The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
Bugs listed for a patch were verified as resolved when that patch was initially released.
 Note |
For your convenience, this document provides lists of resolved bugs for each patch. These lists are auto-generated once and are not subsequently updated. Depending on how and when a particular resolved issue was categorized or updated in our system, it may not appear in the release notes. You should regard the Cisco Bug Search Tool as the 'source of truth.' |
If you have a support contract, you can use the Cisco Bug Search Tool to obtain an up-to-date list of resolved bugs for Firepower products. These general queries display resolved bugs for Firepower products running Version 6.5.0.x patches:
You can constrain searches to bugs affecting specific Firepower platforms and versions. You can also search by bug ID, or for specific keywords.
| Bug ID | Headline |
|---|---|
|
Upgrade Enhancements to STRAP verification for anyconnect - Cisco VPN session replay vulnerability |
|
|
Deployment failure with SI DNS configured on FTD managed locally / FDM |
|
|
FMC Upgrade is failing at 800_post/1025_vrf_policy_upgrade.pl |
Version 6.5.0.3 was removed from the Cisco Support & Download site on 2019-02-04 (for FMCs) and 2020-03-02 (for devices). If you are running this version, it is safe to continue. The bugs listed here are also fixed in Version 6.5.0.4.
| Bug ID | Headline |
|---|---|
|
fireamp.pl using 100% Cpu after restore backup. |
|
|
Try to assign devices to platform settings policy list of devices randomly disappear under policy |
|
|
Not able to ssh, ssh_exec: open(pager) error on console |
|
|
Traceback on 2100 - watchdog |
|
|
Traceback in HTTP Cli Exec when upgrading to 9.12.1 |
|
|
Manage the sfhassd thread CPU affinity to match the Snort CPU affinity |
|
|
ASA/FTD: Twice nat Rule with same service displaying error "ERROR: NAT unable to reserve ports" |
|
|
Physical interface goes to link UP state in spite of disable interface during bootingup. |
|
|
After failover, Active unit tcp sessions are not removed when timeout reached |
|
|
ASA/FTD may traceback and reload in Thread Name 'BGP Router' |
|
|
FPR 2100, low block 9472 causes packet loss through the device. |
|
|
Traffic interruptions for FreeBSD systems |
|
|
VPN events between 12 and 1 PM UTC are not displayed on the FMC |
|
|
Multiple context 5585 ASA, transparent context losing mangement interface configuration. |
|
|
Traceback in tcp-proxy |
|
|
Unable to add user on FTD using external authentication |
|
|
Console connection for FPR2100 is disconnected randomly about 20 minutes. |
|
|
PPPoE session not coming up after reload. |
|
|
FTD 1010 Passive interfaces does not receive unicast packets |
|
|
Mac address flap on switch with wrong packet injected on ingress FTD interface |
|
|
ASA may traceback on display_hole_og |
|
|
Changing a rule and saving quickly might remove configuration. |
|
|
Upgraded FTD will not reimage to base FTD version with the use of 'auto-install' feature in FPR2100 |
|
|
Dual stack ASAv failover triggered by reload issue |
|
|
AC policy lookup done for SYN+ACK packet when tcp-intercept and a monitor AC policy is configured |
|
|
Mac Rewrite Occurring for Identity Nat Traffic |
|
|
FPR2100: Power doesn't turn off after turned off the power button on back of chassis |
|
|
FTD/LINA traceback and reload observed in thread name: cli_xml_server |
|
|
ClamAV zip-bomb Migration Vulnerability for 6.5.0.2 and above |
|
|
configurations getting wiped off from standby, while deployment fails on active |
|
|
device loading slow, related REST API calls |
|
|
Lina Traceback during FTD deployment when PBR config is being pushed |
|
|
FMC upgrading to 6.3/6.4 shouldn't remove existing deprecated flexconfig |
|
|
Initial FTD Deploy After Policy Import causes Unused Objects which bloat policy size |
|
|
Deployment failed on FTD with reason "failed to retrieve running configuration" |
|
|
SSH: Newly created Local Users unable to login when device is managed locally |
|
|
FTD traceback when TLS tracker (tls_trk_sniff_for_tls) attempted to free a block. |
|
|
