Cisco
ASA Interim Release Notes
The software
images listed below are Interim releases.
They contain bug fixes which address specific
issues found since the last Feature or Maintenance release. The images are fully supported by Cisco TAC and
will remain on the download site only until the next Maintenance release is
available. If you do not have a specific problem which
is resolved by an Interim release, we recommend that you use the Feature or
Maintenance release images.
Important: These images were not fully regression
tested. Each individual fix was unit
tested, and the image has had a limited amount of automated regression testing
to confirm a baseline of functionality.
Keep this testing status in mind if you decide to run them in a
production environment. We strongly
encourage you to upgrade to a fully tested Maintenance or Feature release when
it becomes available.
Revision: Version 8.2.5(59) – 2/13/2016
Files: asa825-59-k8.bin, asa825-59-smp-k8.bin
Defects resolved since 8.2.5(58):
|
ASA
IKEv1 and IKEv2 Vulnerability |
|
|
|
IKEv2
Fragments may get dropped with a specific sequence of fragments |
||
Revision: Version 8.2.5(58) – 10/21/2015
Files: asa825-58-k8.bin,
asa825-58-smp-k8.bin
Defects resolved since 8.2.5(57):
|
ssl lib error no
shared cipher - VPN LB webvpn conn - missing ID
cert |
|
|
ISAKMP SERVER traffic from codenomicon
crashes ASA |
|
|
ASA traceback in ThreadName:ci/console,while pinging
DNS Server name |
|
|
MARCH 2015 OpenSSL Vulnerabilities |
|
|
Traceback: mem_get_owner+104 at slib/../finesse/snap_api.h:163 |
|
|
Evaluation of OpenSSL June 2015 |
Revision: Version 8.2.5(57) – 04/08/2015
Files: asa825-57-k8.bin,
asa825-57-smp-k8.bin
Defects resolved since 8.2.5(55):
|
Cisco ASA Failover Command Injection Vulnerability |
|
|
2048-byte block leak if DNS server replies with "No such
name" |
Revision: Version 8.2.5(55) – 02/02/2015
Files: asa825-55-k8.bin,
asa825-55-smp-k8.bin
Defects resolved since 8.2.5(52):
|
ASA SSL: Continues to accept SSLv3 during TLSv1 only mode |
|
|
Failover Standby unit has higher memory utilization |
|
|
Webvpn: Support for XFRAME in additional portal and CSD pages |
|
|
1550 block leak occur if DNS replies "refused" query
response |
|
|
ASA : evaluation of
SSLv3 POODLE vulnerability |
|
|
ASA: evaluation of Poodle Bites in TLSv1 |
|
|
JANUARY 2015 OpenSSL Vulnerabilities |
Revision: Version 8.2.5(52) – 12/02/2014
Files: asa825-52-k8.bin,
asa825-52-smp-k8.bin
Defects resolved since 8.2.5(51):
|
Cisco ASA Local Path Inclusion
Vulnerability |
Revision: Version 8.2.5(51) – 10/08/2014
Files: asa825-51-k8.bin,
asa825-51-smp-k8.bin
Defects resolved since 8.2.5(50):
|
Cisco ASA GTP Inspection Engine Denial of Service Vulnerability |
|
|
Cisco ASA SunRPC Inspection Denial of
Service Vulnerability |
|
|
Cisco ASA SSL VPN Portal Customization Integrity Vulnerability |
|
|
Cisco ASA VPN Failover Commands Injection Vulnerability |
|
|
Cisco ASA SSL VPN Info Disclosure and DoS
Vulnerability |
Revision: Version 8.2.5(50) – 06/30/2014
Files: asa825-50-k8.bin,
asa825-50-smp-k8.bin
Defects resolved since 8.2.5(49):
|
ENH - Add device serial number and platform string to show run output |
|
|
Datapath:Observing Deadlock in different DATAPATH threads |
|
|
ASA doesn't send invalid SPI notify for non-existent NAT-T IPSec
SA |
|
|
Multiple Vulnerabilities in OpenSSL -
June 2014 |
|
|
ASA WebVPN login button not present in portal |
Revision: Version 8.2.5(49) – 06/04/2014
Files: asa825-49-k8.bin,
asa825-49-smp-k8.bin
Defects resolved since 8.2.5(48):
|
ASA WebVPN login page XSS
