BugZero | Cisco BugID CSCwc35969 - cannot add IP from event to global lists (block or...

Cisco - Defect ID: CSCwc35969

cannot add IP from event to global lists (block or do-not-block) if similar IP is already on list

Cisco - Defect ID: CSCwc35969

cannot add IP from event to global lists (block or do-not-block) if similar IP is already on list

Last updated on August 28th, 2024

BugZero Risk Score
6.1 Medium

Overall: 6.1

Severity: 6.4

Lifecycle: 9.1

Popularity: 4.6

What is the BugZero Risk Score?

Cisco Integration

Learn more about where this data comes from

Cisco Integration

Learn more

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

Learn more

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise

Learn more

Bug Details

Views: 1

Description

Symptom

In the GUI of the Firepower Management Center, the action of adding an IP address from a security event (such as a connection event) to either the global block list or the global do-not-block list results in the FMC not actually adding the intended IP address to the intended list. Additionally, the FMC will not provide any clear indication (either in the GUI or the logs) that the address was not added to the respective list.

Conditions

The use of the context (right-click) menu on an event on the FMC GUI to add an IP address to the global block list or global do-not-block list. An IP address already existing on the intended list that, as a text string, contains the entirety of the to-be-added IP address (also as a text string). For example, 192.168.200.234 already existing on the list, with the to-be-added IP address being either 192.168.200.23 or 192.168.200.2.

Workaround

Manually add the IP address to the respective list (block or do-not-block) within the Security Intelligence section of access control policies.

Further Problem Description

In situations where one may need to quickly block an address on the network via Security Intelligence (to mitigate an attack or other adverse network condition) or quickly preclude Security Intelligence from blocking an address (in the event that an address on the block list is causing service disruption), this defect causes the mitigation activity to take longer and potentially disrupt network traffic. PSIRT Evaluation: The Cisco PSIRT has evaluated this issue and determined it does not meet the criteria for PSIRT ownership or involvement. This issue will be addressed via normal resolution channels. If you believe that there is new information that would cause a change in the severity of this issue, please contact psirt@cisco.com for another evaluation. Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html

Change history

2024-08-28 Added: 6.6.0, 6.7.0, 7.0.0, 7.1.0, 7.2.0

Relevant Products

Click on a version to see all relevant bugs

Affected versions:6.6.0, 6.7.0, 7.0.0, 7.1.0, 7.2.0

Fixed versions: 6.6.7.1, 7.0.5, 7.1.0.3, 7.2.4, 7.3.0

Relevant Products

Click on a version to see all relevant bugs

Affected versions:6.6.0, 6.7.0, 7.0.0, 7.1.0, 7.2.0

Fixed versions: 6.6.7.1, 7.0.5, 7.1.0.3, 7.2.4, 7.3.0

Top Cisco Defects

No bugs this month

Ready to prevent the next vendor outage?

Get a demo

Cisco - Defect ID: CSCwc35969

cannot add IP from event to global lists (block or do-not-block) if similar IP is already on list

Cisco - Defect ID: CSCwc35969

cannot add IP from event to global lists (block or do-not-block) if similar IP is already on list

Last updated on August 28th, 2024

BugZero Risk Score6.1 Medium

Bug Details

Symptom

Conditions

Workaround

Further Problem Description

Top Cisco Defects

Ready to prevent the next vendor outage?

Links

BugZero Risk Score
6.1 Medium