Resolved Issues

For your convenience, the release notes list the resolved issues for this version.

If you have a support contract, you can use the Cisco Bug Search Tool to obtain up-to-date bug lists. You can constrain searches to bugs affecting specific platforms and versions. You can also search by bug status, bug ID, and for specific keywords.


Important


Bug lists are auto-generated once and are not subsequently updated. Depending on how and when a bug was categorized or updated in our system, it may not appear in the release notes. You should regard the Cisco Bug Search Tool as the source of truth.


Version 6.7.0 Resolved Issues

Table 1. Version 6.7.0 Resolved Issues
Bug ID Headline

CSCuq33233

Clustering: Overlapping PAT IPs in NAT rules prevent xlates from replicating

CSCvd09106

Editing SNMP/Syslog/Email Alert Configuration causes in use count to increase

CSCvf34107

False positive alerts for High Unmanaged Disk usage on /Volume

CSCvg01007

https pdf attachment issues

CSCvg74990

Need to update Online documentation for Archive Inspection feature limitations

CSCvh65500

Firepower 2100 Client in FTP active mode is not able to establish control channel with the Server

CSCvi47847

Shell application not detected through Firepower

CSCvi51189

ENH: FDM should allow custom non-UDP/TCP 443 port for webvpn/AnyConnect

CSCvi92162

DOC: Need explanation about App and URL inspection of HTTPS traffic on each Firepower version

CSCvi96835

No validation err when changing host thats part of a group object used in a routing policy, to Range

CSCvj87597

Import fails when Flex Config contains a Security Zone.

CSCvj91418

Cisco FTD Software SMB Protocol Preprocessor Detection Engine Low System Memory DoS Vuln

CSCvk16568

AppID stop processing traffic if Application ID has been detected

CSCvk21405

shell application not pin holing new connection from server

CSCvk40714

Unable to configure SSH option for Remote Storage

CSCvk56513

Tor not blocked when traffic is passed through proxy.

CSCvk62871

Firepower 2100 FTP Client in passive mode is not able to establish data channel with the Server

CSCvm69294

Standby FMC sending Flood of SNMP traps

CSCvm99989

SNMP OID for SystemUpTime show incorrect value

CSCvn08417

ENH: FlexConfig should not blacklist crypto commands

CSCvn49854

Subsequent HTTP requests not retrieving URL and XFF

CSCvn73530

Scheduled deployment task on KP devices were stuck for more than 50+ hours.

CSCvn78597

Firepower block page not displayed on MS IE11 and Edge for HTTPS blocked sites when proxy is enabled

CSCvn94888

FTD registered to FMC returns "Service Unavailable"

CSCvo33348

Mysql traffic on non standard port is not correctly classified

CSCvp06526

Manage the sfhassd thread CPU affinity to match the Snort CPU affinity

CSCvp29817

Fail to update login history when converting TempID to RealID. 1x log per ID, history lost

CSCvp80474

OpenSSL vulnerability CVE-2019-1559 on SFOS

CSCvq23896

TLS 1.3 traffic whitelisted by SSL preprocessor when pending for AppID

CSCvq39888

Cisco Firepower Threat Defense Software Non-Standard Protocol Detection Bypass Vuln

CSCvq39955

Cisco Firepower Threat Defense Software Stream Reassembly Bypass Vulnerability

CSCvq54551

Failed to load error on Intelligence Page for FMC for CAC User

CSCvq67965

ENH:Need the ability to disable auto negotiation in SFP - Fp2k

CSCvq76964

Fault Related to Unhealthy module FlexFlash Controller 1 old Firmware

CSCvq95058

IPSEC SA is deleted by failover which is caused by link down

CSCvr01675

Multiple Cisco Products Snort HTTP Detection Engine File Policy Bypass Vulnerability

CSCvr09399

Dynamic flow-offload can't be disabled

CSCvr09468

ASA traceback and reload for the CLI "Show nat pool"

CSCvr13762

NGFWHA Missing EO UUID on FMC

CSCvr39217

Fxos Snmp-user is not persistent after reboot

CSCvr49729

Fail-to-Wire ports showing down for FPR2100, FTW configuration API takes long to finish

