Resolved Issues

For your convenience, the release notes list the resolved issues for this version.

If you have a support contract, you can use the Cisco Bug Search Tool to obtain up-to-date bug lists. You can constrain searches to bugs affecting specific platforms and versions. You can also search by bug status, bug ID, and for specific keywords.


Important

Bug lists are auto-generated once and are not subsequently updated. Depending on how and when a bug was categorized or updated in our system, it may not appear in the release notes. You should regard the Cisco Bug Search Tool as the source of truth.

Resolved Issues in New Builds

Sometimes Cisco releases updated builds. In most cases, only the latest build for each platform is available on the Cisco Support & Download site. We strongly recommend you use the latest build. If you downloaded an earlier build, do not use it.

You cannot upgrade from one build to another for the same Firepower version. If a new build would fix your issue, determine if an upgrade or hotfix would work instead. If not, contact Cisco TAC. See the Cisco Firepower Hotfix Release Notes for quicklinks to publicly available Firepower hotfixes.

Use this table to determine if a new build is available for your platform.

Table 1. Version 6.3.0 New Builds

New Build

Released

Packages

Platforms

Resolves

85

2019-01-22

Upgrade

Reimage

Firepower 4100/9300

CSCvo02577: Buffer exhaustion with SSL HW decryption

If you already installed or upgraded Firepower Threat Defense to Version 6.3.0-83 on a Firepower 4100/9300 device, apply Hotfix B.

84

2018-12-18

Upgrade

FMC/FMCv

ASA FirePOWER

CSCvn62123: Some FMCs and locally (ASDM) managed ASA FirePOWER modules experienced upgrade failures with Version 6.3.0-83. This issue was limited to a subset of customers who upgraded from Version 5.4.x.

If you already experienced an upgrade failure due to this issue, contact Cisco TAC.

Version 6.3.0 Resolved Issues

Bug ID Headline

CSCuy27743

VDB install during firstboot fails because of MySQL dropping out

CSCvb15074

FMC health notifications for interfaces removed or added out-of-band get stuck

CSCvb38753

client hello is getting modified with dnd if application is configured in ssl rule

CSCvb73266

Deploying to devices when upgrade is in failed state causes many problems

CSCvc94589

Evaluation of sfims for OpenSSL Jan 2017

CSCvc99840

Managed device identities out of sync with Firepower Management Center

CSCvd09003

Checking for conflicts in variable sets doesn't work on network groups

CSCvd66558

Inspection engine (Snort) perfomance statistics shows 0 drops, even if there are non-zero drops

CSCvd83685

Obsolete Default SSH Configurations in Firepower Mangement Console

CSCve03169

(1 of 2) ADI process unresponsive during shutdown if bad Realm configuration for LDAP join

CSCve13357

Search filter not working appropriately with Network object groups.

CSCve13816

MEMCACHED software needs to be upgraded to address several security vulnerabilities

CSCve50642

File download from file events fail with "The devices that captured file xxx are not available"

CSCve64511

#sql-*.ibd temporary tables can cause upgrade to fail on 410_check_disk_space

CSCve87925

FMC: Inconsistent interfaces under OSPF interfaces list

CSCvf46888

DNS/URL Security Intelligence blacklisting may not work as expected

CSCvf57596

After policy deploy has failed, ActionQueueScrape process did not exit

CSCvf80217

Rest API explorer does not display device id under "/deployment/deployabledevices"

CSCvf81997

QP backplane went down after repeating cluster bundle/de-bundle

CSCvf88111

Pigtail should self terminate if not manually terminated.

CSCvf90086

Deployment failure when sub-interface is configured after deleting physical int

CSCvf97412

.REL.tar upgrade file causes System > Updates page in GUI to be slow / unresponsive

CSCvf98187

FDM : Cannot use ";" in the pre-shared-key for Site to Site tunnel

CSCvg10718

Correlation Policy With Traffic Profiles Doesn't Work

CSCvg17746

FXOS CLI and FTD CLI showing different version after upgrade from 6.2.1-341 -> 6.2.3-10587

CSCvg38760

Exporting on Series 3 devices results in Error

CSCvg48641

Missing warning message when AD realm is configured as LDAP realm,

CSCvg50013

Repeated clam update tasks created in AQ, both success and failure status for the same transaction.

CSCvg62301

During device registration, policy discovery can fail, causing the device to unregister

CSCvg74236

Syslog messages for SI events are not sent if syslog alerting for connection events is configured

CSCvg80052

"Tracing enabled by Lina" log optimization

CSCvg82265

AMP server public key is replaced after upgrade

CSCvg85671

Host profile qualification using text host attribute unable to use text as qualifier value

CSCvg90384

High CPU in "top" process when the session is terminated

CSCvg98063

Upgrade/update instructions in the FMC Config Guide are out of date

CSCvh02424

ngfw rules are deployed in incorrect order on sensor

CSCvh12042

Deployment failed because interfaces on device are out of date

CSCvh14518

FMC: Smart license registration may be fail when PID contains hostname

CSCvh23351

HTTP Block Response Page not sending reset packet when 'Block with Reset' is selected in AC Policy

CSCvh59997

ENH: Ability to disable logging for specific Firepower Threat Defense syslog logging message

CSCvh64413

FTD sending "0.0.0.0" NAS-IP-Address attribute when authenticating RA VPN user using Radius Server.

