Field Notice: FN - 72332 - Firepower Software: Cisco Talos Security Intelligence Updates Might Fail After March 5, 2022 - Software Upgrade Recommended
Available Languages
Notice
THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTY OF MERCHANTABILITY. YOUR USE OF THE INFORMATION ON THE FIELD NOTICE OR MATERIALS LINKED FROM THE FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.
Revision History
| Revision | Publish Date | Comments |
|---|---|---|
1.1 |
24-Feb-22 |
Updated the Workaround/Solution Section |
1.0 |
21-Feb-22 |
Initial Release |
Products Affected
| Affected OS Type | Affected Software Product | Affected Release | Affected Release Number | Comments |
|---|---|---|---|---|
NON-IOS |
FirePOWER Services Software for ASA |
6.1 |
6.1.0, 6.1.0.1, 6.1.0.2, 6.1.0.3, 6.1.0.4, 6.1.0.5, 6.1.0.6, 6.1.0.7 |
|
NON-IOS |
FirePOWER Services Software for ASA |
6.2 |
6.2.0, 6.2.0.1, 6.2.0.2, 6.2.0.3, 6.2.0.4, 6.2.0.5, 6.2.0.6, 6.2.2, 6.2.2.1, 6.2.2.2, 6.2.2.3, 6.2.2.4, 6.2.2.5, 6.2.3, 6.2.3.1, 6.2.3.10, 6.2.3.11, 6.2.3.12, 6.2.3.13, 6.2.3.14, 6.2.3.15, 6.2.3.16, 6.2.3.17, 6.2.3.2, 6.2.3.3, 6.2.3.4, 6.2.3.5, 6.2.3.6, 6.2.3.7, 6.2.3.9 |
|
NON-IOS |
FirePOWER Services Software for ASA |
6.3 |
6.3.0, 6.3.0.1, 6.3.0.2, 6.3.0.3, 6.3.0.4, 6.3.0.5 |
|
NON-IOS |
FirePOWER Services Software for ASA |
6.4 |
6.4.0, 6.4.0.1, 6.4.0.10, 6.4.0.11, 6.4.0.12, 6.4.0.13, 6.4.0.2, 6.4.0.3, 6.4.0.4, 6.4.0.5, 6.4.0.7, 6.4.0.8, 6.4.0.9 |
|
NON-IOS |
FirePOWER Services Software for ASA |
6.5 |
6.5.0, 6.5.0.2, 6.5.0.4, 6.5.0.5 |
|
NON-IOS |
FirePOWER Services Software for ASA |
6.6 |
6.6.0, 6.6.0.1, 6.6.1, 6.6.3, 6.6.4, 6.6.5, 6.6.5.1 |
|
NON-IOS |
FirePOWER Services Software for ASA |
6.7 |
6.7.0, 6.7.0.1, 6.7.0.2 |
|
NON-IOS |
FirePOWER Services Software for ASA |
7.0 |
7.0.0, 7.0.0.1, 7.0.1 |
|
NON-IOS |
Firepower Threat Defense (FTD) Software |
6.1 |
6.1.0, 6.1.0.1, 6.1.0.2, 6.1.0.3, 6.1.0.4, 6.1.0.5, 6.1.0.6, 6.1.0.7 |
|
NON-IOS |
Firepower Threat Defense (FTD) Software |
6.2 |
6.2.0, 6.2.0.1, 6.2.0.2, 6.2.0.3, 6.2.0.4, 6.2.0.5, 6.2.0.6, 6.2.2, 6.2.2.1, 6.2.2.2, 6.2.2.3, 6.2.2.4, 6.2.2.5, 6.2.3, 6.2.3.1, 6.2.3.10, 6.2.3.11, 6.2.3.12, 6.2.3.13, 6.2.3.14, 6.2.3.15, 6.2.3.16, 6.2.3.17, 6.2.3.2, 6.2.3.3, 6.2.3.4, 6.2.3.5, 6.2.3.6, 6.2.3.7, 6.2.3.9 |
|
NON-IOS |
Firepower Threat Defense (FTD) Software |
6.3 |
6.3.0, 6.3.0.1, 6.3.0.2, 6.3.0.3, 6.3.0.4, 6.3.0.5 |
|
NON-IOS |
Firepower Threat Defense (FTD) Software |
6.4 |
6.4.0, 6.4.0.1, 6.4.0.10, 6.4.0.11, 6.4.0.12, 6.4.0.13, 6.4.0.2, 6.4.0.3, 6.4.0.4, 6.4.0.5, 6.4.0.7, 6.4.0.8, 6.4.0.9 |
|
NON-IOS |
Firepower Threat Defense (FTD) Software |
6.5 |
6.5.0, 6.5.0.2, 6.5.0.4, 6.5.0.5 |
|
NON-IOS |
Firepower Threat Defense (FTD) Software |
6.6 |
6.6.0, 6.6.0.1, 6.6.1, 6.6.3, 6.6.4, 6.6.5, 6.6.5.1 |
|
NON-IOS |
Firepower Threat Defense (FTD) Software |
6.7 |
6.7.0, 6.7.0.1, 6.7.0.2 |
|
NON-IOS |
Firepower Threat Defense (FTD) Software |
7.0 |
7.0.0, 7.0.0.1, 7.0.1 |
|
NON-IOS |
Firepower Threat Defense (FTD) Software |
7.1 |
7.1.0 |
|
NON-IOS |
Firepower Management Center Software |
6.1 |
6.1.0, 6.1.0.1, 6.1.0.2, 6.1.0.3, 6.1.0.4, 6.1.0.5, 6.1.0.6, 6.1.0.7 |
|
NON-IOS |
Firepower Management Center Software |
6.2 |
6.2.0, 6.2.0.1, 6.2.0.2, 6.2.0.3, 6.2.0.4, 6.2.0.5, 6.2.0.6, 6.2.2, 6.2.2.1, 6.2.2.2, 6.2.2.3, 6.2.2.4, 6.2.2.5, 6.2.3, 6.2.3.1, 6.2.3.10, 6.2.3.11, 6.2.3.12, 6.2.3.13, 6.2.3.14, 6.2.3.15, 6.2.3.16, 6.2.3.17, 6.2.3.2, 6.2.3.3, 6.2.3.4, 6.2.3.5, 6.2.3.6, 6.2.3.7, 6.2.3.9 |
