The management web server is accessible only by privileged users, such as system administrators, who should not be accessing the configuration of the device. In most cases, this vulnerability can only be exploited by a remote, authenticated attacker, who can send messages to the management web server. Cisco Firepower Management Center (FMC) should be used to manage and configure the devices, and not the device’s management web server. Cisco devices can be configured to block remote access to the management web server by using the following command: Access-Control-Allow-Methods set to ‘GET’, ‘POST’, and ‘HEAD’. Cisco Firepower Threat Defense (FTD) Software 8.0 and later releases can be configured to block access to the management web server by using the following command: Access-Control-Allow-Methods set to ‘GET’, ‘POST’, and ‘HEAD’. Cisco Firepower Threat Defense (FTD) 8.0 and later releases can be configured to block access to the management web server by using the following command: Access-Control-Allow-Methods set to ‘POST’ and ‘GET’. Cisco Firepower Threat Defense (FTD) 8.0 and later releases can be configured to block access to the management web server by using the following command: Access-Control-Allow-Methods set to ‘POST’ and ‘GET’. Cisco
System-level mitigations to control access to management ports
Cisco Threat Defense (FTD) Software 8.0 and later releases can be configured to block access to the management web server by using the following command: Access-Control-Allow-Methods set to ‘POST’ and ‘GET’. Cisco FTD Software 8.0 and later releases can be configured to block access to the management web server by using the following command: Access-Control-Allow-Methods set to ‘POST’ and ‘GET’. The management port must be blocked at the system level, DNS forwarding must be disabled, or reverse mappings must not be enabled if these devices are not managed by Cisco Firepower Management Center (FMC).
Cisco Firepower Mx Series
Security Appliances Configuration
The Cisco Firepower Management Center (FMC) should be used to manage and configure the devices, and not the device’s management web server. This vulnerability can only be exploited by a remote, authenticated attacker who can send messages to the management web server. To block remote access to the management web server, use the following command: Access-Control-Allow-Methods set to ‘GET’, ‘POST’, and ‘HEAD’. The Cisco Firepower Threat Defense (FTD) software 8.0 and later releases can be configured to block access to the management web server by using the following command: Access-Control-Allow-Methods set to ‘GET’, ‘POST’, and ‘HEAD’. The Cisco Firepower Threat Defense (FTD) 8.0 release can be configured to block access to the management web server by using the following command: Access-Control-Allow-Methods set to ‘POST’ and ‘GET’. The Cisco Firepower Threat Defense (FTD) 8.0 release can be configured to block access to the management web server by using the following command: Access-Control-Allow-Methods set to ‘POST’ and ‘GET’
Cisco Firepower Management Center (FMC) vs. the Device's Management Web Server
The device’s management web server is accessible only by privileged users, such as system administrators, who should not be accessing the configuration of the device. In most cases, this vulnerability can only be exploited by a remote, authenticated attacker, who can send messages to the management web server. Cisco devices can be configured to block remote access to the management web server by using the following command: Access-Control-Allow-Methods set to ‘GET’, ‘POST’, and ‘HEAD’. Cisco Firepower Threat Defense (FTD) Software 8.0 and later releases can be configured to block access to the management web server by using the following command: Access-Control-Allow-Methods set to ‘GET’, ‘POST’, and ‘HEAD’. Cisco Firepower Threat Defense (FTD) 8.0 and later releases can be configured to block access to the management web server by using the following command: Access-Control-Allow-Methods set to ‘POST’ and ‘GET’. Cisco Firepower Threat Defense (FTD) 8.0 and later releases can be configured to block access to the management web server by using the following command: Access-Control-Allow-Methods set to ‘POST’ and ‘GET’.>>
References
Cisco Firepower Management Center: https://supportforums.cisco.com/t5/firepower-management/ciscocm-dcf-upgrade-steps-for-device-manager/ta-p/235024
Timeline
Published on: 11/15/2022 21:15:00 UTC
Last modified on: 11/22/2022 14:49:00 UTC