This is just a piece of info. I recently started our next round of Cisco Gold Star upgrades due to v7.0.5 having a DoS attack vulnerability.

I initially upgraded 3 HA pairs of FPR-2120, followed by an HA pair FPR-2140's in middle of December 2023.

Today I got an incident from Security Team, stating the management interfaces on the 2140's were showing a SSH vulnerability from the latest Qualys scan. This was strange as I have SSH ACL's on all management interfaces & Qualys can't reach them.

On checking the reported FTD's the ACL's were gone !  See below where <snip> is removed content.

>>>

Cisco Firepower Extensible Operating System (FX-OS) v2.12.0 (build 519)
Cisco Firepower 2140 Threat Defense v7.2.5 (build 208)

>
> show version
---------[ <snip>-FTD-2 ]----------
Model : Cisco Firepower 2140 Threat Defense (77) Version 7.2.5 (Build 208)
UUID : <snip>
Rules update version : 2023-12-07-001-vrt
VDB version : 377
----------------------------------------------------

> show ssh-access-list
f2b-sshd tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
Chain f2b-sshd (1 references)
ACCEPT tcp anywhere anywhere state NEW tcp dpt:ssh
>
>
>configure ssh-access-list <snip>

The ssh access list was changed successfully.

> show ssh-access-list
ACCEPT tcp -- <snip> anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- <snip> anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- <snip> anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- <snip> anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- <snip> anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- <snip> anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- <snip> anywhere state NEW tcp dpt:ssh
>
<<<

I checked the FPR-2120's & they still had their ACL's intact, so I suspect it Hardware related issue. I have logged a case with TAC for it.

Might be worth adding another post change validation check to your upgrades process.

Have Fun