CSCvr49833

Cisco Firepower 2100 Series Security Appliances ARP Denial of Service Vulnerability

CSCvr55535

Phase 3 of policy deployment takes a long time due to only working on 10 packages at a time

CSCvr57051

Policy deployment failed with error "Can't use an undefined value as a HASH reference "

CSCvr66067

Provide the backup and restore steps for FMC in high availability deployment mode

CSCvr66798

DNS Application Detector sometimes fails to detect DNS traffic

CSCvr68885

FXOS fault F0479 Virtual Interface link state is down

CSCvr74896

Cannot update Security intelligence when AC Policy is imported to FMC with cloud feeds disabled

CSCvr74901

AppAG encoding for FXOS logical device bootstrap

CSCvr86077

ASA Traceback/pagefault in Datapath due to re_multi_match_ascii

CSCvr86213

CD is required to ignore Cluster-Msg-Delivery-Confirmation in Cluster Node Release Lina State

CSCvr98881

Traceback: FTD ZeroMQ memory assertion

CSCvs05066

Snort file mempool corruption leads to performance degradation and process failure.

CSCvs06043

TunnelClient for CSM_CCMservice on ngfwManager not reading ACK sent from CSM_CCM service on FMC

CSCvs13950

REST API Network Object Validation

CSCvs19968

Fix consoled from getting stuck and causing HA FTD policy deployment errors.

CSCvs21705

admin user is not authorized to access the device routing configuration inside the domain.

CSCvs29494

Hub and spoke VPN, dynamic crypto map, auto-generated PSK is the same for static and dynamic peers

CSCvs31114

Warning about not supported bypass revocation checking for FTD 6.5 and higher

CSCvs33392

Known Key SSL decryption and connections can fail when servers are using unsupported TLS options

CSCvs34851

Continuous link flapping leading to snm_log corefile

CSCvs37266

Reviewed intrusion events belonging to a subdomain show the reviewer as Unknown

CSCvs39253

Firepower 7000 & 8000 cannot sent emails on version 6.4

CSCvs39368

DME process may traceback due to memory leak on Firepower 4100/9300

CSCvs39388

FTD not sending system syslog messages in CC mode

CSCvs41883

Deployment fails after upgrading to 6.4.0.x if ND policy refs are missing

CSCvs42203

hostname transmission: Hostname is null, Device sends hostname as "none" to SA

CSCvs42388

Gratuitous logging of string: "Memory stats information for preprocessor is NULL"

CSCvs42577

user download may fail due to password not sent

CSCvs42799

After FXOS upgrade, App Instance failed to start with Checksum Verification Fail

CSCvs44109

FMC: PPPoE password restrictions are too strict; should match the underlying code

CSCvs44149

Reconciliation report not displaying all the networks when adding a large object group

CSCvs52227

Firewall engine debug logs being produced in syslog without actually enabling debugs.

CSCvs59866

Remove unsupported fast mode lacppolicy configuration from FXOS on Firepower 2100

CSCvs64510

Deployment failure with message (Can't call method "binip" on unblessed reference)

CSCvs68576

Deploy failure when deleting auto nat rule due to double negate

CSCvs71578

FMC upgrade [6.2.3.10 to 6.4.0] got stuck at 400_run_troubleshoot.sh, upgrade was hung

CSCvs72390

Cisco Firepower Management Center Cross-Site Scripting Vulnerability

CSCvs74586

Firepower FTD transparent does not decode non-ip packets

CSCvs74747

FTD registration state shows "pending" after a backup is restored

CSCvs76604

SNMP not working over Management Interface in 6.6.0-1430

CSCvs81871

Remove CCL MTU Pop-Up Warning When Editing Data Interfaces

CSCvs85348

Object validation is validating interfaces from different devices.

CSCvs85640

Unable to supress Audit logs on the FMC

CSCvs86765

rule impact regeneration should not terminated on single rule errors

CSCvs90447

FXOS 8x1G FTW continuous link flap

CSCvs91270

Inspect Interruption - Error in deployment page.

