Critical vulnerabilities: Update your physical and virtual Cisco Firepower firewalls immediately

In its latest security alert, Cisco recommended that users of Firepower firewall devices apply available updates to physical and virtual deployments to enable support for the new SSL Certificate Authority guidelines.

This update package includes a list of sites identified as potential sources of malware, spam, botnets, and phishing, avoiding the work of adding these websites manually. It should be remembered that Cisco is changing certification authority, so the company’s firewalls could stop receiving updates from Talos.

Users of FirePOWER Services software for ASA, Firepower Threat Defense (FTD) software, Firepower Management Center software, and Firepower 6.1.x to 7.1.x will need to update their software. The upgrade is required for both physical firewalls and FirePOWER deployments running in the cloud.

The notice has a release date of February 2022, marking March 5 as the deadline to apply the updates. While it is a very short period of time, updates have been available since last week, except for Firepower 7.1x users, who will have to wait until next March 1.

System administrators should remember that there is not a huge margin for error, as updates should be ready by the end of next week and letting these updates pass would put multiple deployments at risk. Cisco is confident that the updates will help users of its firewalls stay protected against the most common online security threats.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.