CUC (6) CUCM (28) Jabber (6) Python (2) Routing (3) Solarwinds Orion NPM (4) switching (1) Video (6) voice (3)

Monday, 15 January 2018

Firepower IPS search for certain CVE

Sometimes you might need to know if your Firepower software protects against a certain, published vulnerability. In other words; does your Firepower box have the required rules to recognize the signatures of certain vulnerabilities?
First thing you need to do is find the CVE (common vulnerabilities and exposures) number
and write down the number for instance CVE-2017-5354
now go to your Firepower Virtual Defence Centre:

  1. Edit your Intrusion Policy
  2. Edit your Intrusion Policy and go to the Rules section.
  3. On the left side accordion panel select "Rule Content."
  4. Click Reference  (as per below)

5: Click CVE ID and enter the CVE code (do not include CVE-  !!)

Enter CVE ID and click OK.  For CVE-2017-5754 this could give the following output:

As you can see in the picture above, the Firepower engine, contains IPS rules to recognise the signature of CVE 2017-5475 (Meltdown)


No comments:

Post a Comment