CSCvs92044

FXOS L3 Egress Object Resource Leak due to Port-Channel Member Interface Flaps

CSCvs92077

wrong impact flag for local rules with impact flag not red

CSCvs94061

NTP script error leading to clock drift and traffic interruption

CSCvs98373

FMC is unable to detect classic licenses intermittently

CSCvt01397

Deployment is marked as success although LINA config was not pushed

CSCvt03320

VLAN interfaces should be configurable for DHCP-related configuration on an FMC

CSCvt04377

When vlan encapsulation is exceeded decoding errors are depleting disk space.

CSCvt06091

FXOS displays a WSP-Q40GLR4L transceiver from show interface as type QSFP-40G-LR4

CSCvt06743

FTW watch-dog kick delays which might cause inline sets to go down/Bypass-Fail

CSCvt08514

SFDataCorrelator:FPReplicationCommunicationRabbit unable to connect without restarting sfipproxy

CSCvt10420

DomainSearchNameValidator class needs updated regex for DOMAIN_NAME_PATTERN

CSCvt10604

Validation Check when two objects with different mask but same network is used in route without ECMP

CSCvt11885

Running the migration script exits with an out of memory error

CSCvt15062

FTD 2100: Packet drops during the transition of BYPASS to NON-BYPASS when device is rebooted

CSCvt16642

FMC not sending some audit messages to remote syslog server

CSCvt16723

log rotation for ngfw-onbox logs NOT happening at expected log size

CSCvt17448

OSPF multicast mac getting removed from l2-table causing OSPF to fail

CSCvt18337

Failover got disabled on HA node after upgrade

CSCvt20235

Firepower 4100 series all FTW interfaces link flap at the same time but occur rarely

CSCvt20709

Wrong direction in SSL-injected RESET causes it to exit through wrong interface, causing MAC flap

CSCvt21986

Inconsistent allocation of cores for snort and lina between instances

CSCvt22254

Auto Deploy fails after Restore if FDM cannot reach update server

CSCvt25599

Deprecated Flexconfig should block deployment not just warn

CSCvt25647

sru and tid update failures caused by missing rabbitmq device accounts

CSCvt26530

FTD failed over due to 'Inspection engine in other unit has failed due to snort failure'

CSCvt34160

"Link not connected" error after reboot when using WSP-Q40GLR4L transceiver on FPR9K-NM-4X40G

CSCvt34894

Snort consumes excessive memory which is leading to performance problems.

CSCvt34973

SFNotificationd may cause excessive logging in 'messages' files

CSCvt35053

Cisco Firepower Management Center Software Cross-Site Scripting Vulnerabilities

CSCvt35134

FPR4100/9300: Packet drops during the transition of BYPASS to NON-BYPASS when device is rebooted

CSCvt35233

Excessive logging from the daq modules process_snort_verdict verdict blacklist

CSCvt35366

Excessive logging of lua detector invalid LUA (null)

CSCvt35730

FDM deployment error if 2nd tunnel has overlapping crypto ACL

CSCvt35897

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software DoS Vuln

CSCvt37881

Block page for https not working

CSCvt37913

serviceability - when breaking FMC HA EOs authority stays with former primary

CSCvt38279

Erase disk0 on ISA3000 causes file system not supported

CSCvt39292

LDAPS External users can't 'sudo su' on Firepower 4110

CSCvt39349

Registration of device should be allowed as long as deploy status = DEPLOYED or FAILED

CSCvt39897

FP 4120 svc_sam_dcosAG crashed with crash type:139

CSCvt40306

ASA:BVI interface of standby unit stops responding after reload

CSCvt45206

Event search may fail when searching events that existed before upgrade

CSCvt46784

clish configure ssh-accesslist command fails silently if iptables is corrupt

CSCvt46999

EventHandler does not process connection events after CLI command to enable/disable ramdisk

CSCvt48260

Standby unit traceback at fover_parse and boot loop when detecting Active unit

CSCvt50528

Warning Message for default settings with Installation of Certificates in ASA/FTD - CLI

CSCvt51039

Handling license cleanup

CSCvt52604

Interfaces page from Objects section of the FMC does not load (domains page is likely affected also)

CSCvt52607

Reduce SSL HW mode flow table memory usage to reduce the probability of Snort going in D state

CSCvt52844

AMP cloud lookup using legacy port on upgraded FDM, 6.6.0-1621

CSCvt54267

Cisco Firepower Management Center Software Denial of Service Vulnerability

CSCvt54279

FDM: Deploy fails with: Missing license for object: Sensitive_data requires the URLFILTERING license

CSCvt54943

extra "Local Disk 3" displayed on FPR9300 (improved solution)

CSCvt59770

FTD: Failure to retrieve certificate via SCEP will cause outage

CSCvt61196

ASA on multicontext mode, deleting a context does not delete the SSH keys.