vulnerability |
|
|
ASA IKE/IPSEC SAs are torn
down after a failover |
Revision: Version 8.2.5(48) – 04/09/2014
Files: asa825-48-k8.bin,
asa825-48-smp-k8.bin
Defects resolved since 8.2.5(46):
|
Improve HTTP inspection's
logging of proxied HTTP GETs |
||
|
ASA - dhcp
relay - bindings are not created for DHCP Informs |
||
|
SMP ASA traceback
on periodic_handler for inspecting icmp or dns trafic |
||
|
Cookie usage in SSL VPN |
||
|
ASA unexpectedly reloads
with traceback in Thread Name: CP Processing |
||
|
Connections not timing out
when the route changes on the ASA |
||
|
ASA sip inspection memory leak
in binsize 136 |
||
|
ASA sip inspection memory leak |
||
|
Privillage level 0 users getting full access |
||
|
OpenSSH vulnerability CVE-2012-0814: Debug messages with key info |
||
|
WebVPN: sharepoint
2007/2010 and Office2007 can't download/edit pictures |
||
|
ASA SSL VPN Privilege
Escalation Vulnerability |
||
Revision: Version 8.2.5(46) – 10/09/2013
Files: asa825-46-k8.bin,
asa825-46-smp-k8.bin
Defects resolved since 8.2.5(41):
|
WEBVPN:wwwin secondary
links do not work in any version |
|
|
1/5 minute input rate and
output rate are always 0 with user context. |
|
|
RRI routes are not injected
after reload if IP SLA is configured. |
|
|
ASA Continuously rebooting
due to failed identification test |
|
|
ASA traceback
in Unicorn Proxy Thread while processing lua |
|
|
ASA - SQL*Net Inspection
Engine Denial of Service Vulnerability |
|
|
Accounting STOP with caller
ID 0.0.0.0 if admin session exits abnormally |
|
|
ICMP to management-access
interface through VPN fails |
|
|
ASA CIFS UNC Input
Validation Issue |
|
|
ASA may not establish EIGRP
adjacency with router due to version issues |
|
|
HTTP Deep Packet Inspection
Denial of Service Vulnerability |
|
|
ASA may generate Traceback while running packet-tracer |
|
|
ASA: 256 byte blocks
depleted when syslog server unreachable across VPN |
|
|
16k blocks near exhaustion -
process emweb/https (webvpn) |
|
|
ASA 5505 not Forming EIGRP neighborship after failover |
|
|
Memory leak of 1024B blocks
in webvpn failover code |
|
|
ASA drops packets with IP
Options received via a VPN tunnel |
|
|
ASA SSHv2 Denial of Service
Vulnerability |
|
|
Group enumeration still
possible on ASA |
|
|
When specifying two same
OID in GETBULK, reply has no duplicate OID |
|
|
Prefill username from certificate
does not extract serial number |
|
|
ASA traceback
in datapath thread with netflow
enabled |
|
|
ASA Traceback
in Thread Name : CERT API |
|
|
ASA traceback
in Thread Name: UserFromCert |
|
|
split-dns cli warning msg
incorrect after client increasing the limit |
|
|
ASA 8.3+ l2l tunnel-group
name with a leading zero is changed to 0.0.0.0 |
|
|
ASA changes user privilege
by vpn tunnel configuration |
|
|
Standby ASA may traceback due to watchdog while removing xlates |
|
|
ASA DNS Inspection Denial
of Service Vulnerability |
|
|
Change of behavior in
Prefill username from certificate SER extraction |
|
|
ASA OSPF LSA Injection
Vulnerability |
|
|
ASA Remote Access VPN Authentication
Bypass Vulnerability |
|
|
ASA tearsdown
TCP SIP phone registration conn due to SIP inspection |
|
|
Re-transmitted FIN not
allowed through with sysopt connection timewait |
|
|
ASA Digital Certificate
HTTP Authentication Bypass Vulnerability |
|
|
Slow memory leak on ASA due
to SNMP |
|
|
ASA 5505 Ezvpn Client fails to connect to Load Balance VIP on ASA
server |
Revision: Version 8.2.5(41) – 03/15/2013
Files: asa825-41-k8.bin,
asa825-41-smp-k8.bin
Defects resolved since 8.2.5(33):
|
