A vulnerability in the SSL file policy implementation of Cisco Firepower Threat Defense (FTD) Software that occurs when the SSL/TLS connection is configured with a URL Category and the Snort 3 detection engine could allow an unauthenticated, remote attacker to cause the Snort 3 detection engine to unexpectedly restart. This vulnerability exists because a logic error occurs when a Snort 3 detection engine inspects an SSL/TLS connection that has either a URL Category configured on the SSL file policy or a URL Category configured on an access control policy with TLS server identity discovery enabled. Under specific, time-based constraints, an attacker could exploit this vulnerability by sending a crafted SSL/TLS connection through an affected device. A successful exploit could allow the attacker to trigger an unexpected reload of the Snort 3 detection engine, resulting in either a bypass or denial of service (DoS) condition, depending on device configuration. See the Details section of this advisory for more information. The Snort 3 detection engine will restart automatically. No manual intervention is required. Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sa-ftd-snort3-urldos-OccFQTeX This advisory is part of the November 2023 release of the Cisco ASA, FTD, and FMC Security Advisory Bundled publication. For a complete list of the advisories and links to them, see Cisco Event Response: November 2023 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication.
A vulnerability in the SSL file policy implementation of Cisco Firepower Threat Defense (FTD) Software that occurs when the SSL/TLS connection is configured with a URL Category and the Snort 3 detection engine could allow an unauthenticated, remote attacker to cause the Snort 3 detection engine to unexpectedly restart.
This vulnerability exists because a logic error occurs when a Snort 3 detection engine inspects an SSL/TLS connection that has either a URL Category configured on the SSL file policy or a URL Category configured on an access control policy with TLS server identity discovery enabled. Under specific, time-based constraints, an attacker could exploit this vulnerability by sending a crafted SSL/TLS connection through an affected device. A successful exploit could allow the attacker to trigger an unexpected reload of the Snort 3 detection engine, resulting in either a bypass or denial of service (DoS) condition, depending on device configuration. See the Details section of this advisory for more information. The Snort 3 detection engine will restart automatically. No manual intervention is required.
Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sa-ftd-snort3-urldos-OccFQTeX
This advisory is part of the November 2023 release of the Cisco ASA, FTD, and FMC Security Advisory Bundled publication. For a complete list of the advisories and links to them, see Cisco Event Response: November 2023 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication.
At the time of publication, this vulnerability affected Cisco FTD Software if it was running a vulnerable release and met all of the following conditions:
For information about which Cisco software releases are vulnerable, see the Fixed Software section of this advisory.
To determine whether Snort 3 is running on Cisco FTD Software, see Determine the Active Snort Version that Runs on Firepower Threat Defense (FTD). Snort 3 must be active for this vulnerability to be exploited.
SSL decryption policies are not configured by default.
Determine Cisco FTD Software SSL Policy Configuration Using the FTD Software CLI
To determine whether an SSL policy is configured on a device that is running Cisco FTD Software, log in to the Cisco FTD Software CLI and use the show ssl-policy-config command.
If the command output shows SSL policy not yet applied, the device might not be affected by this vulnerability, as shown in the following example:
>show ssl-policy-config
SSL policy not yet applied
If the command output shows a policy, the device has an SSL policy applied and could be affected by this vulnerability, as shown in the following example:
> show ssl-policy-config
===================[ CSCwe87591 ]===================
=================[ Default Action ]=================
Default Action : Do Not Decrypt
...
Determine Cisco FTD Software SSL Policy Configuration for Devices that Are Managed by Cisco Firepower Device Manager Software
To determine whether an SSL policy is configured on a device that is managed by Cisco Firepower Device Manager (FDM) Software, complete the following steps:
For detailed information about SSL decryption policies, see the SSL Decryption chapter of the Cisco Firepower Threat Defense Configuration Guide for Firepower Device Manager.
Determine Cisco FTD Software SSL Policy Configuration for Devices that are Managed by Cisco Firepower Management Center Software
To determine whether an SSL policy is configured on a device that is managed by Cisco Firepower Management Center (FMC) Software, complete the following steps:
For detailed information about SSL decryption policies, see the SSL Policy chapter of the Cisco Secure Firewall Management Center Configuration Guide.
