Symptom
Security Intelligence Feeds with basic authentication in the link are failing as the FMC does not send accross the authentication details
Link format: https://:@/
You may see an alarm on the FMC as follows:
Security Intelligence
- Failed to download from : Unauthorized (401)
/var/log/messages shows up following:
Dec 10 11:09:19 SF-IMS[16298]: [25829] CloudAgent:IPReputation [INFO] Response code: 401
Dec 10 11:09:19 SF-IMS[16298]: [25829] CloudAgent:IPReputation [WARN] Failed downloading 4ad09574-6698-11e9-bd42-cd2467ed34c9: Failed to download from : Unauthorized (401)
Conditions
- Security Intelligence Feed configured with basic authentication in the URL
- FMC lower than 7.3.0
Workaround
Upgrade FMC to a working version of 7.3.0 or higher
OR
See if we can access the SI feed with anonymous authentication or no authentication
OR
Convert the feed to a list and update manually
Further Problem Description
PSIRT Evaluation:
The Cisco PSIRT has evaluated this issue and determined it does not meet the criteria for PSIRT ownership or involvement. This issue will be addressed via normal resolution channels.
If you believe that there is new information that would cause a change in the severity of this issue, please contact psirt@cisco.com for another evaluation.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