SCCP does not handle new msg StartMediaTransmissionACK |
|
|
Time-based License Expires
Pre-maturely |
|
|
Traceback while cleaning up portlist w/ clear conf all or write standby |
|
|
ESMTP inspection corrupts
data |
|
|
GTP inspect not working in
Asymmetric Routing Envirement with ASR group: |
|
|
ASA sends user passwords in
AV as part of config command authorization. |
|
|
Observing traceback @ ipigrp2_redist_metric_incompatible+88 |
|
|
PP : TFTP ACK to last block dropped |
|
|
ASA: Page fault traceback when copying new image to flash |
|
|
ASA: Assert traceback in PIX Garbage Collector with GTP inspection |
|
|
ASA is max-aging OSPF LSAs after
50 minutes |
|
|
ASA traceback
in threadname Logger |
|
|
ASA traceback
in IKE Daemon while handling IKEv1 message |
|
|
HA ASA Zero downtime upgrade
on HA pair is not working |
|
|
ASA standby produces traceback and reloads in IPsec
message handler |
|
|
WebVpn PortForward code signning
issue |
|
|
High CPU HOG when connnect/disconnect VPN with large ACL |
|
|
ASA packet transmission
failure due to depletion of 1550 byte block |
|
|
Flash filesystem
does not recognize filesnames > 63 characters |
|
|
ASA: May traceback in Thread Name: fover_health_monitoring_thread |
|
|
Error when connecting VPN:
DTLS1_GET_RECORD Reason: wrong version number |
|
|
ASA: Unable to kick off
rekeying in redundant topology |
|
|
ASA: ICMP error may be
dropped due to rpf-check |
|
|
ASA IPSEC error: Internal Error, ike_lock
trying to unlock bit |
|
|
Traceback in snpi_divert with timeout
floating-conn configured |
|
|
Denial of Service During
Validation of Crafted Certificates. |
|
|
Crypto IPSec SA's are
created by dynamic crypto map for static peers |
|
|
ipsecvpn-ike:IKEv1 rekey fails when IPCOMP proposal is sent |
|
|
ASA: Multiple context mode
does not allow configuration of 'mount' |
|
|
Race condition can result
in stuck VPN context following a rekey |
|
|
ASA 8.2.2.9 traceback in thread SSH during capture tftp copy |
|
|
ASASM platform is not
exempt from MAC move wait timer |
|
|
Deny rules in crypto acl blocks inbound traffic after tunnel formed |
|
|
Unable to access to ASA by
SSH on trunk Interface. |
|
|
ASA may traceback
in thread emweb/https |
|
|
License server becomes
unreachable due to "signature invalid" error |
|
|
Deny ACL lines in
crypto-map add RRI routes |
|
|
Traffic destined for L2L
tunnels can prevent valid L2L from establishing |
|
|
VPNLB: Lost packet during
IKEv1 not retransmitted |
|
|
traceback in ospf_get_authtype |
|
|
ASA LDAP Mapping should not
map 0 to values with no match |
|
|
ASA 5580 running 8.2(5)13 traceback |
|
|
flash in ASA5505 got corrupted |
|
|
Standby ASA traceback in thread name "Dispatch Unit" during
bulk sync |
Revision: Version 8.2.5(33) – 09/12/2012
Files: asa825-33-k8.bin,
asa825-33-smp-k8.bin
Defects resolved since 8.2.5(26):
|
AUTOCOMPLETE
attribute is not disabled for SSL VPNs |
|
|
Traceback while executing show run after modifying the access-list |
|
|
ASA 8.2 may
calculate memory usage incorrectly |
|
|
vpn-simultaneous-logins does not work for cert-only AnyConnect |
|
|
ASA 8.2(1)11 failed to return MIB data for SNMPV3 GetBulk request |
|
|
ASA (8.3.2) traceback in Thread Name: DATAPATH-1-1295 |
|
|
"Failed to
update IPSec failover runtime data" msg on the
standby unit |
|
|
ASA 1550 byte
block depletion in ctm_frag_list |
|
|
configuration causes ASA upgrade to go into traceback/boot
loop |
|
|
ASA 5505 prints
message %ASA-1-111111 when adding a new vlan
interface |
|
|
ASA admin
context memory usage is invalid |
|
