Cisco has warned users of its Firepower firewalls – physical and virtual – that they may need to upgrade their kit within a four-day window or miss out on security intelligence updates.
A Monday Field Notice advised that the SSL certificate authority used to sign certificates for Talos security intelligence updates will be decommissioned and replaced on March 6, 2022.
The updates deliver lists of sites identified as sources of malware, spam, botnets, and phishing to Cisco appliances, which can automatically apply them so that admins don’t have to add to the always-growing list of threats manually.
But once Cisco changes to the new certificate authority, Firepower devices “might” not be able to receive Talos updates. Snort rule updates, the Cisco Vulnerability Database, and the Geolocation Database will still flow.
Users of FirePOWER Services Software for ASA, Firepower Threat Defense (FTD) Software, Firepower Management Center Software, and Firepower 6.1.x through 7.1.x have therefore been advised they’ll need to update their software. The update is required for both physical firewalls and FirePOWER running in clouds.
The Field Notice is dated February 2022 and offers a deadline of March 5. It’s unpleasantly short notice, but probably an achievable lead time – especially as the necessary updates are already available.
Except, that is, for those running Firepower 7.1.x, who have been warned that their update is “Planned for release by March 1, 2022.”
That’s next Tuesday. Four business days from the time of writing, and five days before things break. Not a huge margin for error – it’s not like software projects ever run late.
Or you could rely on Cisco’s advice that the certification change merely “might” block updates, and take your chances that crims don’t bother reading the Field Notice – which is a public document – or go looking for unpatched boxes on March 6.
Good luck, Firepower users. ®