Determine Cisco FTD Software SSL Policy Configuration for Devices that are Managed by Cisco Defense Orchestrator
To determine whether an SSL policy is configured on a device that is managed by Cisco Defense Orchestrator, complete the following steps:
For detailed information about devices managed by Cisco Defense Orchestrator, see the Cisco Defense Orchestrator documentation.
For detailed information about SSL decryption policies for Cisco FMC Devices managed with Cisco Defense Orchestrator, see the Decryption Policies chapter of Managing Firewall Threat Defense with Cloud-delivered Firewall Management Center in Cisco Defense Orchestrator.
For detailed information about SSL decryption policies for Cisco FDM Devices managed with Cisco Defense Orchestrator, see the SSL Decryption Policy section of Managing FDM Devices with Cisco Defense Orchestrator.
URL Categories in the SSL policy are not configured by default.
Determine Cisco FTD Software SSL Policy URL Category Configuration Using the FTD Software CLI
To determine whether a URL category for the SSL policy is configured on a device by using the CLI, log in to the Cisco FTD Software CLI and use the grep url /ngfw/var/sf/detection_engines/*/ssl/ssl.rules command.
If the command output shows url_categories (any), the device might not be affected by this vulnerability, as shown in the following example:
> expert
admin@ftd:~$
admin@ftd:~$grep url /ngfw/var/sf/detection_engines/*/ssl/ssl.rules
url_categories (any);
If the command output shows url_categories (string of numbers), the device has an SSL policy with a URL category configured and is affected by this vulnerability, as shown in the following example:
> expert
admin@ftd:~$
admin@ftd:~$grep url /ngfw/var/sf/detection_engines/*/ssl/ssl.rules url_categories (2107:0:0,2107:1:100);
Determine Cisco FTD Software SSL Policy URL Category Configuration for Devices that are Managed by Cisco FDM Software
To determine whether a URL Category is configured on a device that is managed by Cisco FDM software, complete the following steps:
For detailed information about URL Categories, see the URL Criteria for SSL Decryption Rules section in the Cisco Firepower Threat Defense Configuration Guide for Firepower Device Manager.
For detailed information about URL filtering, see the URL filtering section of the Access Control chapter in the Cisco Firepower Threat Defense Configuration Guide for Firepower Device Manager.
Determine Cisco FTD Software SSL Policy URL Category Configuration for Devices that are Managed by Cisco FMC Software
To determine whether a URL Category is configured on a device that is managed by Cisco FMC Software, complete the following steps:
For detailed information about URL Categories, see the Category Rule Conditions section in the Cisco Secure Firewall Management Center Configuration Guide.
For detailed information about URL filtering, see the URL filtering section of the Access Control chapter in the Cisco Secure Firewall Management Center Configuration Guide.
Determine Cisco FTD Software SSL Policy URL Category Configuration for Devices that are Managed by Cisco Defense Orchestrator
To determine whether a URL Category is configured on a device that is managed by Cisco Defense Orchestrator, complete the following steps:
For detailed information about Cisco Defense Orchestrator managed devices, see the Cisco Defense Orchestrator documentation.
For detailed information about URL Categories, see the Decryption Rules chapter of Managing Firewall Threat Defense with Cloud-Delivered Firewall Management Center in Cisco Defense Orchestrator.
For detailed information about URL filtering, see the Access Control chapter of Managing Firewall Threat Defense with Cloud-Delivered Firewall Management Center in Cisco Defense Orchestrator.
For detailed information about URL Categories for Cisco FDM Devices managed with Cisco Defense Orchestrator, see the URL Criteria for SSL Decryption Rules section of Managing FDM Devices with Cisco Defense Orchestrator.
For detailed information about URL filtering, see the Access Control section of Managing FDM Devices with Cisco Defense Orchestrator.
TLS server identity discovery is disabled by default.