CSCvt61229

Deployment should not fail for special characters in rule comments

CSCvt61370

Events may stop coming from a device due to a communication deadlock

CSCvt63293

Disk Usage Health monitor not working for any appliance without 2 Hard Drives

CSCvt64642

FMC -Deployment Failure- Anyconnect - "Certificate Map" using "DC (Domain Component)" to match cert.

CSCvt64822

Cisco Adaptive Security Appliance Software SSL/TLS Denial of Service Vulnerability

CSCvt67638

restore is failing with error unable to extract metadata

CSCvt68486

FXOS: svc_sam_dcosAG process crash on FirePower 4100/9300

CSCvt69260

connection event shows old device name

CSCvt70879

"clear configure access-list" on ACL used for vpn-filter breaks access to resources

CSCvt72683

NAT policy configuration after NAT policy deployment on FP 8130 is not seen

CSCvt73808

Handling for longer header length messages going from DAQ to Oct driver

CSCvt75677

Configuring logical name as TRUE or FALSE on interface disappears all static routes from FMC UI

CSCvt78809

Instance start failed due to VNIC configuration error

CSCvt79471

GET to ../deployment/deployabledevices fails with 500 internal error on 6.2.3.13 FMC.

CSCvt79777

duplicate ip addresses in sfipproxy.conf

CSCvt79863

FTD upgrade incorrectly declared successful despite failure due to IO errors

CSCvt79988

Policy deployment failure due to snmp configuration after upgrading FMC to 6.6

CSCvt80104

Memcached software needs to be upgraded to address CVE-2018-1000115

CSCvt80172

Supervisor software needs to be upgraded to address CVE-2017-11610

CSCvt83121

Cisco ASA and FTD Software OSPFv2 Link-Local Signaling Denial of Service Vulnerability

CSCvt83133

Unable to access anyconnect webvpn portal from google chrome using group-url

CSCvt85815

Policy Deployment fails after enabling "Sensitive Data Detection"

CSCvt86807

Web Analytics (Google Analytics) is re-enabled after major upgrade

CSCvt89587

Deployment failing with error : Input line size exceeded available buffer

CSCvt91258

FDM: None of the NTP Servers can be reached - Using Data interfaces as Management Gateway

CSCvt93177

Disable Full Proxy to Light Weight Proxy by Default. (FP2LWP) on FTD Devices

CSCvt93999

FMC shouldn't allow a second upgrade on same device if upgrade is going on

CSCvt94383

Invalid gid permissions causing HA sync and device registration issues

CSCvu01083

Add RabbitMQ log cleaning exception to avoid process restart

CSCvu02594

Snort taking long time to terminate, because of too many async sessions

CSCvu05216

cert map to specify CRL CDP Override does not allow backup entries

CSCvu08802

FTD HA configuration lost on FMC after FMC upgrade from 6.4.0.7 to 6.5.0.4

CSCvu09379

During reimage FMC will get stuck in a loop when using FTP transfer without password

CSCvu09496

DNS data collected and exported multiple times while same DNS policy referenced in many ACP's

CSCvu09723

FDM: Default Action's logging doesn't reflect on LINA side

CSCvu10900

Tons of ssl-certs-unified.log files, contributing to 9GB in troubleshoot

CSCvu11868

"Link not connected" error after reboot when using QSFP-40G-LR4 transceiver on FPR9K-NM-4X40G

CSCvu12307

FTD-HA: "ERROR: The specified AnyConnect Client image does not exist."

