Field Notice: FN - 70583 - Firepower Threat Defense - Vulnerability Database Update 331 Might Cause Snort To Restart - Configuration Change Recommended
Available Languages
Notice
THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTY OF MERCHANTABILITY. YOUR USE OF THE INFORMATION ON THE FIELD NOTICE OR MATERIALS LINKED FROM THE FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.
Revision History
| Revision | Publish Date | Comments |
|---|---|---|
1.0 |
05-Aug-20 |
Initial Release |
Products Affected
| Affected OS Type | Affected Software Product | Affected Release | Affected Release Number | Comments |
|---|---|---|---|---|
NON-IOS |
Firepower Threat Defense (FTD) Software |
6.0 |
6.0.1, 6.0.1.1, 6.0.1.2, 6.0.1.3, 6.0.1.4 |
|
NON-IOS |
Firepower Threat Defense (FTD) Software |
6.1 |
6.1.0, 6.1.0.1, 6.1.0.2, 6.1.0.3, 6.1.0.4, 6.1.0.5, 6.1.0.6, 6.1.0.7 |
|
NON-IOS |
Firepower Threat Defense (FTD) Software |
6.2 |
6.2.0, 6.2.0.1, 6.2.0.2, 6.2.0.3, 6.2.0.4, 6.2.0.5, 6.2.0.6, 6.2.1, 6.2.2, 6.2.2.1, 6.2.2.2, 6.2.2.3, 6.2.2.4, 6.2.2.5, 6.2.3, 6.2.3.1, 6.2.3.10, 6.2.3.11, 6.2.3.12, 6.2.3.13, 6.2.3.14, 6.2.3.15, 6.2.3.16, 6.2.3.2, 6.2.3.3, 6.2.3.4, 6.2.3.5, 6.2.3.6, 6.2.3.7, 6.2.3.8, 6.2.3.9 |
|
NON-IOS |
Firepower Threat Defense (FTD) Software |
6.3 |
6.3.0, 6.3.0.1, 6.3.0.2, 6.3.0.3, 6.3.0.4, 6.3.0.5 |
|
NON-IOS |
Firepower Threat Defense (FTD) Software |
6.4 |
6.4.0, 6.4.0.1, 6.4.0.2, 6.4.0.3, 6.4.0.4, 6.4.0.5, 6.4.0.6, 6.4.0.7, 6.4.0.8, 6.4.0.9 |
|
NON-IOS |
Firepower Threat Defense (FTD) Software |
6.5 |
6.5.0, 6.5.0.1, 6.5.0.2, 6.5.0.3, 6.5.0.4 |
|
NON-IOS |
Firepower Threat Defense (FTD) Software |
6.6 |
6.6.0, 6.6.0.1 |
Defect Information
| Defect ID | Headline |
|---|---|
| CSCvt06879 | Snort cores constantly with VDB 331 |
Problem Description
Vulnerability Database (VDB) update 331 for Firepower Threat Defense (FTD) might cause Snort to restart when it encounters SSL traffic due to memory corruption.
Background
FTD software uses the VDB updates to provide protection from known vulnerabilities to which hosts might be susceptible, as well as fingerprints for operating systems, clients, and applications. Customers are encouraged to configure the scheduling of automatic VDB updates to maximize protection from any new attack patterns.
If VDB update 331 is downloaded to FTD, customers might experience a Snort restart when it encounters SSL traffic due to a memory corruption issue. Note that VDB update 331 has been removed from the Cisco server to prevent additional customer risk exposure.
Problem Symptom
The Firepower Management Center will provide notification that "The Primary Detection Engine process terminated unexpectedly 1 time(s)" after FTD is upgraded to VDB 331. Customers might also experience issues with network traffic due to Snort restarts and memory corruption issues.
Workaround/Solution
Use Firepower Management Center to download and install VDB update 332 or later. See the Cisco Firepower Management Center Configuration Guide for your version of Firepower software for instructions on how to install VDB updates.
For More Information
If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:
Receive Email Notification For New Field Notices
My Notifications—Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.
FeedbackContact Cisco
- Open a Support Case
- (Requires a Cisco Service Contract)
This Document Applies to These Products
Unleash the Power of TAC's Virtual Assistance