|
Traceback seen while running packet-tracer due to Page fault |
|
|
vpn-filter removed incorrectly from ASP table blocks L2L traffic |
|
|
ASA with VoIP memory
leak 1% per day on binsize 56 |
|
|
Incorrect
results returned by SNMP object cipSecGlobalActiveTunnels |
|
|
ASA: SSH
process may exist after being orphaned from SSH session |
|
|
Standby ASA
5585 Reporting Service Card Failure on Signature Update |
|
|
Specific closing
sequence may cause ESMTP inspect to hog CPU for 1+ sec |
|
|
Unable to
access ASDM when webvpn is enabled on ASA |
|
|
ASA 5580 Multicontext ERROR: unable to create listener on
interface |
|
|
ASA sends
unidirectional RST when a packet is dropped via MPF |
|
|
VPN: Bytes RCV and
XMT incorrect in session disconnect message |
|
|
Webvpn : Javascript rewrite causing login
button to be inactive |
|
|
TCP conns
between ASA and Websense server disappear over lossy link |
|
|
Standby ASA traceback while trying to replicate xlates |
|
|
Match option on
ISAKMP captures not working |
|
|
Syslog 199011
"Close on bad channel in process/fiber" |
|
|
ASA reloads and
produces Coredump but no crashinfo. |
|
|
ASA WebVPN
breaking when Windows Patch KB2585542 is applied |
|
|
ASA 8.x AAA
Authentication Listener HTTP Redirect not working with IE9 |
|
|
ASA: Traceback in purgatory in release of DSH (datastructure handle) |
|
|
ASA: Nested traceback in telnet/ci |
|
|
ASA traceback with Thread Name: dhcp_daemon |
|
|
Blank page
returns when move away from portal using group-url
and return |
|
|
AJAX XML file
fails to be processed causing script failure |
|
|
ASA fails to
reserve some UDP ports for PAT w/ flow-export destination |
|
|
ASA: Anyconnect u-turn to ipsec tunnel fails |
|
|
Clientless vpn: Accessing Citrix bookmark reveals DAP configuration |
|
|
ASA:
Active/Active failover group stuck in Bulk Sync with SIP inspect |
|
|
Smarttunneled RDP client on MAC doesn't throw error after incorrect auth |
|
|
New Create PDP Ctx Req with TEID 0 should
remove pre-existing active PDP |
|
|
Flowplayer URL reference fails |
|
|
Traceback with Netflow configuration |
|
|
HTTP Inspection
does not understand verb without trailing LWSP |
|
|
ASA :Traceback while copying via TFTP/ASDM with no Thread Name |
|
|
Chassis serial
number is incorrect in call-home message on 5585 platform |
|
|
ASA sends
User-Password RADIUS attribute wrongly with EAP authentication |
|
|
IPSEC traffic
from RA users & dynamic sites dropped on ASA 5585 |
|
|
ASA not able to
install intermediate certificate when using pkcs12 |
|
|
ASA generates traceback message when connected with L2TP/IPsec |
|
|
ASA-4-402116 -
error message displays outer instead of inner packet |
|
|
ASA may reload
with traceback related to SSH, PING, DHCP, or IPSEC |
|
|
authentication in esmtp inspection breaks |
|
|
ASA: Assert tracebacks with GTP inspection |
|
|
ASA webvpn ProQuest Professional
Documentation System unusable |
|
|
ASA WebVPN URL
Rewrite Failing - Form action with special characters |
|
|
Traceback in Thread Name accept/http |
|
|
ASA 8.2.5.27
secondary traceback after the upgrade - Thread
Name: snmp |
|
|
RA VPN license
client fails to request more licenses from the server |
|
|
Traceback: timer assert due to nf_block timer
race condition |
|
|
skinny-inspect
intermittently uses odd port for RTP stream |
|
|
ASA SCH - Traceback in thread name: sch_prompt
anonymous reporting |
|
|
ASA sip inspect
- duplicate pre-allocate secondary pinholes created |
|
|
ASA SSLVPN Java
RDP Plugin traceback with socket write error
exception |
|
|
Incorrect MPF
