Guest

Preview Tool

Cisco Bug: CSCvt50528 - Warning Message for default settings with Installation of Certificates in ASA/FTD - CLI

Last Modified

Sep 11, 2020

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases

9.10(1.218)

Description (partial)

Symptom:
Cisco would like to raise awareness for customers in regard to how Cisco ASA and FTD Software apply default settings to trustpoints for imported certificates, and how to ensure a trustpoint is configured for its desired function only.

Cisco does not consider this a vulnerability in Cisco ASA or FTD Software or the digital certificates authentication feature, but a configuration issue. 

Future releases of Cisco ASA and FTD Software, including Cisco Adaptive Security Device Manager (ASDM), Cisco Security Manager, and Cisco Firepower Management Center (FMC), will raise warning alerts when importing certificates to alert customers of the default behavior and to provide guidance how to harden the configuration via Cisco bug IDs CSCvt50528, CSCvv11100, and CSCvv11051.

However, it is not a requirement to run code integrated with these Cisco bug IDs to take the appropriate hardening actions. Customers are advised to review this advisory and make any respective configuration changes.

See https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-racerts-WvuYpxew for further information.

Conditions:
See https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-racerts-WvuYpxew for further information.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.