Determine Cisco FTD Software TLS Server Identity Discovery Configuration Using the FTD Software CLI
To determine whether TLS server identity discovery is configured on a device that is running Cisco FTD Software, log in to the Cisco FTD Software CLI and use the show access-control-config command. Scroll down to the Advanced Settings section. If the output shows TLS Server Identity Discovery Enabled, the device could be affected by this vulnerability:
The following example shows the TLS server identity discovery disabled:
>show access-control-config
===============[ Advanced Settings ]================General SettingsMaximum URL Length : 1024Interactive Block Bypass Timeout : 600TLS Server Identity Discovery : Disabled
The following example shows the TLS server identity discovery enabled:
> show access-control-config
===============[ Advanced Settings ]================General SettingsMaximum URL Length : 1024Interactive Block Bypass Timeout : 600SSL Policy : Certificate-Visibility-SSL-PolicyTLS Server Identity Discovery : Enabled
Note: Due to CSCvz06256, this command will not show the TLS server identity discovery setting for the Cisco FTD 7.0 software train.
Determine Cisco FTD Software TLS Server Identity Discovery Configuration for Devices Managed by Cisco FDM Software
To determine whether TLS server identity discovery is configured on a device that is managed by Cisco FDM Software, complete the following steps:
For detailed information about TLS server identity discovery, see the Access Control chapter of Cisco Firepower Threat Defense Configuration Guide for Firepower Device Manager.
Determine Cisco FTD Software TLS Server Identity Discovery Configuration for Devices that are Managed by Cisco FMC Software
To determine whether TLS server identity discovery is configured on a device that is managed by Cisco FMC, complete the following steps:
For detailed information about TLS server identity discovery, see the Access Control Policy chapter of Cisco Secure Firewall Management Center Device Configuration.
Determine Cisco FTD Software TLS Server Identity Discovery Configuration for Devices Managed by Cisco Defense Orchestrator
To determine whether TLS server identity discovery is configured on a device that is managed by Cisco Defense Orchestrator, complete the following steps:
For detailed information about TLS server identity discovery, see the Cisco Defense Orchestrator documentation.
URL Categories in the access control policy are not configured by default.
Determine Cisco FTD Software Access Control Policy URL Category Configuration Using the FTD Software CLI
Use the show access-control-config command. Scroll down to the Rule section.
If the output of command does not include a category section, the device might not be affected by this vulnerability, as shown in the following example that shows no URL category configured:
> show access-control-config
--------------[ Rule: CSCwe87591_AC ]---------------Action : Fast-pathSource ISE Metadata :Source Zones : inside_zoneDestination Zones : outside_zoneUsersURLsLogging Configuration
If the output of command shows Category: any value, the device could be affected by this vulnerability, as shown in this example with URL category configured:
> show access-control-config
--------------[ Rule: CSCwe87591_AC ]---------------Action : Fast-pathSource ISE Metadata :Source Zones : inside_zoneDestination Zones : outside_zoneUsersURLsCategory : BotnetsReputation : UnknownLogging Configuration
Determine Cisco FTD Software Access Control Policy URL Category Configuration for Devices that are Managed by Cisco FDM
To determine whether an access control policy URL category is configured on a device that is managed by Cisco FDM, complete the following steps:
For detailed information about access control policy URL categories, see the Access Control chapter in the Cisco Firepower Threat Defense Configuration Guide for Firepower Device Manager.
Determine Cisco FTD Software Access Control Policy URL Category Configuration for Devices that are Managed by Cisco FMC Software
To determine whether an access control policy URL category is configured on a device that is managed by Cisco FMC Software, complete the following steps:
For detailed information about access control policy URL categories, see the Access Control chapter in the Cisco Firepower Threat Defense Configuration Guide for Firepower Device Manager.
Determine Cisco FTD Software Access Control Policy URL Category Configuration for Devices that are Managed by Cisco Defense Orchestrator
To determine whether an access control policy URL category is configured on a device that is managed by Cisco Defense Orchestrator, complete the following steps:
For detailed information about devices that are managed by Cisco Defense Orchestrator, see the Cisco Defense Orchestrator documentation.
For detailed information about access control policy URL categories, see the Access Control chapter of Managing Firewall Threat Defense with Cloud-Delivered Firewall Management Center in Cisco Defense Orchestrator.
For detailed information about access control policy URL Categories, see the Access Control section of Managing FDM Devices with Cisco Defense Orchestrator.
Cisco has confirmed that this vulnerability does not affect the following products:
The following Cisco FTD Software Snort 3 configuration parameters govern how traffic is handled if the Snort 3 process restarts, which could change how encrypted traffic is handled during an exploit of this vulnerability.
For additional information, see the Snort Restart Traffic Behavior section of the Firepower Management Center Configuration Guide or the Managing Firewall Threat Defense with Cloud-delivered Firewall Management Center in Cisco Defense Orchestrator guide.
An indication that this vulnerability might have been exploited is if specific Snort 3 counters have been incremented. The administrator can issue the show snort counters CLI command and look for non-zero values for rules_url_retry and/or cache_original_expire.
# show snort counters
.
.
.
rules_url_retry: 1676
cache_original_expire: 124
.
.
.
#
These counters can increment for other conditions as well. If further assistance is needed, contact the Cisco Technical Assistance Center (TAC).
There is a workaround and mitigations that address this vulnerability. To remove the attack vector for this vulnerability, do one of the following:
Note: A Decryption policy or SSL policy does not need to be configured and associated with the Access Control policy for TLS Server Identity Discovery to be enabled.
Before downgrading, review the Before you Begin section in the Switching Between Snort 2 and Snort 3 section of the Cisco Firepower Threat Defense Configuration Guide for Firepower Device Manager.
Note: Downgrading to Snort 2 will delete customer policies, NAP customizations, and Hostname redirect in active authentications. To discuss the effects of reverting on the deployment, contact the Technical Assistance Center (TAC)
Revert to Snort 2 for Cisco FTD devices by using the CLI
There is no option to change this configuration by using the CLI.
Revert to Snort 2 for Cisco FTD devices that are managed by FDM Software
To revert to Snort 2 on a device that is managed by Cisco FDM Software, complete the following steps:
After making the changes above, deploy changes to your Cisco FTD devices.
For detailed information about reverting to Snort 2, see the Switching Between Snort 2 and Snort 3 section of the Cisco Firepower Threat Defense Configuration Guide for Firepower Device Manager.
Revert to Snort 2 for Cisco FTD devices that are managed by FMC Software
To revert to Snort 2 on a device that is managed by Cisco FMC Software, complete the following steps:
After making the changes above, deploy changes to your Cisco FTD devices.
For detailed information about reverting to Snort 2, see the Snort 3 Inspection Engine chapter of the Cisco Secure Firewall Management Center Snort 3 Configuration Guide.
Revert to Snort 2 for Cisco FTD devices managed by Cisco Defense Orchestrator
To revert to Snort 2 on a device that is managed by Cisco Defense Orchestrator, complete the following steps:
After making the changes above, deploy changes to your Cisco FTD devices.
For detailed information about Cisco Defense Orchestrator managed devices, see the Cisco Defense Orchestrator documentation.
For detailed information about reverting to Snort 2 for Cisco FMC Devices managed by Cisco Defense Orchestrator, see the Snort 3 Inspection Engine chapter of the Cisco Secure Firewall Management Center Snort 3 Configuration Guide.
For detailed information about reverting to Snort 2 for Cisco FDM Devices managed with Cisco Defense Orchestrator, see the Revert From Snort 3.0 for FDM-Managed Device section of Managing FDM Devices with Cisco Defense Orchestrator.
For Cisco FTD devices that stay on Snort 3, both the access control policy and SSL policy must be checked to ensure the device is not affected by this vulnerability. If either place is configured in a vulnerable manner, the device is affected by this vulnerability.
Access Control Policy
If the device is using an access control policy with TLS server identity discovery enabled and URL categories configured, the device is affected by this vulnerability. The following options can be used to close the vector of attack:
SSL Policy
If the device is using an SSL policy with URL categories configured, the device is affected by this vulnerability. The following options can be used to close the vector of attack:
Disabling TLS Server Identity Discovery Cisco FTD devices using the CLI
There is no option to change this configuration using the CLI.
