Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1337
Views
0
Helpful
3
Replies

Firepower still missing latest F5 CVE's?

ashaw216
Level 1
Level 1

‎03-23-2021 07:12 AM

Looking for the Intrusion Rules that match these CVE's; the first one shows up but the others do not.

 

Alerts about these from F5 were sent out around 3/10/21, does anyone now where the other Intrusion rules for these might be?

 

CVE-2021-22986     (found, corresponds to SID 57298)
CVE-2021-22987
CVE-2021-22991
CVE-2021-22992

0 Helpful
3 Replies 3

Marvin Rhoads
Hall of Fame
Hall of Fame

‎03-23-2021 10:48 AM

I noticed that 2021-03-17-001-vrt didn't have the rules. It looks like Firepower Management Center wasn't recognizing the newer 2021-03-22-001-vrt ruleset. That one added SIDs 57336 and 57337 (among others) which address two of the F5 vulnerabilities. You can download it manually and upload it to your FMC.

https://software.cisco.com/download/home/286259687/type/286321931/release/SRU

Short of opening a TAC case, we can can only wait for Talos to publish a newer SRU to see about the other ones.

0 Helpful

ashaw216
Level 1
Level 1
In response to Marvin Rhoads

‎03-24-2021 04:56 AM

Thanks for the suggestion. Our FMC shows that it's running the 03-22 vrt and I found those SIDs, but how did you figure out which CVEs these go to? The Rule Documentation reference link leads to a "Missing documentation" page on Snort.

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to ashaw216

‎03-24-2021 09:47 AM

I cross-referenced them by looking at the description in the SRU vs. the description on F5's notice which did include the associated CVEs.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card