conn counts cause %ASA-3-201011 and DoS condition |
|
|
Syslog 324001
Reason string missing when pkt dropped because of
Null TID |
|
|
Block
depletion, embedded web client transmit queue |
|
|
ASA nointeractive trustpoint auth fails with Incorrect fingerprint |
|
|
debug ctl-provider causes traceback |
|
|
entConfigChange is unexpectedly sent from Secondary ASA when
add/remove |
|
|
Webvpn: RDP ActiveX
plugin causes high cpu with IE |
|
|
CPU-hog during
line-protocol-up event of 4GE-SSM ports |
|
|
ASA sends too
large TCP payload when ASA MSS < Client MSS |
|
|
ASA: Page fault
traceback in lu_rx with
failover and GTP inspection |
|
|
Traceback in Thread Name: CERT API |
|
|
Some parts of
the WebVPN login susceptible to HTTP Response Splitting |
|
|
aaa-radius: ASA sending duplicate Radius access request |
|
|
large number of
simultaneous ike request causes block depletion |
|
|
ASA vulnerable
to CVE-2003-0001 |
|
|
ASA unexpected
system reboot with Thread Name: UserFromCert Thread |
|
|
Flowcontrol status is OFF on ASA, after enabling it on ASA and switch. |
|
|
ASA sip inspect
- Pre-allocate SIP NOTIFY TCP secondary channel |
|
|
Cisco script
injected in html tags, JS conditional comments |
|
|
ASA may traceback while loading a large context config during bootup |
|
|
4096 byte block
depletion due to ak47_np_read |
|
|
Standby ASA
allows L2 broadcast packets with asr-group command |
Revision: Version 8.2.5(26) – 03/14/2012
Files: asa825-26-k8.bin,
asa825-26-smp-k8.bin
Defects resolved since 8.2.5(22):
|
Warning message for, "igmp static-group" - affective should be effective |
|
|
Fuzzing testbed,
traceback in the javascript
parser |
|
|
ASA -crasActGrNumUsers
does not update tunnel groups after upgrade |
|
|
Nested obj
does not work if contained in src and dst of ACL |
|
|
ASA IKEv1 Traceback
in vpnfol_thread_msg ike_fo_create_new_sa
on Standby |
|
|
'show mroute' has null Outgoing Interface List for (*,G) entry
w/ bidir |
|
|
ASA should not send data in the 3rd
message of TCP 3WHS w/ LDAP over SSL |
|
|
ASA: Decrypted VPN packets dropped due
to bad-tcp-cksum when
using NAT-T |
|
|
ASA 5580 : traceback in thread DATAPATH-3-1230 |
|
|
ASA: May fail FIPS Self-Test |
|
|
ASA: Traceback
with Checkheaps related to GTP inspection |
|
|
TCP sequence space check ignored in
some cases |
|
|
ASA5585 show inventory not updated |
|
|
%ASA-3-201011: Connection limit
exceeded when not hitting value |
|
|
SSLVPN Portal uses incorrect DNS Group
after failover |
|
|
ASA tracebacks
when subjected to vulnerability scan |
|
|
ASA: May traceback
in DATAPATH during capture |
|
|
Standby ASA traceback
in DATAPATH-0-1400 or Dispatch Unit |
|
|
Traceback
when memory low and memory profile enabled |
|
|
Webvpn : Javascript
rewrite causing login button to be inactive |
|
|
ASA does not start DPD when phase 1 up
but phase 2 down |
|
|
ASA may not log syslogs
611101, 605005 for asdm sessions to certain int |
|
|
Clientless - VLAN assign't
under group-policy breaks tunneled dflt route |
|
|
VPN session failure due to auth handle depletion |
|
|
Webvpn:
Can't copy & paste in web portal with IE8 and IE9 |
|
|
Received unexpected event EV_REMOVE in
state AM_WAIT_DELETE |
|
|
cut
through proxy authentication vulnerability |
|
|
Syslog 324001 Reason string is missing |
|
|
ActiveX RDP Plugin fails to connect
from WIn7 PC after upgrade to 8.4(3) |
|
|
ASA: 8.4 Page fault traceback
while displaying "sh run
threat-detection" |
|
|
ASA: Traceback
in thread name EAPoUDP |
|
|
MSFT KB2585542 breaks cut-thru proxy
and IUA |
|
|
Traceback