|
NON-IOS |
Firepower Management Center Software |
6.3 |
6.3.0, 6.3.0.1, 6.3.0.2, 6.3.0.3, 6.3.0.4, 6.3.0.5 |
|
NON-IOS |
Firepower Management Center Software |
6.4 |
6.4.0, 6.4.0.1, 6.4.0.10, 6.4.0.11, 6.4.0.12, 6.4.0.13, 6.4.0.2, 6.4.0.3, 6.4.0.4, 6.4.0.5, 6.4.0.6, 6.4.0.7, 6.4.0.8, 6.4.0.9 |
|
NON-IOS |
Firepower Management Center Software |
6.5 |
6.5.0, 6.5.0.1, 6.5.0.2, 6.5.0.4, 6.5.0.5 |
|
NON-IOS |
Firepower Management Center Software |
6.6 |
6.6.0, 6.6.0.1, 6.6.1, 6.6.3, 6.6.4, 6.6.5, 6.6.5.1 |
|
NON-IOS |
Firepower Management Center Software |
6.7 |
6.7.0, 6.7.0.1, 6.7.0.2 |
|
NON-IOS |
Firepower Management Center Software |
7.0 |
7.0.0, 7.0.0.1, 7.0.1 |
|
NON-IOS |
Firepower Management Center Software |
7.1 |
7.1.0 |
Defect Information
| Defect ID | Headline |
|---|---|
| CSCwa70008 | Expired certs cause Security Intelligence updates to fail |
Problem Description
For affected versions of Firepower software, the Cisco Talos security intelligence updates might fail after March 5, 2022 due to a Secure Sockets Layer (SSL) certificate change.
Background
The existing SSL certificate authority (CA) used to sign certificates for Talos security intelligence updates will be decommissioned and replaced on March 6, 2022.
This Talos website has been signed by this CA and is used to obtain Talos security intelligence updates: https://intelligence.sourcefire.com.
Problem Symptom
Affected Firepower platforms will be unable to receive the latest Talos intelligence feeds (IPs, URLs, DNS Hosts).
The platform might experience a degraded security posture for future threats. Health monitoring indications regarding failures to download Talos security intelligence updates should be ignored until the platform software is upgraded to a fixed release.
No other content updates (Snort Rule Updates (SRUs), Vulnerability Database (VDB), Geolocation Database (GeoDB), and so on) will be affected by this issue.
Workaround/Solution
Cisco recommends to upgrade to one of the Firepower software versions shown in the table in order to continue to receive the latest Talos security intelligence updates.
The Firepower Management Center (FMC) must be updated to fix the certificate issue. The Firepower Threat Defense (FTD) device managed by the FMC does NOT need to be updated to fix the certificate issue.
The Firepower Device Manager (FDM) must be updated to fix the certificate issue for the FTD device managed by the FDM.
| Release Version | Fixed Version |
|---|---|
| Firepower 6.1.x |
Migrate to a fixed release (End-of-Life announcement November 2019) |
| Firepower 6.2.x | Firepower 6.2.3.18 or later |
| Firepower 6.3.x |
Migrate to a fixed release (End-of-Life announcement October 2019) |
| Firepower 6.4.x | Firepower 6.4.0.14 or later |
| Firepower 6.5.x |
Migrate to a fixed release (End-of-Life announcement May 2020) |
| Firepower 6.6.x | Apply Firepower 6.6.5 HotFix or upgrade to Firepower 6.6.5.2 or later |
| Firepower 6.7.x | Firepower 6.7.0.3 or later |
| Firepower 7.0.x | Firepower 7.0.1.1 or later |
| Firepower 7.1.x | Firepower 7.1.0.1 or later |
For More Information
If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:
Receive Email Notification For New Field Notices
My Notifications—Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.
FeedbackContact Cisco
- Open a Support Case
- (Requires a Cisco Service Contract)
This Document Applies to These Products
Unleash the Power of TAC's Virtual Assistance