Version 6.5.0.5 Resolved Issues
|
Bug ID |
Headline |
|---|---|
|
ASA revocation-check to fall back to none only if CDP is unavailable |
|
|
ENH: SFP transceivers attached to ASA-IC-6GE-SFP-A are not shown by CLI |
|
|
Cisco Firepower Management Center Software Cross-Site Scripting Vulnerabilities |
|
|
ASA OS incorrectly calculates certificate expiry date in Syslog 717054 |
|
|
Original Client IP does not populate for dropped events when inline normalization enabled |
|
|
ASA should provide better fragment-related logs and ASP drop reasons |
|
|
ASA scansafe connector takes too long to failover to secondary CWS Tower |
|
|
"show open-network-ports" not showing the proper information on FPR4100 Series |
|
|
ASA traceback on spin_lock_release_actual |
|
|
Lina Traceback due to invalid TSC values |
|
|
Hostscan: LastSuccessfulInstallParams can not be detected by Hostscan |
|
|
ASA traceback and reload due to tcp_retrans_timeout internal thread handling |
|
|
ASA: cluster exec show commands not show all output |
|
|
KP: Can't login to fxos due to disk full error |
|
|
FTD/ASA - Cluster/HA - Master/Active unit does not update all the route changes to Slaves/Standby |
|
|
2100 generating error on FMC "[FSM.FAILED].Retrieve application attributes" |
|
|
ASA: Cannot distinguish name aliases for IPv6 and displays a "incomplete command" error message |
|
|
Cisco ASA Software and Cisco FTD Software SSL VPN Denial of Service Vulnerability |
|
|
ASA scp quite slow |
|
|
FMC UI Unresponsive After Attempt To Register Smart License With Smart Satellite |
|
|
Snort rendering block verdict for rules with action of alert. |
|
|
Increase number of worker for mojo-server on large appliances |
|
|
FTD traffic outage due to 9344 block size depletion caused by the egress-optimization feature |
|
|
VPN-sessiondb does not replicate to standby ASA |
|
|
slib memory manager : mempool mutex vs spinlock selection |
|
|
Firepower managed devices may stop responding to SNMPv3 GET/WALK requests |
|
|
Cisco Firepower Threat Defense Software Hidden Commands Vulnerability |
|
|
OSPFv3 neighborship is flapping every ~30 minutes |
|
|
Cisco Firepower Management Center Multiple Cross-Site Scripting Vulnerabilities |
|
|
Adding an ipv6 default route causes CLI to hang for 50 seconds |
|
|
OpenSSL vulnerability CVE-2019-1559 on FTD |
|
|
Traceback in HTTP Cli Exec with rest-api agent enabled |
|
|
ipv6 address of asa where ip-client is enabled is not showing in snmptrap logs |
|
|
V route is missing even after setting the reverse route in Crypto map config in HA-IKEv2 |
|
|
ASA appliance mode shows port-channel member interfaces as "unassociated" |
|
|
WRL6 and WRL8 commit id update in CCM layer (sprint 67) |
|
|
DCD Causes Standby to send probes |
|
|
Hot swap of SFP is not taking effect on the ASA |
|
|
CPU Hogs observed in CERT API process while decoding the CRL with large number of entries in it |
|
|
ASA traceback and reload related to crypto PKI operation |
|
|
Dynamic flow-offload can't be disabled |
|
|
ASA traceback and reload for the CLI "Show nat pool" |
|
|
ASA: SSH and ASDM sessions stuck in CLOSE_WAIT causing lack of MGMT for the ASA |
|
|
SFDataCorrelator high CPU during SI update |
|
|
Cluster: BGP route may go in out of sync in some scenarios |
|
|
Policy deployment is reported as successful on the FMC but it is actually failed |
|
|
FTD 1010 Passive interfaces does not receive unicast packets |
|
|
Block leak on ASA while running Cisco Umbrella DNS inspection |
|
|
low memory causes kernel to invoke - oom and reload device - modified rlimit for KP |
|
|
FTD in HA pair crashes in ids_event_proce process after policy deployment |
|
|
Cisco ASA & FTD devices may reload under conditions of low memory and frequent complete MIB walks |
|
|
FMC : FMC detect HA Sync Failed |
|
|
FPR1010 - Add temperature/warnings for SSD when thresholds are exceeded |
|
|
Packet loss over failover link triggers Split-Brain |
|
|
libexpat Improper Parsing Denial of Service Vulnerability |
|
|
Segfault in libclamav.so (in the context of SFDataCorrelator) |
|
|
Traceback on snp_policy_based_route_lookup when deleting a rule from access-list configured for PBR |
|
|
FDM 6.5.0 - FPR1000 GUI Unresponsive if upgraded with Trunk Interfaces |
|
|
Fail-to-Wire ports showing down for FPR2100, FTW configuration API takes long to finish |
|
|
Cisco Firepower 2100 Series Security Appliances ARP Denial of Service Vulnerability |
|
|
Some 3DES related configurations are lost after booted |
|
|
ASA Traceback: SCTP bulk sync and HA synchronization |
|
|
Estreamer should terminate a connection when not receiving ACKs for a long time |
|
|
ASA Static route disappearing from asp table after learning default route via BGP |
|
|
Missing clean up on rule creation failure. |
|
|
FTD/LINA Traceback and reload observed in thread name: cli_xml_server |
|
|
ASA after reload had license context count greater than platform limits |
|
|
RRI on static HUB/SPOKE config is not working on HUB when a new static SPOKE is added or deleted |
|
|
systems must enforce controls that prevent confidential information from being stored within cookie |
|
|
Management Interface operational state related fault is seen on fpr1000/fpr2100 platforms |
|
|
Unable to auto-rejoin FTD cluster |
|
|
LCMB: Dynamic medium page allocation can lead to memory depletion |
|
|
FTD-HA: after restoring FTD-HA backup file, snort process will be down |
|
|
Configuration might not replicated if packet loss on the failover Link |
|
|
WR6 and WR8 commit id update in CCM layer(sprint 72) |
|
|
FMC External Authentication with SecurID RSA fails with banner enabled |
|
|
ASA Traceback/pagefault in Datapath due to re_multi_match_ascii |
|
|
Traceback: with thread name: pix_flash_config_thread WM1010 went into reboot loop |
|
|
FTDv Deployment in Azure causes unrecoverable traceback state due to no dns domain-lookup any" |
|
|
Cisco ASA and Cisco FTD Software OSPF Packets Processing Memory Leak Vulnerability |
|
|
Standby ASA logging %ASA-4-720022: (VPN-Secondary) Cannot find trust point __tmpCiscoM1Root__ |
|
|
ASA/FTD may traceback and reload in Thread Name 'PTHREAD-1533' |
|
|
NPE in SecurityIntelligenceEoConvertor causes Lucene indexing failure |
|
|
ASA traceback and reload on Thread DATAPATH-0-2064 |
|
|
NTP configuration is not synchronized to LINA on Multi Instance |
|
|
port manager crashes with "shutdown" command from clish CLI |
|
|
Lina traceback when changing device mode of FTD |
|
|
ASA OSPF: Prefix removed from the RIB when topology changes, then added back when another SPF is run |
|
|
Clustering module needs to skip the hardware clock update to avoid the timeout error and clock jump |
|
|
Not able to access FMC devices with Chrome on Mac after upgrade to Catalina. |
|
|
ASA - 9.8.4.12 traceback and reload in ssh or fover_rx Thread |
|
|
Snort file mempool corruption leads to performance degradation and process failure. |
|
|
Decrement TTL display wrong result |
|
|
FTD traceback and reload on thread DATAPATH-1-15076 when SIP inspection is enabled |
|
|
ASA TRACEBACK: sctpProcessNextSegment - SCTP_INIIT_CHUNK |
|
|
FP2100: Traceback and reload when processing traffic through more than two inline sets |
|
|
Cisco ASA Software and FTD Software Web Services Denial of Service Vulnerability |
|
|
Network Performance Degradation when SSL policy is enabled |
|
|
snmp poll failure with host and host-group configured |
|
|
Unable to download bundles on FPR2100 |
|
|
[IMS_6_7_0] WM 'format everything' command bricks the device starting with fxos 82.9.1.112 |
|
|
Fix consoled from getting stuck and causing HA FTD policy deployment errors. |
|
|
Expected output for time zone is not found while executing "show clock" command. |
|
|
Firepower Device Manager (FDM) option to disable SSL rekey is not reflected on the config |
|
|
NAT policy configuration range limit to be imposed for non service cmds as well |
|
|
mroute entries on ASA not getting refreshed. |
|
|
ASA Traceback in Thread Name SSH with assertion slib_malloc.c |
|
|
Cisco Firepower Threat Defense Software SSL Input Validation Denial of Service Vulnerabili |
|
|
Traceback when processing SSL traffic under heavy load |
|
|
ASA may traceback and reload while waitinPC g for "DATAPATH-12-1899" process to finish. |
|
|
Incorrect empty location handling inside CSCOGet_location wrapper |
|
|
ASA reporting negative memory values on "%ASA-5-321001: Resource 'memory' limit'" message |
|
|
OSPF Hello causing 9K block depletion, control point CPU 100% and cluster unstable. |
|
|
Addition of debug counters for STRAP implementation. |
|
|
ASA/FTD may traceback and reload in Thread Name 'EIGRP-IPv4' |
|
|
Upgrade kernel to cpe:2.3:o:linux:linux_kernel:4.14.158: |
|
|
After upgrade to version 9.6.4.34 is not possible to add an access-group |
|
|
FMC generates referred interfaces cli delta after access-list cli delta |
|
|
Prevent octeon_init from getting stuck and causing HA FTD policy deployment errors. |
|
|
Inconsistent timestamp format in syslog |
|
|
ICMP not working and failed with inspect-icmp-seq-num-not-matched |
|
|
After FXOS upgrade, App Instance failed to start with Checksum Verification Fail |
|
|
Secondary ASA is unable to join the failover due to aggressive warning messages. |
|
|
WR6 and WR8 commit id update in CCM layer(sprint 75) |
|
|
reactivation-mode timed causing untimely reactivation of failed server |
|
|
ASA traceback and reload when running command "clear capture /" |
|
|
Traffic may match an access-list incorrectly with object-group-search enabled |
|
|
Cisco ASA and Cisco FTD Malformed OSPF Packets Processing Denial of Service Vulnerability |
|
|
Policy deployment fails subsequent to SRU |
|
|
Upgrade of 6.4.0.4-34 to 6.4.0.6 is deleting Static Route |
|
|
ASA sends malformed RADIUS message when device-id from AnyConnect is too long |
|
|
ICMP Reply Dropped when matched by ACL |
|
|
Cisco Firepower Threat Defense Software TCP Flood Denial of Service Vulnerability |
|
|
ASA/FTD Tunneled Static Routes are Ignored by Suboptimal Lookup if Float-Conn is Enabled |
|
|
Observed crash in KP device while upgrading to 99.14.1.64 image. |
|
|
Remove unsupported fast mode lacppolicy configuration from FXOS on Firepower 2100 |
|
|
false reported value for OID "cipSecGlobalActiveTunnels" - same as ASDM |
|
|
On firepower devices, hardware rules are not updated after successful policy deployment |
|
|
DME process crash due to memory leak on Firepower 2100 |
|
|
SAML tokens are not removed from hash table |
|
|
IKEv2 vpn-filter drops traffic with implicit deny after volume based rekey collision |
|
|
Cisco Firepower Management Center Software Open Redirect Vulnerability |
|
|
FPR1010 temperature thresholds should be changed |
|
|
ASA Traceback on IPsec message handler Thread |
|
|
ASA/FTD: Block 256 size depletion caused by ARP of BVI not assigned to any physical interface |
|
|
SFDatacorrelator and Snort process cores repeatedly while loading malware seed file |
|
|
Wrong Module version listed for FXOS 2.6(1.174) |
|
|
FTD failover due to error "Inspection engine in other unit has failed due to snort and disk failure" |
|
|
Traceback: spin_lock_fair_mode_enqueue: Lock (np_conn_shrlock_t) is held for a long time |
|
|
ASA/Lina Offloaded TCP flows interrupted if TCP sequence number randomizer is enabled and SACK used |
|
|
ASA/FTD Traceback in Thread Name: DATAPATH due to DNS inspection |
|
|
ASA Traceback Thread Name: IKE Daemon |
|
|
FP41xx incorrect interface applied in ASA capture |
|
|
Placeholder to address CSCvs31470 in Multi-Context Mode |
|
|
Multiple Cisco Products Snort Application Detection Engine Policy Bypass Vulnerability |
|
|
SNORT Fatal Error due to out of range interface ID |
|
|
Port-channel bundling is failing after upgrade to 9.8 version |
|
|
ASA/FTD may traceback and reload in Thread Name 'License Thread' |
|
|
FTD Traceback Lina process |
|
|
FPR-1000 Series Random Number Generation Error |
|
|
NTP script error leading to clock drift and traffic interruption |
|
|
CSCvs59487 requires additional fix for resolution |
|
|
Reduce number of fsync calls during close in flash file system |
|
|
Invalid scp session terminates other active http, scp sessions |
|
|
catalina.<date>.log files can consume all disk space in their partition |
|
|
ASA/FTD traceback and reload due to memory leak in SNMP community string |
|
|
WR6 and WR8 commit id update in CCM layer(sprint 79) |
|
|
Deployment is marked as success although LINA config was not pushed |
|
|
Cisco Firepower Threat Defense Software Inline Pair/Passive Mode DoS Vulnerability |
|
|
Cisco ASA Software and FTD Software Web Services Read-Only Path Traversal Vulnerability |
|
|
When maximum packet encapsulation is exceeded decoding errors are depleting disk space. |
|
|
IPv6 DNS server resolution fails when the server is reachable over the management interface. |
|
|
Flow offload not working with combination of FTD 6.2(3.10) and FXOS 2.6(1.169) |
|
|
Incorrect access-list hitcount seen when configuring it with a capture on ASA |
|
|
Cisco Firepower 4110 ICMP Flood Denial of Service Vulnerability |
|
|
DOC - Clarify the meaning of mp-svc-flow-control under show asp drop |
|
|
ASA/FTD may traceback and reload in Thread Name 'ssh' |
|
|
ASA: Traceback in thread Unicorn Admin Handler |
|
|
Cisco ASA and FTD Software FTP Inspection Bypass Vulnerability |
|
|
FTD 2100: Packet drops during the transition of BYPASS to NON-BYPASS when device is rebooted |
|
|
Cisco ASA and FTD Software Web Services Information Disclosure Vulnerability |
|
|
Cisco ASA and FTD WebVPN CRLF Injection Vulnerability |
|
|
FTD Traceback in thread 'ctm_ipsec_display_msg' |
|
|
VPN failover recovery is taking approx. 30 seconds for data to resume |
|
|
FTD: Traceback and reload related to lina_host_file_open_raw function |
|
|
ASA: Active unit HA traceback and reload during Config Sync state during OSPF sync |
|
|
ASAv Unable to register smart licensing with IPv6 |
|
|
Active FTP fails when secondary interface is used on FTD |
|
|
with FXOS 2.8.1.84, FDM UI installation of 6.5.0.2 patch fails. unzip -o fails to unzip all files |
|
|
Observed traceback on 2100 while performing Failover Switch from Standby. |
|
|
sctp-state-bypass is not getting invoked for inline FTD |
|
|
FPR2100 - ASA in Appliance Mode - SNMP Delay |
|
|
WR6, WR8 and LTS18 commit id update in CCM layer(sprint 80) |
|
|
Cisco ASA and FTD Software for FP 1000/2100 Series Appliances Secure Boot Bypass Vulns |
|
|
Cisco ASA and FTD Software for FP 1000/2100 Series Appliances Secure Boot Bypass Vulns |
|
|
IPSec SAs are not being created for random VPN peers |
|
|
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software DoS Vuln |
|
|
Encryption-3DES-AES should not be required when enabling ssh version 2 on 9.8 train |
|
|
Multi-context ASA/LINA on FPR not sending DHCP release message |
|
|
Dynamic RRI route is not destroyed when IKEv2 tunnel goes down |
|
|
Pad packets received from RA tunnel which are less than or equal 46 bytes in length with zeros |
|
|
Crypto ring stalls when the length in the ip header doesn't match the packet length |
|
|
ASA LDAPS connection fails on Firepower 1000 Series |
|
|
FPR2100 'show crypto accelerator statistics' counters do not track symmetric crypto |
|
|
Standby unit traceback at fover_parse and boot loop when detecting Active unit |
|
|
FTD Standby unit does not join HA due to "HA state progression failed due to APP SYNC timeout" |
|
|
FMC Unable to fetch VPN troubleshooting logs from WM Model devices |
|
|
Stuck uauth entry rejects AnyConnect user connections despite fix of CSCvi42008 |
|
|
PKI-CRL: Memory Leak on Download and Clear Large CRL |
|
|
PKI-CRL: Memory Leak on Download Large CRL in loop without clearing it |
|
|
Fragmented packets forwarded to fragment owner are not visible on data interface captures |
|
|
Traffic outage due to 80 size block exhaustion on the ASA FPR9300 SM56 |
|
|
ASA traceback Thread name - webvpn_task |
|
|
LINA cores are generated when FTD is configured to do SSL decryption. |
|
|
KP IOQ driver. Add defensive parameter and state checks. |
|
|
ASA 9.13.1.7 traceback and reload while processing hostscan data (process name LINA ) |
|
|
Cisco ASA and FTD Web Services File Upload Denial of Service Vulnerability |
|
|
ASA High CPU with igb_saleen_io_sfp_mod_poll_thre process |
|
|
remote acess mib - SNMP 64 bit only reporting 4Gb before wrapping around |
|
|
ASA is sending failover interface check control packets with a wrong destination mac address |
|
|
Cisco Adaptive Security Appliance Software SSL/TLS Denial of Service Vulnerability |
|
|
Route Fallback doesn't happen on Slave unit, upon RRI route removal. |
|
|
NetFlow reporting impossibly large flow bytes |
|
|
FTD traceback and reload on thread "IKEv2 Mgd Timer Thread" |
|
|
Adjust Firepower 4120 Maximum VPN Session Limit to 20,000 |
|
|
Cisco ASA Software and FTD Software Web Services Denial of Service Vulnerability |
|
|
FTD traceback and reload on FP2120 LINA Active Box. VPN |
|
|
Cisco FXOS Software Command Injection Vulnerability |
|
|
Redistribution of VPN advertised static routes fail after reloading the FTD on FPR2100 |
|
|
High unmanaged disk usage on /ngfw due to cisco_uridb* files |
|
|
FDM: Deployment Failure after editing NAT Policy containing Mapped Services |
|
|
Policy deployment failure due to snmp configuration after upgrading FMC to 6.6 |
|
|
Cisco ASA and FTD Software OSPFv2 Link-Local Signaling Denial of Service Vulnerability |
|
|
Unable to access anyconnect webvpn portal from google chrome using group-url |
|
|
SNMP traps can't be generated via diagnostic interface |
|
|
ASA traceback and reload with thread name coa_task |
|
|
FDM: None of the NTP Servers can be reached - Using Data interfaces as Management Gateway |
|
|
Connectivity over the state link configured with IPv6 addresses is lost after upgrading the ASA |
|
|
Certificate mapping for AnyConnect on FTD stops working. |
|
|
ASAv on AWS 9.13.1.7 BYOL image cannot be enabled for PLR |