in Unicorn Proxy Thread under heavy WebVPN load |
|
|
WEBVPN - upload of files larger then
2GB fails through CIFS |
|
|
ASA: Failover due to data channel
failure when making IPS config changes |
|
|
PDP context idle timer is reset when
using the TID option in show cmd |
Revision: Version 8.2.5(22) – 01/25/2012
Files: asa825-22-k8.bin,
asa825-22-smp-k8.bin
Defects resolved since 8.2.5(13):
|
PIX/ASA: When route changes connections
over IPSEC tunnel not torn down |
|
|
show
service-pol int outside set conn det causes traceback |
|
|
DHCP ACK not sent by the firewall. |
|
|
IKEv2 traceback
with 1 L2L and 1
RA tunnel |
|
|
WebVPN:flv
file within the Flowplayer object is not played
over webvpn |
|
|
L2 table entries for identity i/f not deleted when interface removed |
|
|
ASA Unexpectedly Reloads with a Traceback due to a Watchdog Failure |
|
|
EIGRP default-route is not displayed w/
"ip default-route" route removed |
|
|
ASA 8.2 Crypto Engine Tracebacks Multiple Times |
|
|
ASA: dynamic-filter database update may
trigger cpu-hogs |
|
|
ASA may traceback
in Thread Name: DATAPATH-1-1235 (ipsecvpn-crypto) |
|
|
IPv6 traffic not updated after neighbor
changes |
|
|
WebVPN:flv
file within the Flowplayer object is not mangled
correctly |
|
|
AC can not
connect to the ASA if the no. of group aliases is
>190 |
|
|
asa
8.2(2) traceback with TN : Unicorn Proxy Thread |
|
|
ASA: SSH sessions return extra
characters when using CR+LF |
|
|
Oracle Jinitiator
over WebVPN sends incorrect HTTP request |
|
|
High CPU and Orphaned SSH session for on
ASA 8.3(2.8) |
|
|
ASA - LU allocate connection failed
with conn-max policy |
|
|
Coverity
100595: FORWARD_NULL in ppp_auth_process_attributes() |
|
|
L2TP over IPSec session fails after
IPSec P2 rekey |
|
|
traceback
in Crypto CA during multiple ocsp requests |
|
|
Standby ASA generates syslog 210005
while transmitting data on FTP |
|
|
5585 735XXX syslogs
reporting wrong id |
|
|
ASA reloads with traceback
in Thread Name : Dispatch Unit |
|
|
Memory leak on ASA 5585-increase of 1%
everyday |
|
|
ASA 8.4.2 http inspection might break
certain flows intermittently |
|
|
ASA5580 traceback
with Thread name telnet/ci |
|
|
LDAP authentication fails when no RootDSE info returned |
|
|
SSM-4GE doesn't handle unicast packets
after "hw-module module 1 reset" |
|
|
Webvpn :Support for XFRAME: DENY option in
portal |
|
|
ASA sends Server Identifier field in
DHCP REQUESTS duirng renewal |
|
|
ASA may traceback
in dns_process |
|
|
ASA 5520 8.2.5 :
traceback at thread name snmp |
|
|
Incorrect time displayed on cut through
proxy auth page |
|
|
NAT-T compatibility improvement with
Windows 7 |
|
|
NAC Framework - Status Query triggers
full Posture Revalidation |
|
|
ESMTP drops email with DKIM header |
|
|
8.4.2.2: Thread Name: DATAPATH-0-1272
Page fault: Unknown |
|
|
Slow memory leak by skinny |
|
|
Memory leak in DP udp
host logging resulting in 1550 byte blocks leak |
|
|
Traceback
in Dispatch Unit on Standby with timeout floating-conn |
|
|
xlate
objects with no associated conns and idle timer > timeout |
|
|
ASA5585 Page fault traceback
in Thread Name: DATAPATH-5-2312 |
|
|
WebVPN: Multiple tracebacks
seen in WebVPN in Unicorn Proxy thread |
|
|
ASA Radius User-Password attribute is
not included in Access-Request |
|
|
webvpn
- ES keyboard diacritics incorrectly managed by RDP plugin |
|
|
Traceback
in Thread Name: IP Address Assign |
|
|
ASA is responding to IKE request when
in vpnclient mode |
|
|
Traceback
in Thread Name: tacplus_snd |
|
|
ASA traceback
cause by Global Policy |