CSCvu12608

ASA5506/5508/5516 devices not booting up properly / Boot loop

CSCvu13287

FDM unable to import certificate with no subject or issuer - fails upgrade as well

CSCvu14647

Unable to stop config database error during FMC HA sync

CSCvu14772

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, pa

CSCvu15611

FTD-HA: Standby failed to join HA "CD App Sync error is App Config Apply Failed"

CSCvu16201

Data Correlator terminated unexpectedly on FMC during CheckClientAppVulnerability

CSCvu22377

An extra whitespace in cluster group name of FTD causing Slave to be kicked out.

CSCvu23289

Disk filled by numerous neostore.transaction.db.* files, causing neo4j issues

CSCvu26658

SFDataCorrelator can drop events during backup operations

CSCvu29660

Block exhaustion snapshot not created when available blocks goes to zero

CSCvu30549

Document all 3 URL entry options for "Manual URL Filtering"

CSCvu30572

Document syntax and semantics of URL when "Enter URL" textbox of "Add Rule" is used

CSCvu30585

Document "URL Object" format and feature operation

CSCvu30588

Document "URL List and Feeds Object" format and feature operation of "Security Intelligence"

CSCvu30756

User Identity does not correctly handle identical sessions in different netmaps

CSCvu31167

DOC: File policy automatically enables inline normalization with Normalize TCP Payload option

CSCvu32449

FDM: AnyConnect "Validation failed due to duplicate name:"

CSCvu36539

Upgrade will fail if a smart licensed device is upgraded from 6.2.2 -> 6.4.0 -> 6.6.0.

CSCvu40531

FXOS LACP packet logging to pktmgr.out and lacp.out fills up /opt/cisco/platform/logs to 100%

CSCvu43827

ASA & FTD Cluster unit traceback in thread Name "cluster config sync" or "fover_FSM_thread"

CSCvu53585

Elektra onbox policy deployment failure after upgrade to 6.6.0

CSCvu54000

Firepower 4100 FTP Client in EPSV passive mode is not able to establish data channel with the Server

CSCvu54221

Add hardware requirement for FMC HA

CSCvu54706

Cisco Firepower Management Center CWE-772 - Slow HTTP POST vulnerability

CSCvu55469

FTD - Connection idle timeout doesn't reset

CSCvu57825

Snort down: Reconfiguring Detection Error

CSCvu57834

syslog-ng process utilizing 100% CPU

CSCvu58153

Display RADIUS port representation as little-endian instead of big-endian

CSCvu60923

Editing the IP in a Radius Server Group object results in unintended values for the IP address

CSCvu65085

[DOC] Route-map object Set Clauses do not include EIGRP k-values.

CSCvu65890

FMC unable to switch from MD5 and DES under SNMP3 settings despite not being supported

CSCvu65936

FDM 6.6.0 upgrade(or)configImport fail with EtherChannelInterface as failoverlink validation failure

CSCvu66119

URL rules are incorrectly promoted on series 3 resulting in traffic matching the wrong rule.

CSCvu70529

Binary rules (SO rules) are not loaded when snort reloads

CSCvu75581

Cisco ASA and FTD Web Services Interface Cross-Site Scripting Vulnerabilities

CSCvu77689

FTP to FileZilla miscategorized as SMTP

CSCvu79129

FTD-API/FDM: Smart License Base License is Lost

CSCvu82272

Upgrade on Firepower Management Center may fail due to inactive stale entries of managed devices

CSCvu82578

Light Theme UI FMC - SFR Module long delay loading Interfaces Page

CSCvu82743

Encoded Rule Plugin SID: value, GID: 3 not registered properly. Disabling this rule

CSCvu82918

HA sync fails on standby with unexpected error

CSCvu83389

ASA drops GTPV1 Forward relocation Request message with Null TEID

CSCvu83629

Number Of URLs in Security Intelligence for URL List file may not appear in new UI (Ligth Theme)

CSCvu84556

Site to Site Dynamic crypto map deployed below RA VPN Dynamic Crypto map

CSCvu85127

Unable to deploy if device with same UUID is trying to connect

CSCvu85381

HA Re-formation fails following a policy deploy failure on standby

CSCvu87879

Deployment gets stuck when HA continually changes state due to interface monitoring

CSCvu88005

FMC REST API user permission for GET taskstatus

CSCvu91292

Snort restarts repeatedly when new custom apps are identified using nmap

CSCvu96927

Not able to remove FQDN object once it is assigned within a NAT group

CSCvu98197

HTTPS connections matching 'Do not decrypt' SSL decryption rule may be blocked

CSCvv02925

OSPF neighbourship is not establising

CSCvv09180

NTP "Server Status" is blank in Firepower Chassis Manager when more than one NTP server configured

CSCvv10901

vFTD on VMware documentation should recommend disabling hyperthreading

CSCvv10948

FDM upgrade - There are no visible pending changes on UI -- but upgrade is not starting

CSCvv11981

Lina side of changes required for bug CSCvr98881 in unified-logging.

CSCvv12988

tomcat does not recover gracefully after getting killed during backup

CSCvv13672

CPU load graph may show incomplete CPU data for longer time period selected

CSCvv14442

FMC backup restore fails if it contains files/directories with future timestamps

CSCvv15013

FXOS sending additional internal VLAN TAG leading to ARP update failure on devices.

CSCvv16245

Cisco Firepower Management Center Software Common Access Card Authentication Bypass Vuln

CSCvv17893

Bad uip snapshot and log file causes FTD to repeatedly requests catchup, and exhausts file handlers

CSCvv18936

CAC login button doesn't appear on new UI, after session timeout

CSCvv21045

Database doesn't accept any new connections causing event processing to stop

CSCvv21782

6.6.1: Prefilter Policy value shown as Invalid ID for all the traffic in ASA SFR Platform

CSCvv23370

Observed traceback in FPR2130 while running webVPN, SNMP related traffic.

CSCvv26683

"configure high-availability disable" command when executed from CLI causes exception in next HAJoin

CSCvv27113

ProcessMetadata for intrusion event uses wrong local_sid constraint to lookup entry

CSCvv29851

FMC - High Availabilty page not loading after Migration from Virtual to Physical device

CSCvv31197

File names not showing up correctly for the file events for decrypted ssl traffic

CSCvv33013

FDM: Unable to add the secret key with the character ^ @ _

CSCvv34888

WR6, WR8 and LTS18 commit id update in CCM layer(sprint 92)

CSCvv36915

"Show NTP" command does not work on multi-instance FTD

CSCvv38482

FDM UI fails to load after an upgrade

CSCvv40316

FDM - Unable to add the BGP 11th neighbor using smart CLI routing object

CSCvv43864

Preview change log is blank when changes are made to the policy

CSCvv45500

Version 6.6.0.1 FTD Upgrade with FDM Suspends HA

CSCvv46984

Upgrade to 660 fails in HA standby device managed through data interface

CSCvv52591

DMA memory leak in ctm_hw_malloc_from_pool causing management and VPN connections to fail

CSCvv55066

FPR1010: Internal-Data0/0 and data interfaces are flapping during SMB file transfer

CSCvv57476

CSS Styles loading issue in Chrome 85, IE and Edge browsers

CSCvv58604

Reset not sent when traffic matches AC-policy configured with block/reset and SSL inspection

CSCvv64302

DOC: Documentation incorrectly states Logging Events to Ramdisk is not enabled on lower end devices

CSCvv69708

DOC: FTD Improve Platform Settings DNS Resolution configuration guide

CSCvv70096

Snort 2: Memory Leak in SSL Decrypt & Resign Processing

CSCvv73540

Create a monitor to drop file cache once it exceeds a certain limit

CSCvv74951

Disable memory cgroups when running the system upgrade scripts

CSCvv79705

Upgrade to 6.6.0 or 6.6.1 failed on 800_post/100_ftd_onbox_data_import.sh

CSCvv91486

Memory leak during reload in stream

CSCvv99517

FMC: Unable to save interface config and "An internal error occurred while processing your request"

CSCvw07003

Unable to edit Site-to-Site VPN configuration by a leaf domain admin user

CSCvw07352

SFDataCorrelator log spam, metadata fails after Sybase connection status 0

CSCvw17084

In Firepower Module 6.3, app status is down after restore

Back to TopBack to Top