Unable to add routes and select interface from Device management page after FMC upgrade to 6.5 |
|
|
FMC 6.5 - Failed user login on FMC does not record entry in audit log |
|
|
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Remote |
|
|
CD is required to ignore Cluster-Msg-Delivery-Confirmation in Cluster Node Release Lina State |
|
|
FTD: Deployment through slow links may fail |
|
|
6.5 CloudEvent code writes config files in a way that 6.4 code does not understand |
|
|
Throttle SSE Attempts on FTDs |
|
|
ERROR: entry for ::/0 exists when configuring ipv6 icmp |
|
|
Disable egress-optimization by default |
|
|
ASA doesn't honor SSH Timeout When Data Channel is not Negotiated |
|
|
AnyConnect 4.8 is not working on the FPR1000 series |
|
|
Anyconnect sessions limited incorrectly |
|
|
Policy Deployment Failures and Intrusion Policy Editor hanging due to improper Snort deletion |
| Bug ID | Headline |
|---|---|
|
FTD may not match correct Access Control rule following a deploy to multiple devices |
|
|
multi-deploy causes a sudden drop of intrusion events |
|
|
Cisco Firepower Software WhatFix Walkthrough Data Issue |
Version 6.5.0.1 was removed from the Cisco Support & Download site on 2019-12-19. If you are running this version, we recommend you upgrade. The bugs listed here are also fixed in Version 6.5.0.2.
| Bug ID | Headline |
|---|---|
|
ASA Stops Accepting Anyconnect Sessions/Terminates Connections Right After Successful SSL handshake |
|
|
FTD inline/transparent sends packets back through the ingress interface |
|
|
Watchdog traceback due to lina_host_file_stat calls |
|
|
OpenSSL 0-byte Record Padding Oracle Information Disclosure Vulnerabil |
|
|
ASA/Lina Traceback related to TLS/VPN |
|
|
VPN Pre-deploy validations takes around 20 seconds for each device |
|
|
Firepower Recommendations rule count changes even when not regenerated |
|
|
FTD 4150 VPN s2s deployment failure with 6K spokes |
|
|
Overrides cannot be added for port object if it is used in variable sets in sub domains |
|
|
Policy deployment to FP 8000 sensor is failing when NAT is configured |
|
|
Cisco Firepower Management Center Multiple Cross-Site Scripting Vulnerabilities |
|
|
Cached malware disposition does not always expire as expected |
|
|
Dual stacked ASAv manual failover issues |
|
|
Retrieving an specfic rule by ID of a child Access Policy returns a 404 : Not Found status. |
|
|
Slow "securityzones" REST API |
|
|
FPR2100 FTD Standby unit leaking 9K blocks |
|
|
Long processing time to insert policy deploy task if many application filter object used in ACPolicy |
|
|
DNS lookup using mgmt VRF not possible because FMC doesn't allow interface after server address |
|
|
ASA traceback in Thread IPsec Message Handler |
|
|
WRL6 and WRL8 commit id update in CCM layer (sprint 67) |
|
|
Deployment rollback causes momentary traffic drop when error in a LINA ONLY section of delta cli |
|
|
IPSEC SA is deleted by failover which is caused by link down |
|
|
where clause not working for external data base access |
|
|
FMC 6.4.0 - Stack unit on different Domain fails the deployment after upgrade |
|
|
Policy deployment fails with 400+ interfaces in security zone due to incorrect formation of deployDB |
|
|
ASA Traceback in Ikev2 Daemon |
|
|
Only a subset of devices where deployed from a device group during scheduled deploy |
|
|
ASA: VPN traffic fails to take the tunnel route when the default route is learnt over BGP. |
|
|
Can't delete 2 or more than two IP address-pool |
|
|
FTD/LINA Standby may traceback and reload during logging command replication from Active |
|
|
App-sync failure if unit tries to join HA during policy deployment |
|
|
HA FTD on FPR2110 crash after deploy ACP from FMC |
|
|
Block double-free when combining ServerKeyExchange and ClientKeyExchange fails --> lina crashes |
|
|
Overrides cannot be added for network object if it is used in variable sets in sub domains |
|
|
established rules in asp table are not un-installed on config removal |
|
|
Unable to login via chassis Manager or Rest api in FPR2100 if session timeout is non-deafult |
|
|
Cisco Firepower Management Center LDAP Authentication Bypass Vulnerability |
Feedback