|
|
ASA 5520 8.2.5 memory leak in the
inspect/gtp area |
|
|
AAA Command Authorization Reactivates
Failed Server on Every Attempt |
|
|
ASA and apple L2TP IPSec client
disconnects |
|
|
ASA traceback
in thread ci/console with names > 48 char in prefix-list |
|
|
wrong
vpn-filter gets applied when peers have overlapping
address space |
|
|
SNMPv3 Information Disclosure
Vulnerability |
|
|
ASA - Dispatch unit traceback
- snp_nat_xlate_timeout |
|
|
Some specific flash file doesn't work
through WebVPN on ASA |
|
|
WebVPN: Oracle Java applets failing
thru the rewriter |
|
|
vpnclient
mac-exempt cmd inconsistent when adding more than
16 entries |
|
|
WebVPN:flv
file within the Flowplayer object is not played
over webvpn |
|
|
back
port CSCtr63071 5585 735XXX syslogs reporting wrong
id to 8.2 |
|
|
ASA traceback
in thread sch_dispatcher when attempting to call
home |
|
|
show
shared license' after toggle license-server causes traceback |
|
|
Clientless VPN paging application
failure |
|
|
Backup Shared license server remains
ACTIVE even when the Master is up |
|
|
ASA 5580 traceback
when CSM attempts deployment |
|
|
WebVPN URL Mangler
does not handle encoded value of "/" |
|
|
5580: assert failure in thread CP
Processing |
|
|
ASA webvpn
doesn't rewrite some redirect messages properly |
|
|
ASA: Traceback
after removing 'ip address dhcp
setroute' with DDNS |
|
|
DACL is not applied to AC when
connection via the webportal |
|
|
Threat Detection Denial Of Service
Vulnerability |
|
|
threat-detection:
page fault traceback at eip
snp_td_host_stat_create |
|
|
Apple Lion OS L2TP Client behind NAT
device does not connect |
|
|
Cut-through proxy - users unable to log
in |
|
|
Page fault traceback
in crypto_lib_keypair_show_mypubkey_all |
Revision: Version 8.2.5(13) – 09/19/2011
Files: asa825-13-k8.bin,
asa825-13-smp-k8.bin
Defects resolved since 8.2.5:
|
ASA 5580 reboots with traceback in threat detection |
|
|
ASA may leave connection in half-closed
state |
|
|
DHCP ACK not sent by the firewall. |
|
|
Traceback
in Thread Name: Checkheaps due to logging |
|
|
ASA not sending all logging messages
via TCP logging |
|
|
Clientless WebVPN Memory Leak Causes
Blank Page after Authentication |
|
|
ASA WebVPN doesnt
rewrite URL Encoded Data in Location Response Header |
|
|
Assert Failure caused Traceback in Thread Name: Dispatch Unit |
|
|
IPv6 :
ASA Stops responding to IPv6 ND sollicitation |
|
|
ASA 8.0.5.9 Standby with a traceback in Thread Name:Checkheaps |
|
|
SNMP: ASA responds after two SNMP
requests |
|
|
ASA 8.2.2.x traceback
in Thread Name: Dispatch Unit |
|
|
EIGRP metrics will not update properly
on ASA |
|
|
Connections stay open w/ 'sysopt connection timewait'
& NetFlow |
|
|
WebVPN: Function "get_base_path" give an error for empty urls |
|
|
Syslog %ASA-7-108006 generated
erroneously |
|
|
NAT Xlate
idle timer doesn't reset with Conn. |
|
|
ASA may log negative values for
Per-client conn limit exceeded messg |
|
|
ASA traceback
when layer-2 adjacent TCP syslog server is unavailable |
|
|
ASA MSN Inspection Watchdog Crash |
|
|
ASA 8.2 flow control might not work for
redundant interfaces |
|
|
ASA 8.2.4 402126: CRYPTO: The ASA
created Crypto Archive File |
|
|
Traceback
in fover_FSM_thread with IPv6 failover on
SSM-4GE-INC |
|
|
correct
error msg be displayed instead of "ERROR: %
Invalid Hostname" |
|
|
ASA5580 traceback
in DATAPATH-7-1353 |
|
|
BTF DNS-Snooping TTL maxes out at 24
hours, less than actual TTL |
|
|
WebVPN: Dropdown menu doesn't work in
customized SharePoint 2010 |
|
|
ASA 8.4.1 traceback
