Control Compliance Suite Vulnerability Manager (CCS-VM) Unable to access flash content in CCS-VM 12.x console

book

Article ID: 207915

calendar_today

Updated On:

Products

Control Compliance Suite Vulnerability Manager

Issue/Introduction

Due to the EOL (End of Life) of Flash, Adobe has blocked Flash content from running in its Flash Player beginning January 12, 2021. The primary functions of the CCS-VM console would not be available because of this, but the network scanner could still be used.

Since the EOL of the CCS-VM 12.x product line was announced for December 31, 2020. Broadcom would not release console updates to address the EOL for Adobe Flash.

 

Resolution

The alternate approach would be to use the Enterprise Activation preferences in the local Flash client's mms.cfg file. This would allow Flash Player content on explicitly allowed URLs. Information about these options are found in the Adobe Flash Player 32.0 Administration Guide.

This not recommended nor supported by Broadcom.

Example of the mms.cfg file:

AutoUpdateDisable=1
SilentAutoUpdateEnable=0
EOLUninstallDisable=1
EnableAllowList=1
AllowListPreview=1
AllowListUrlPattern=https://hostname/

You may also include the IP address of the CCS-VM Server or a wild card URL:

AllowListUrlPattern=https://10.10.10.10/
AllowListUrlPattern=https://*.domain.com/

On Legacy versions of Flash, the 'Whitelist' preference would have to be used instead.

WhiteListPreview=1
WhiteListUrlPattern=https://hostname/

The location of the mms.cfg file depends on the operating system and the browser in use. For more information, refer to your vendor documentation.
Locations of mms.cfg file:

Operating System and Browser Browser Location
Google Chrome on Windows %localappdata%\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\System\mms.cfg
Edge Chromium on Windows %localappdata%\Microsoft\Edge\User Data\Default\Pepper Data\Shockwave Flash\System\mms.cfg
IE and Firefox 32-bit Windows  %windir%\System32\Macromed\Flash\mms.cfg
IE and Firefox 64-bit Windows %windir%\SysWOW64\Macromed\Flash\mms.cfg
macOS /Library/Application Support/Macromedia
Google Chrome on macOS /Users/<username>/Library/Application Support/Google/Chrome/Default/Pepper Data/Shockwave Flash/System

Note: If the “System” or other directories don't exist, you need to create it manually.

Specific browser versions would have to be used or updates uninstalled as vendors have removed flash support in later versions.
Browser Versions with flash support removed:

  • Chrome/Chromium 88+ 
  • Firefox 85+
  • IE and Edge(non-Chromium) via Windows Update KB4577586

Testing with Chrome 87.0.4280.141 and with Flash version 32.0.0.453 has been successful with the CCS-VM console. Different versions of supported browsers or different versions of Flash may also work.

Note:

Adobe has removed Flash installers from its download page. The installation files will need to be found independently and will not be supplied by Broadcom.

Additional Information

For more information, see the Enterprise enablement support section of the Adobe Flash Player EOL Enterprise Information Page.

This solution is based on information provided in the Adobe Flash Player 32.0 Administration Guide. 

End of Life and End of Service dates for Control Compliance Suite

Attachments