower Services, and it is running 6.7.0.3 currently. Last I checked, it could go up to at least 7.0.
08-18-2022 11:31 AM
@MauryJ if you are running ASA with Firepower then you'd want to upgrade the FPR module, the latest is 7.0.4 - there doesn't appear to be 6.7.0.4 for FPR module. https://software.cisco.com/download/home/286285782/type/286277393/release/7.0.4
The images you provided in the first post are for the FTD image, which is different to the FPR module, which also uses the ASA image.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: