Firepower still missing latest F5 CVE's?

ashaw216 · ‎03-23-2021

Looking for the Intrusion Rules that match these CVE's; the first one shows up but the others do not.

Alerts about these from F5 were sent out around 3/10/21, does anyone now where the other Intrusion rules for these might be?

CVE-2021-22986 (found, corresponds to SID 57298)
CVE-2021-22987
CVE-2021-22991
CVE-2021-22992

Marvin Rhoads · ‎03-23-2021

I noticed that 2021-03-17-001-vrt didn't have the rules. It looks like Firepower Management Center wasn't recognizing the newer 2021-03-22-001-vrt ruleset. That one added SIDs 57336 and 57337 (among others) which address two of the F5 vulnerabilities. You can download it manually and upload it to your FMC.

https://software.cisco.com/download/home/286259687/type/286321931/release/SRU

Short of opening a TAC case, we can can only wait for Talos to publish a newer SRU to see about the other ones.

ashaw216 · ‎03-24-2021

Thanks for the suggestion. Our FMC shows that it's running the 03-22 vrt and I found those SIDs, but how did you figure out which CVEs these go to? The Rule Documentation reference link leads to a "Missing documentation" page on Snort.

Marvin Rhoads · ‎03-24-2021

I cross-referenced them by looking at the description in the SRU vs. the description on F5's notice which did include the associated CVEs.

Firepower still missing latest F5 CVE's?

Cisco ISE related Vulnerability (CVE-2025-20152)

ACI + F5 Configuration

Firepower System and FTD: Bug Trend (2024年)

CVE-2024-20533

Firepower System and FTD: Bug Trend (2025年)