Disabling TLS Server Identity Discovery Cisco for Devices that are Managed by Cisco FDM Software
To disable the TLS server identity discovery for Cisco FDM Software-managed devices, do the following:
After changing the policies above, deploy the new policies to your Cisco FTD devices.
For more information, see the Access Control Chapter of the Cisco Firepower Threat Defense Configuration Guide for Firepower Device Manager.
Disabling TLS Server Identity Discovery Cisco for Devices that are Managed by Cisco FMC Software
To disable the TLS server identity discovery for devices that are managed by Cisco FMC Software, do the following:
After changing the policies above, deploy the new policies to your Cisco FTD devices.
For more information, see the Access Control Chapter of the Firepower Management Center Device Configuration Guide.
Disabling TLS Server Identity Discovery Cisco for Devices that are Managed by Cisco Defense Orchestrator
To disable the TLS server identity discovery for devices managed by Cisco Defense Orchestrator, do the following:
After changing the policies above, deploy the new policies to your Cisco Defense Orchestrator devices.
For more information, see the Cisco Defense Orchestrator documentation.
For detailed information about TLS server identity discovery for Cisco FMC Devices managed with Cisco Defense Orchestrator, see the Access Control Policies chapter of Managing Firewall Threat Defense with Cloud-delivered Firewall Management Center in Cisco Defense Orchestrator.
For detailed information about TLS server identity discovery for Cisco FDM Devices managed with Cisco Defense Orchestrator, see the Configuring FDM-Managed Devices section of Managing FDM Devices with Cisco Defense Orchestrator.
Removing Access Control Policy URL categories for Cisco FTD devices using the CLI
There is no option to change this configuration using the CLI.
Removing Access Control Policy URL categories for Cisco FTD devices managed by FDM Software
To disable the Access Control Policy URL Category on a device that is managed by Cisco FDM Software, complete the following steps:
After changing the policies above, deploy the new policies to your Cisco FTD devices.
For detailed information about access control policy URL Categories, see the Access Control chapter in the Cisco Firepower Threat Defense Configuration Guide for Firepower Device Manager.
Removing Access Control Policy URL categories for Cisco FTD devices managed by FMC Software
To disable the access control policy URL category on a device that is managed by Cisco FMC Software, complete the following steps:
After changing the policies above, deploy the new policies to your FTD devices.
For detailed information about access control policy URL categories, see the Access Control chapter in Cisco Firepower Threat Defense Configuration Guide for Firepower Device Manager.
Removing Access Control Policy URL categories for Cisco FTD devices managed by Cisco Defense Orchestrator
To disable the Access Control Policy URL Category on a device that is managed by Cisco Defense Orchestrator, complete the following steps:
After changing the policies above, deploy the new policies to your Cisco FTD devices.
For detailed information about Cisco Defense Orchestrator managed devices, see the Cisco Defense Orchestrator documentation.
For detailed information about access control policy URL categories, see the Access Control chapter of Managing Firewall Threat Defense with Cloud-Delivered Firewall Management Center in Cisco Defense Orchestrator.
For detailed information about access control policy URL categories, see the Access Control section of Managing FDM Devices with Cisco Defense Orchestrator guide.
Removing SSL Policy URL categories for Cisco FTD devices using the CLI
There is no option to change this configuration using the CLI.
Removing SSL Policy URL categories for Cisco FTD devices managed by FDM Software
To remove the SSL policy URL Category configuration on a device that is managed by Cisco FDM Software, complete the following steps:
After changing the policies above, deploy the new policies to your FTD devices.
For detailed information about URL Categories, see the URL Criteria for SSL Decryption Rules section in the Cisco Firepower Threat Defense Configuration Guide for Firepower Device Manager.
For detailed information about URL filtering, see the URL filtering section of the Access Control chapter in the Cisco Firepower Threat Defense Configuration Guide for Firepower Device Manager.
Removing SSL Policy URL categories for Cisco FTD devices managed by FMC
To remove the SSL policy URL Category configuration on a device that is managed by Cisco FMC Software, complete the following steps:
After changing the policies above, deploy the new policies to your Cisco FTD devices.
For detailed information about URL Categories, see the Category Rule Conditions section in the Cisco Secure Firewall Management Center Configuration Guide.