CSCvh77456

Cisco Firepower Threat Defense Software FTP Inspection Denial of Service Vulnerability

CSCvh87031

Deploy SNMPv3 users in FTD cluster send localized commands

CSCvh95456

Cisco Adaptive Security Appliance Application Layer Protocol Inspection DoS Vulnerabilities

CSCvi03103

BGP ASN cause policy deployment failures.

CSCvi08114

Duplicate pre-filter policy rule getting created at sometime

CSCvi09176

overrides for deleted sensors are left in Network Objects

CSCvi12574

FTD VPN Site-to-Site Deployment fails when IKE preshared password has a "space"

CSCvi12915

Smart license page not displaying licenses

CSCvi21735

Registration incorrectly uses Display Name for hostname lookup

CSCvi28420

DNS SI doesn't send NXDOMAIN for MX and SOA DNS queries

CSCvi56320

The MTU of FTD management interface in BS/QP should be set to 1500 instead of 9000

CSCvi56663

Certain non-ascii characters can prevent downloaded users from getting normal user ids

CSCvi61649

optimize tables marks table as crashed due to .TMM file

CSCvi61815

Logging for External Database Access is not working

CSCvi66676

Object search misbehaving due to search.info corruption

CSCvi74664

Firepower/NGIPS doesn't support adding user/custom snmp configuration

CSCvi80603

Sensor SFDC stuck waiting for snapshots, not receiving any user ip updates

CSCvi81741

"http" is not available for editing in FMC/FTD FlexObject

CSCvi89398

Breaking FTD HA fails with both members of FTD HA Pair in "Standby"

CSCvi92640

FMC cannot establish Remote Storage Server via SSH after restore

CSCvi93701

RA-VPN traffic don't forward to snort

CSCvi93824

Initiating Readiness Check more than once causes stuck notifications

CSCvj08370

FP 2100 Series with FTD Software: LACP mode cannot be change from FMC

CSCvj17008

Negated Original Client IP Search for IPS event with more than one IP excludes events with no XFF.

CSCvj20333

Deployment failed on KP with ERROR: Removal of MIO interfaces is not permitted

CSCvj20963

List of decryptable cipher suites

CSCvj33218

FTD 6.2.2.1: BGP network statements objects are not being pushed properly

CSCvj36786

FMC won`t show the last IGMP configured interface

CSCvj43939

Invalid Configuration Error when configuring flow-export from FMC GUI

CSCvj46057

FTD HA with virtual macs in the data interfaces while upgrading causes traffic outage

CSCvj56728

ClamAV Integar Overflow Denial of Service Vulnerability

CSCvj67055

Downgrade from IKEv2 to IKEv1 S2S config causes deployment failure

CSCvj76407

Enabling SSL policy slows down deployments by 2 minutes in HA deployment

CSCvj78206

Unable to view all objects if we add network individually

CSCvj80556

A task keep spinning in FMC > Tasks

CSCvj87081

No Connection Events / SFDataCorrelator Exits Unexpectedly during Startup / purge_extra_users

CSCvj89445

Inconsistent deployment status on GUI

CSCvk02250

"show memory binsize" and "show memory top-usage" do not show correct information (Complete fix)

CSCvk03749

Traceback and reload (Process Name: lina)

CSCvk10127

Sensor interfaces reset to no-auto-neg/10m/full-duplex

CSCvk12234

GUI: changing IKEv1 policy switches authentication type to default value

CSCvk12245

GUI: Add button for Network objects doesn't work when you add network group from ACP edit

CSCvk16858

Panic:appAgent_reply_processor_thread-Error: miovif_add_interface_map

CSCvk20497

Network analysis policy showing up as 'Unknown Object '

CSCvk20603

List.pm should not print "warn" message for FTD devices.

CSCvk31035

KVM (FTD): Mapping web server through outside not working consistent with other platforms

CSCvk33923

High disk usage after deleting managed FTD device from FMC

CSCvk34567

Unable to delete local rules with delete_rules.pl script

CSCvk34648

Firepower 2100 tunnel flap at data rekey with high throughput Lan-to-Lan VPN traffic

CSCvk38322

Firepower web UI in version 6.2.3 incompatible with Internet Explorer 11 Compatibility View

CSCvk54376

Restore shouln't be permitted until FMC HA is paused

CSCvk58543

FMC receives hm_notifyd exiting health alert

CSCvk62871

Firepower 2100 FTP Client in passive mode is not able to establish data channel with the Server

CSCvk67239

FTD or ASA traceback and reload in "Thread Name: Logger Page fault: Address not mapped"

CSCvk69823

FlexConfig objects pushed to device in spite of no changes being made to that on either FMC or FTD

CSCvk72508

QoS Rules do not work with User Defined Application Filters.

CSCvk76274

FMC API Not getting the proper information from Standby Unit in a HA FTD

CSCvm03730

Interface Name field missing on "SLA Monitor Object" menu on FMC

CSCvm07046

Error Message when saving 'Netflow_Delete_Destination' to flexconfig policy

CSCvm10968

CVE-2018-5391 Remote denial of service via improper IP fragment handling

CSCvm39670

Limited charctar in username

CSCvm48220

Fix incorrect check for HA standby in update_snort_attrib_table process

CSCvm59386

Policy Deployment failure because of high disk usage under /ngfw directory

CSCvm81052

local malware detection updates not downloading to FMC due to invalid certificate chain

CSCvn11219

Policy deployment failed with error message "Not a directory"