in Thread UserFromCert |
|
|
ASA: L2TP and NAT-T overhead not
included in fragmentation calculation |
|
|
multicast
packets dropped in the first second after session creation |
|
|
CSCto40365 |
Crafted TACACS+ reply considered as
successful auth by ASA |
|
ASA fails to process the OCSP response
resulting in the check failure |
|
|
can
not access cifs folder with japanese
character |
|
|
SAP Portal - Event Tracking Script fails
to display correclty |
|
|
Traceback
with phone-proxy Thread Name: Dispatch Unit |
|
|
ASA WebVPN clientless not possible to
access ipv6 services on the inside |
|
|
ASA sends invalid XML when tunnel-group
name contains & |
|
|
SunRPC
inspection DUMP reply crash |
|
|
SunRPC
inspection credential length crash |
|
|
VPN RA session DAP processing fails
with memberOf from OpenLDAP |
|
|
SunRPC
inspection arithmetic overflow in parse_transport_address |
|
|
SunRPC
inspection arithmetic overflow in portmap code |
|
|
ASA: Traceback
in ci/console on Standby unit |
|
|
Host listed in object group TD shun
exception gest shunned |
|
|
Threat-detecton
stats showing incorrect output |
|
|
WebVPN :
bytes lost in ftp uploading using IE via smart tunnel |
|
|
VPN-Filter Not Applied When AC
Initiated Through Weblaunch |
|
|
IPSec
- Error message trying to reserve UDP port in Multicontext
mod |
|
|
Java RDP plugin doesn't work with sslv3
on ASAs |
|
|
CSD scan happens for SSL VPN when
connecting via group alias |
|
|
CPU Hog found when invoking 'svc image' |
|
|
ASA traceback
in thread emweb/https |
|
|
ASA rebooted unit always become active
on failover setup |
|
|
Using non-ASCII chars in interf desc makes the ASA
reload with no config |
|
|
OWA 2007 via WebVPN Sessions fail to
get notifications of new emails |
|
|
ASA Tracebacks
in 'Thread Name: IPv6 ND' |
|
|
Cannot point IPv6 route to a link-local
that matches other intf |
|
|
CSCtq57697 |
ILS inspection traceback
on malformed ILS traffic |
|
Interface "description"
command allows for more than 200 characters. |
|
|
ASA may reload in threadname
Dispatch unit |
|
|
ASA wont take "ip
audit info action alarm" under "crypto ca"
subcommand |
|
|
ASA traceback
in thread Dispatch Unit |
|
|
Zimbra
email suite not usable through WebVPN |
|
|
L2L - IPSEC Backup- Peer list is not
rotated/cycled with dual failure |
|
|
lightview
based Modal Elements do not work with webvpn |
|
|
ASA: Certificate renewal from same CA
breaks SSLVPN |
|
|
ASA threat detection does not show
multicast sender IP in statistics |
|
|
Java AJAX session does not work over
SSLVPN |
|
|
ASA - panic traceback
when issuing show route interface_name |
|
|
ASA - Reload in Thread Name: PIM IPv4 |
|
|
ASA: asr-group
in TFW A/A FO doesn't rewrite dst MAC for IP
fragments |
|
|
conns
are not fully replicated to standby if config has
many ACLs |
|
|
connections
are not replicated to standby unit |
|
|
Enabling AC Essentials should logoff webvpn sess automatically |
|
|
backslash
in username for ftp over webvpn changed to
semi-colon |
|
|
ASA: Traceback
in telnet/ci thread when running 'show webvpn svc' |
|
|
Active ASA traceback
Thread: DATAPATH-3-1290, rip spin_lock_get_actual |
|
|
ASA Failover: 106017 Deny IP due to
Land Attack on Normal(Waiting) ifc |
|
|
ASA: Local-host and all conns are torn
down when client hits conn limit |
|
|
Java RDP plugin traceback
when using empty user in URL to Win2008 server |
|
|
ASA doesn't classify MIME type
correctly for .exe and .dmg in Firefox |
|
|
Traceback
in sch_dispatcher thread |
|
|
ASA 8.4(1) - mailto for xmpp protocol mail clients fails |