For detailed information about URL filtering, see the URL filtering section of the Access Control chapter in the Cisco Secure Firewall Management Center Configuration Guide.
Removing SSL Policy URL categories for Cisco FTD devices managed by Cisco Discovery Orchestrator
To remove the SSL policy URL Category configuration on a device that is managed by Cisco Discovery Orchestrator, complete the following steps:
After changing the policies above, deploy the new policies to your Cisco FTD devices.
For detailed information about Cisco Discovery Orchestrator managed devices, see the Cisco Defense Orchestrator documentation.
For detailed information about URL categories, see the Decryption Rules chapter of the Managing Firewall Threat Defense with Cloud-Delivered Firewall Management Center in Cisco Defense Orchestrator guide.
For detailed information about URL filtering, see the Access Control chapter of the Managing Firewall Threat Defense with Cloud-Delivered Firewall Management Center in Cisco Defense Orchestrator guide.
For detailed information about URL categories for Cisco FDM Devices managed with Cisco Discovery Orchestrator, see the URL Criteria for SSL Decryption Rules section of Managing FDM Devices with Cisco Defense Orchestrator.
For detailed information about URL filtering, see the Access Control section of Managing FDM Devices with Cisco Defense Orchestrator.
Removing SSL Policy from Access Control Policy for Cisco FTD Devices Using the CLI
There is no option to change this configuration using the CLI.
Removing SSL Policy from Access Control Policy for Cisco FTD Devices Managed by FDM Software
To remove the SSL policy URL category configuration on a device that is managed by Cisco FDM Software, complete the following steps:
After changing the policies above, deploy the new policies to your FTD devices.
For detailed information about SSL Decryption, see the SSL Decryption chapter in the Cisco Firepower Threat Defense Configuration Guide for Firepower Device Manager.
Removing SSL Policy from Access Control Policy for Cisco FTD Devices Managed by FMC
To remove the SSL policy URL category configuration on a device that is managed by Cisco FDM Software, complete the following steps:
After changing the policies above, deploy the new policies to your FTD devices.
For detailed information about SSL decryption policies, see the SSL Policy chapter of the Cisco Secure Firewall Management Center Configuration Guide.
Removing SSL Policy from Access Control Policy for Cisco FTD Devices Managed by Cisco Discovery Orchestrator
To remove the SSL policy URL category configuration on a device that is managed by Cisco Discovery Orchestrator, complete the following steps:
While these workarounds and mitigations have been deployed and were proven successful in a test environment, customers should determine the applicability and effectiveness in their own environment and under their own use conditions. Customers should be aware that any workaround or mitigation that is implemented may negatively impact the functionality or performance of their network based on intrinsic customer deployment scenarios and limitations. Customers should not deploy any workarounds or mitigations before first evaluating the applicability to their own environment and any impact to such environment.
When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page, to determine exposure and a complete upgrade solution.
In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.
To help customers determine their exposure to vulnerabilities in Cisco ASA, FMC, and FTD Software, Cisco provides the Cisco Software Checker. This tool identifies any Cisco security advisories that impact a specific software release and the earliest release that fixes the vulnerabilities that are described in each advisory (“First Fixed”). If applicable, the tool also returns the earliest release that fixes all the vulnerabilities that are described in all the advisories that the Software Checker identifies (“Combined First Fixed”).
To use the tool, go to the Cisco Software Checker page and follow the instructions. Alternatively, use the following form to search for vulnerabilities that affect a specific software release. To use the form, follow these steps:
For instructions on upgrading your FTD device, see Cisco Firepower Management Center Upgrade Guide.
For help determining the best Cisco ASA, FTD, or FMC Software release, see the following Recommended Releases documents. If a security advisory recommends a later release, Cisco recommends following the advisory guidance.
Cisco ASA Compatibility
Cisco Secure Firewall ASA Upgrade Guide
Cisco Secure Firewall Threat Defense Compatibility Guide
The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.
This vulnerability was found during the resolution of a Cisco TAC support case.
To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.
Version | Description | Section | Status | Date |
---|---|---|---|---|
1.0 | Initial public release. | - | Final | 2023-NOV-01 |
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.