|
|
IKEv2 Call Admission Statistics "Active SAs" counter out of sync with the real number of sessions |
|
|
tsd0 not reset when ssh quota limit is hit in ci_cons_shell |
|
|
AnyConnect statistics is doubled in both %ASA-4-113019 and RADIUS accounting |
|
|
Device loses ssh connectivity when username and password is entered |
|
|
FPR2100: ASA console may hang & become unresponsive in low memory conditions |
|
|
ASAv/AWS: Unable to upgrade or downgrade C5 ASAv code on AWS |
|
|
cert map to specify CRL CDP Override does not allow backup entries |
|
|
Import fails with local user password contains consecutive characters message |
|
|
FPR-41x5: 'clear crypto accelerator load-balance' will cause a traceback and reload |
|
|
ASA on QP platforms display wrong coredump filesystem space (50 GB) |
|
|
DTLS v1.2 and AES-GCM cipher when used drops a particular size packet frequently. |
|
|
Cisco Firepower Threat Defense Software Multi-Instance Container Escape Vulnerability |
|
|
Cluster data unit might fail to synchronize SCTP configuration from the control unit after bootup |
|
|
ASA-FPWR 1010 traceback and reload when users connect using AnyConnect VPN |
|
|
HKT - Failover time increases with upgrade to 9.8.4.15 |
|
|
Cisco ASA and FTD Software SIP Denial of Service Vulnerability |
|
|
FTD failover units traceback and reload on DATAPATH |
|
|
ASA generated a traceback and reloaded when changing the port value of a manual nat rule |
|
|
Config_XML_Response from LINA is not in the correct format,Lina reporting as No memory available. |
|
|
ASA interface ACL dropping snmp control-plane traffic from ASA |
|
|
WebVPN SSO Gives Unexpected Results when Integrated with Kerberos |
|
|
ASA: Lack of specific syslog messages to external IPv6 logging server after ASA upgrade |
|
|
SSH keys lost in ASA after reload |
|
|
FXOS LACP packet logging to pktmgr.out and lacp.out fills up /opt/cisco/platform/logs to 100% |
|
|
ASA & FTD Cluster unit traceback in thread Name "cluster config sync" or "fover_FSM_thread" |
|
|
Cisco ASA Software and FTD Software Web Services Cross-Site Scripting Vulnerability |
|
|
Cisco ASA and FTD Software SSL/TLS Session Denial of Service Vulnerability |
|
|
Cisco ASA and FTD IP Fragment Memory Leak Vulnerability |
|
|
FDM - New firewall session getting created after performing HA Failover for traffic in progress |
|
|
Cisco ASA and FTD Software SSL VPN Direct Memory Access Denial of Service Vulnerability |
|
|
WR6, WR8 and LTS18 commit id update in CCM layer(sprint 87) |
|
|
Binary rules (SO rules) are not loaded when snort reloads |
|
|
Cisco ASA and FTD Web Services Interface Cross-Site Scripting Vulnerabilities |
|
|
Cisco ASA Software and FTD Software WebVPN Portal Access Rule Bypass Vulnerability |
|
|
Snort Generator ID 3 rules disabled following Snort reload |
|
|
Cisco ASA and FTD Web Services Interface Cross-Site Scripting Vulnerabilities |
|
|
Restore backup fails on FTD models 2100 or 1100 platforms |
|
|
ASA 'session sfr' command disconnects from FirePOWER module for initial setup |
|
|
OSPF neighbourship is not establising |
|
|
Cisco ASA and FTD Web Services Interface Cross-Site Scripting Vulnerabilities |
|
|
Cisco Firepower 1000 Series Bleichenbacher Attack Vulnerability |
|
|
FMC 6.4 to 6.7 upgrade fails "Error running script 500_rpms/110_generate_dbaccess.sh" |
|
|
Cisco ASA Software Web-Based Management Interface Reflected Cross-Site Scripting Vulnerabi |
|
|
DMA memory leak in ctm_hw_malloc_from_pool causing management and VPN connections to fail |
|
|
Snort busy drops with PDTS Tx queue stuck |
Feedback