Cisco Bug: CSCuo70696 - Add support for native SMBv2 and SMBv3 protocols
Nov 18, 2020
- Cisco IronPort Web Security Appliance Software
Known Affected Releases
10.1.0-204 10.1.1-230 7.7.0-725 9.1.1-074
Symptom: WSA appliance showing following error messages while they were trying to join the domain: Error ? Computer Account creation failed. Warning: Cannot check system time on AD server 'IP_ADDRESS' Warning: Cannot check system time on AD server 'IP_ADDRESS' Conditions: Cisco WSA is NOT exploitable by the WannaCry suite of Malware, however it requires SMBv1 protocol for communication with Microsoft Active Directory. All versions of Cisco Web Security Appliance (WSA) and WSAv currently support only SMBv1 protocol for communication with Microsoft Active Directory. Therefore, in light of the newest WannaCry ransomware, for customers that would prefer to continue using Cisco WSA and Microsoft AD together, Cisco are proposing following short-term and long-term mitigation plans: Short-term Plan * Instead of disabling SMBv1 protocol on Microsoft Active Directory completely (that is one of the workarounds Microsoft suggested), in order for WSA â Microsoft AD integration to continue working properly, we recommend customers to patch their systems using the patch supplied by Microsoft: (https://technet.microsoft.com/en-us/library/security/ms17-010.aspx). * In addition to this, customers are advised to configure Enterprise perimeter firewalls to block unsolicited communication (from the Internet) and outgoing traffic (to the Internet) to the following SMB-associated ports: 137, 138, 139, 445. This will help keep vulnerable machines on your network from being infected by systems outside of it. Longer-term Plan Cisco is currently working on implementing feature request tracked via this Cisco Bug ID CSCuo70696: âAdd support for native SMBv2 protocolâ. Support for SMBv2 and SMBv3 protocols on WSA is currently under development, and will be released for existing, and future releases of WSA by Q4CY17.
Related Community Discussions
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases