Cisco Firepower 4100/9300 FXOS Release Notes, 2.2(2)
This document contains release information for Cisco Firepower eXtensible Operating System (FXOS) 2.2(2).
Use this release note as a supplement with the other documents listed in the documentation roadmap:
 Note |
The online versions of the user documentation are occasionally updated after the initial release. As a result, the information contained in the documentation on Cisco.com supersedes any information contained in the context-sensitive help included with the product. |
Introduction
The Cisco Firepower security appliance is a next-generation platform for network and content security solutions. The Firepower security appliance is part of the Cisco Application Centric Infrastructure (ACI) Security Solution and provides an agile, open, secure platform that is built for scalability, consistent control, and simplified management.
The Firepower security appliance provides the following features:
-
Modular chassis-based security system—Provides high performance, flexible input/output configurations, and scalability.
-
Firepower Chassis Manager—Graphical user interface provides a streamlined, visual representation of the current chassis status and allows for simplified configuration of chassis features.
-
FXOS CLI—Provides command-based interface for configuring features, monitoring chassis status, and accessing advanced troubleshooting features.
-
FXOS REST API—Allows users to programmatically configure and manage their chassis.
What's New
New Features in FXOS 2.2.2.137
Cisco FXOS 2.2.2.137 introduces the following new features in addition to the features included in earlier releases:
-
Fixes for various problems (see Resolved Bugs in FXOS 2.2.2.137).
New Features in FXOS 2.2.2.101
Cisco FXOS 2.2.2.101 introduces the following new features in addition to the features included in earlier releases:
-
Fixes for various problems (see Resolved Bugs in FXOS 2.2.2.101).
New Features in FXOS 2.2.2.97
Cisco FXOS 2.2.2.97 introduces the following new features in addition to the features included in earlier releases:
-
Fixes for various problems (see Resolved Bugs in FXOS 2.2.2.97).
New Features in FXOS 2.2.2.91
Cisco FXOS 2.2.2.91 introduces the following new features in addition to the features included in earlier releases:
-
Fixes for various problems (see Resolved Bugs in FXOS 2.2.2.91).
New Features in FXOS 2.2.2.86
Cisco FXOS 2.2.2.86 introduces the following new features in addition to the features included in earlier releases:
-
Fixes for various problems (see Resolved Bugs in FXOS 2.2.2.86).
New Features in FXOS 2.2.2.83
Cisco FXOS 2.2.2.83 introduces the following new features in addition to the features included in earlier releases:
-
Fixes for various problems (see Resolved Bugs in FXOS 2.2.2.83).
New Features in FXOS 2.2.2.71
Cisco FXOS 2.2.2.71 introduces the following new features in addition to the features included in earlier releases:
-
Fixes for various problems (see Resolved Bugs in FXOS 2.2.2.71).
New Features in FXOS 2.2.2.60
Cisco FXOS 2.2.2.60 introduces the following new features in addition to the features included in earlier releases:
-
Fixes for various problems (see Resolved Bugs in FXOS 2.2.2.60).
New Features in FXOS 2.2.2.54
Cisco FXOS 2.2.2.54 introduces the following new features in addition to the features included in earlier releases:
-
Fixes for various problems (see Resolved Bugs in FXOS 2.2.2.54).
New Features in FXOS 2.2.2.28
Cisco FXOS 2.2.2.28 introduces the following new features in addition to the features included in earlier releases:
-
Fixes for various problems (see Resolved Bugs in FXOS 2.2.2.28).
New Features in FXOS 2.2.2.26
Cisco FXOS 2.2.2.26 introduces the following new features in addition to the features included in earlier releases:
-
Fixes for various problems (see Resolved Bugs in FXOS 2.2.2.26).
New Features in FXOS 2.2.2.24
Cisco FXOS 2.2.2.24 introduces the following new features in addition to the features included in earlier releases:
-
Fixes for various problems (see Resolved Bugs in FXOS 2.2.2.24).
New Features in FXOS 2.2.2.19
Cisco FXOS 2.2.2.19 introduces the following new features in addition to the features included in earlier releases:
-
Fixes for various problems (see Resolved Bugs in FXOS 2.2.2.19).
New Features in FXOS 2.2.2.17
Cisco FXOS 2.2.2.17 introduces the following new features:
-
Support for FTD 6.2.2.
-
Support for ASA 9.8(2).
-
Fixes for various problems (see Resolved Bugs in FXOS 2.2.2.17).
Software Download
You can download software images for FXOS and supported applications from one of the following URLs:
-
Firepower 9300 — https://software.cisco.com/download/type.html?mdfid=286287252
-
Firepower 4100 — https://software.cisco.com/download/navigator.html?mdfid=286305164
For information about the applications that are supported on a specific version of FXOS, see the Cisco FXOS Compatibility guide at this URL:
https://www.cisco.com/c/en/us/td/docs/security/firepower/fxos/compatibility/fxos-compatibility.html
Important Notes
-
When you configure Radware DefensePro (vDP) in a service chain on a currently running Firepower Threat Defense application on a Firepower 4110 or 4120 device, the installation fails with a fault alarm. As a workaround, stop the Firepower Threat Defense application instance before installing the Radware DefensePro application. Note that this issue and workaround apply to all supported releases of Radware DefensePro service chaining with Firepower Threat Defense on Firepower 4110 and 4120 devices.
-
Firmware Upgrade—We recommend upgrading your Firepower 4100/9300 security appliance with the latest firmware. For information about how to install a firmware update and the fixes included in each update, see https://www.cisco.com/c/en/us/td/docs/security/firepower/fxos/firmware-upgrade/fxos-firmware-upgrade.html.
Adapter Bootloader Upgrade
FXOS 2.2(2) contains additional testing to verify the security module adapters on your security appliance. After installing FXOS 2.2.2.17 or later, you might receive the following critical fault on your security appliance indicating that you should update the firmware for your security module adapter:
Critical F1715 2017-05-11T11:43:33.121 339561 Adapter 1 on Security Module 1 requires a critical firmware upgrade. Please see Adapter Bootloader Upgrade instructions in the FXOS Release Notes posted with this release.
If you receive the above message, use the following procedure to update the boot image for your adapter:
-
Connect to the FXOS CLI on your Firepower security appliance. For instructions, see the “Accessing the FXOS CLI” topic in the Cisco FXOS CLI Configuration Guide or the Cisco FXOS Firepower Chassis Manager Configuration Guide (see Related Documentation).
-
Enter the adapter mode for the adapter whose boot image you are updating:
fxos-chassis# scope adapter 1/security_module_number/adapter_number
-
Enter show image to view the available adapter images and to verify that fxos-m83-8p40-cruzboot.4.0.1.62.bin is available to be installed:
fxos-chassis /chassis/server/adapter # show image Name Type Version --------------------------------------------- -------------------- ------- fxos-m83-8p40-cruzboot.4.0.1.62.bin Adapter Boot 4.0(1.62) fxos-m83-8p40-vic.4.0.1.51.gbin Adapter 4.0(1.51) -
Enter update boot-loader to update the adapter boot image to version 4.0.1.62:
fxos-chassis /chassis/server/adapter # update boot-loader 4.0(1.62) Warning: Please DO NOT reboot blade or chassis during upgrade, otherwise, it may cause adapter to become UNUSABLE! After upgrade has completed, blade will be power cycled automatically fxos-chassis /chassis/server/adapter* # commit-buffer -
Enter show boot-update status to monitor the update status:
fxos-chassis /chassis/server/adapter # show boot-update status State: Updating fxos-chassis /chassis/server/adapter # show boot-update status State: Ready -
Enter show version detail to verify that the update was successful:
Note
Your show version detail output might differ from the following example. However, verify that Bootloader-Update-Status is “Ready” and that Bootloader-Vers is 4.0(1.62).
fxos-chassis /chassis/server/adapter # show version detail Adapter 1: Running-Vers: 5.2(1.2) Package-Vers: 2.2(2.17) Update-Status: Ready Activate-Status: Ready Bootloader-Update-Status: Ready Startup-Vers: 5.2(1.2) Backup-Vers: 5.0(1.2) Bootloader-Vers: 4.0(1.62)
System Requirements
You can access the Firepower Chassis Manager using the following browsers:
-
Mozilla Firefox—Version 42 and later
-
Google Chrome—Version 47 and later
-
Microsoft Internet Explorer—Version 11 and later
We tested FXOS 2.2(2) using Mozilla Firefox version 42, Google Chrome version 47, and Internet Explorer version 11. We anticipate that future versions of these browsers will also work. However, if you experience any browser-related issues, we suggest you revert to one of the tested versions.
Upgrade Instructions
For complete information on how to upgrade FXOS on your Firepower 4100/9300 device, see the Cisco Firepower 4100/9300 Upgrade Guide.
Note |
Downgrade of FXOS images is not officially supported. The only Cisco-supported method of downgrading an image version of FXOS is to perform a complete re-image of the device. |
Open and Resolved Bugs
The open and resolved bugs for this release are accessible through the Cisco Bug Search Tool. This web-based tool provides you with access to the Cisco bug tracking system, which maintains information about bugs and vulnerabilities in this product and other Cisco hardware and software products.
Note |
You must have a Cisco.com account to log in and access the Cisco Bug Search Tool. If you do not have one, you can register for an account. |
For more information about the Cisco Bug Search Tool, see the Bug Search Tool Help & FAQ.
Open Bugs
The following table lists the open bugs affecting FXOS 2.2.2.
| Identifier | Description |
|---|---|
| CSCus73654 | ASA do not mark management-only for the mgmt interface assign by LD |
| CSCuu33739 | Physical interface speeds in port-channel are incorrect |
| CSCuu50615 | Onbox Chassis Manager: Unsupported timezones listed on Onbox |
| CSCuw31077 | Filter applied to a interface should be validated |
| CSCuw81066 | Error should be thrown while enabling a session above the disk space |
| CSCux37821 | Platform settings auth the order field shows only lowest-available |
| CSCux63101 | All memory(s) under Memory array shows as unknown in operable column |
| CSCux76704 | Mysterious “>>” box under logical device save box with no pull-down info |
| CSCux77947 | Pcap file size not updated properly when data sent at high rate |
| CSCux98517 | Un-decorating data port for VDP should be allowed from Chassis Manager |
| CSCuy21573 | Chassis Manager: Sorting Broken in Updates Page |
| CSCuy31784 | Images are not listed after a delete when filter is used |
| CSCuy98317 | Unable to soft dissociate intf from LD, if LD name has - |
| CSCuz93180 | AAA LDAP configuration does not preserve information if validation fails |
| CSCva86452 | link flap on switch connected to 10G and 40G SR FTW card on power off |
| CSCvb65011 | EntityPhysical MIB has the Sup serial number for the chassis |
| CSCvc03494 | Radware vDP cannot be added into APSolute Vision. As a workaround, you must manually download the device driver and install it into Vision. |
| CSCvc14775 | App-instance stuck at Not Responding if downgraded from FXOS 2.0.1.86 + ASA 9.6.2 to FXOS 1.1.4.140 |
| CSCvc16980 | For CSP image integrity, the Validation State for the FXOS images should be shown as “None” initially |
| CSCvc44522 | Log Capacity on Management controller Server1/1 is very low Warning |
| CSCvd48719 | FTD logical device not allowing user to provide FMC hostname instead of ip |
| CSCvd90177 | Blade went to fault state after doing a MIO reload on QP-D with FXOS 2.2.1.57 |
Resolved Bugs in FXOS 2.2.2.149
The following table lists the previously release-noted and customer-found defects that were resolved in FXOS 2.2.2.149:
| Identifier | Description |
|---|---|
|
Lasso SAML Implementation Vulnerability Affecting Cisco Products: June 2021 |
Resolved Bugs in FXOS 2.2.2.148
The following table lists the previously release-noted and customer-found defects that were resolved in FXOS 2.2.2.148:
| Identifier | Description |
|---|---|
|
Cisco FXOS and NX-OS Software UDLD DoS and Arbitrary Code Execution Vulnerability |
|
|
Cisco FXOS and NX-OS Software UDLD DoS and Arbitrary Code Execution Vulnerability |
|
|
QuoVadis root CA decommission on Firepower 9300/4100 Supervisor |
|
|
\"System does not allow more than 16 TPs\" on 2.3.1.213 |
|
|
MIO SSD firmware upgrade failed for 2.2(2.147) release and device went in reboot loop |
|
|
Graceful shut down does not work on chassis where blade is removed and not acknowledged |
|
|
Make sure MIO reboot in case of firmware upgrade is graceful |
|
|
Cisco FXOS and NX-OS Software UDLD DoS and Arbitrary Code Execution Vulnerability |
|
|
MIO SSD upgraded to wrong firmware version |
|
|
Need to support firmware upgrade for SSD in FXOS |
Resolved Bugs in FXOS 2.2.2.137
The following table lists the previously release-noted and customer-found defects that were resolved in FXOS 2.2.2.137:
| Identifier | Description |
|---|---|
| CSCvf70494 | Suprise removal/reinsert of EPM or delete/create of PO might cause traffic to fail |
|
FXOS is increasing LACP "sent" counters when PortChannel is not attached to a logical device |
|
|
FCM: Fault is throwing error "retry later" while acknowledge |
|
| CSCvi48404 | Firepower Chassis Reloads due to License Manager |
|
FXOS: copy command should allow for wildcards to transfer multiple files |
|
| CSCvn99658 | FXOS lacp related logs pktmgr.out and lacp.out grows too large |
| CSCvp35769 | [ciam] Apache HTTP Server URL Normalization Denial of Service Vulnerability |
|
Firepower 41xx - LLDP is disabled on back plane port |
|
| CSCvq17910 | Multicast MAC not programmed on chassis upon app reboot or cluster rejoin |
| CSCvq19641 | Evaluation of Firepower 4k/9k Supervisor for TCP_SACK |
| CSCvr24920 | FPR-4110: FXOS CLI crash in feature-mgr process |
| CSCvr37151 | Cisco FXOS and NX-OS CDP Arbitrary Code Execution and DoS Vulnerability |
|
FPR-4100: FXOS CLI crash with fwm hap reset |
|
|
DME process crash due to memory leak on Firepower 4100/9300 |
Resolved Bugs in FXOS 2.2.2.101
The following table lists the previously release-noted and customer-found defects that were resolved in FXOS 2.2.2.101:
| Identifier | Description |
|---|---|
| CSCvn36413 | upgrade-recovery corner case for specific versioning format/naming |
| CSCvo44171 | Firepower version 2.2.2.86 reloads due to License Manager with abnormal auth renewal each 30 sec |
| CSCvo64091 | SSP:Cluster Slave FTD Provisioning failing because "Required external ports not available" |
| CSCvo75349 | FXOS Blade CRUZ FW coredump due to a memory corruption |
| CSCvo93924 | FTD may not become online after installing vDP |
| CSCvp15176 | Apps installed on firepower devices may report comm failure and assume itself as active/master. |
| CSCvp21561 | Cruz Adaptor crash due to kernel patch incompatible with cruz kernel version |
| CSCvp40260 | Prevent STP and FC frames from being sent to SUP CPU |
Resolved Bugs in FXOS 2.2.2.97
The following table lists the previously release-noted and customer-found defects that were resolved in FXOS 2.2.2.97:
| Identifier | Description |
|---|---|
| CSCvk26936 | Graceful shutdown is not working as expected |
| CSCvn46577 | Some SSH sessions to FXOS are not timed out by absolute/session timeout |
| CSCvn64163 | ASA's fail to reboot after power cycle if disk is FSCK'd |
| CSCvn77641 | SSP fail to wire ports cannot recover |
| CSCvn78014 | Graceful shutdown is not working on data port. |
| CSCvn78653 | Upgrading the FXOS from 2.3.1.73 to 2.4.1.214, FXOS shows a warnning about incompatibility |
| CSCvn90677 | During FTD install, setting the disk partition size can silently fail |
| CSCvn90701 | Errors that occur during FTD install are not logged |
| CSCvo08432 | Logs are not being compressed currently leading to very large log files and disk space consumption |
| CSCvo28623 | ssp_admin_status.sh detects left over metadata json file after failed upgrade |
| CSCvo28634 | MIO reports incorrect status to the app-instance |
| CSCvo56243 | FPR9300: 100G port-channel bandwidth does not propagate correctly from FXOS to ASA in release 222 |
Resolved Bugs in FXOS 2.2.2.91
The following table lists the previously release-noted and customer-found defects that were resolved in FXOS 2.2.2.91:
| Identifier | Description |
|---|---|
| CSCvn17833 / CSCvj98499 | Linux Kernel cdrom_ioctl_media_changed Function Kernel Memory Read Vul |
Resolved Bugs in FXOS 2.2.2.86
The following table lists the previously release-noted and customer-found defects that were resolved in FXOS 2.2.2.86:
| Identifier | Description |
|---|---|
| CSCvf97337 | Chassis manger show configuration button broken |
| CSCvm73853 | Firepower Chassis Reloads on License Manager running in FXOS 2.2.2.26 |
| CSCvn23221 | Cruz ASIC crash due to ecpumgr assertion panic |
Resolved Bugs in FXOS 2.2.2.83
The following table lists the previously release-noted and customer-found defects that were resolved in FXOS 2.2.2.83:
| Identifier | Description |
|---|---|
| CSCvi87967 | Radius/TACACS shared key should not be enforced to a minimum of characters. |
| CSCvj54937 | FCM GUI, NTP status Unreachable/Invalid when using NTP domain which resolves to multiple IP. |
| CSCvj77506 | FXOS: Interface counters might report incorrect values for packets,bytes and rates |
| CSCvj85155 | Pre-login banner gets deleted on 4100 and 9300 Chassis Manager |
| CSCvj87632 | chassis memory leak while handling bad xml content (SMA sent bad xml format to serviceOrchAG) |
| CSCvk25776 | Prevent situations like failover split brain and shutdown blade completely if one Cruz fails |
| CSCvk42561 | BEMS841608 : MIO crash when packet capture is started from FCM. |
| CSCvk48580 | FXOS : Disable LLDP |
| CSCvk76146 | Few devices /ngfw partition on 41xx shows 39GB whereas other shows 100 GB |
| CSCvm81014 | FP9300/FP4100 Smart Licensing - Unable to register FXOS devices Smart Licensing |
Resolved Bugs in FXOS 2.2.2.71
The following table lists the previously release-noted and customer-found defects that were resolved in FXOS 2.2.2.71:
| Identifier | Description |
|---|---|
| CSCvf81997 | QP backplane went down after repeating cluster bundle/de-bundle |
| CSCvg49225 | Canceling scheduled FXOS upgrade does not clear the event |
| CSCvg72175 | SNMP trap hosts defined by hostname aren't propagated to FXOS configuration |
| CSCvg75738 | JPC 10G 7m active copper cable failed to establish link on 10G EPM port after chassis was rebooted |
| CSCvh66227 | QP: After disk failure, ASA leaves and rejoins cluster repeatedly |
| CSCvi47523 | SSP-NTP: ssp-ntp script monitoring script enhancements for XRU, KP |
| CSCvi58843 | Increase system resiliency when sam.config is not accessible |
| CSCvi80806 | FP9300 unexpected reload due to service \"lldp\" hap failure |
| CSCvj06273 | IN ASA-CI DME core files are seen after downgrading from 92.4.1.2721 to 2.0.1.199 Fxos |
| CSCvj07879 | Firepower (FP) 9300 Chassis goes into unstable state when issued a \"shutdown\" from the GUI |
| CSCvj09999 | SNMPv3 polling from certain NMS doesn't work with privacy enabled for the snmpv3 user |
| CSCvj66002 | devcmd error messages are shown in the logs |
| CSCvk19056 | Cruz adapter kernel panic at sock_poll |
| CSCvk25751 | Cruz mcp crash with dcem-linkstats command |
| CSCvk25762 | Cruz adapter doesn't recover after the crash |
| CSCvk27410 | cruz kernel corefiles lost after transferred to MIO |
Resolved Bugs in FXOS 2.2.2.60
The following table lists the previously release-noted and customer-found defects that were resolved in FXOS 2.2.2.60:
| Identifier | Description |
|---|---|
| CSCvg03807 | Apache HTTP Server Options Request Processing Information Disclosure Vulnerability |
| CSCvi61729 | Error writing nvram:/startup-config (No space left on device) |
| CSCvi93470 | FXOS brings up port-channel prior to logical device |
| CSCvj07877 | syslog messages logfile is not rotated properly |
Resolved Bugs in FXOS 2.2.2.54
The following table lists the previously release-noted and customer-found defects that were resolved in FXOS 2.2.2.54:
| Identifier | Description |
|---|---|
| CSCvf18549 | Need to port parent fix CSCvc53424 to SSP |
| CSCvg24820 | ASA app-instance running 9.6.1 is disabled when upgrading from 2.0(1.37) to 2.0(1.149) |
| CSCvg72259 | Disabling and re-enabling SNMP via GUI wipes out all the users auth and privacy hashes from FXOS CLI |
| CSCvg72324 | Creating users while SNMP is disabled is allowed and ends in misbehaviors once enabled via GUI |
| CSCvh21120 | Clustering configuration on the chassis is missing or incomplete; clustering is disable |
| CSCvh31289 | App-instance in NOT_INSTALLED state is allowed to be deleted when logical device is present for it. |
| CSCvh51597 | Option to include domain name / FQDN in system name when queried by SNMP |
| CSCvh52142 | Do not block users' change on FTD's startup version |
| CSCvh60428 | FXOS upgrade from 2.2.1.66 to 2.2.2 or 2.3.1 hangs at fabric-interconnect Failed until reboot. |
| CSCvh71878 | aaaRole operation priv occasionally sees 'operations' causing import to fail |
| CSCvh75946 | App-instance should be enabled if it was mistakenly disabled by blacklist in old bundle |
| CSCvh91287 | Adjust minimum fan PWM on thermal policy |
| CSCvh96609 | BGP peering flaps during cluster upgrade |
| CSCvi05189 | FPR4100/9300:Adapter uplink interface on security module showing link state unavailable |
Resolved Bugs in FXOS 2.2.2.28
The following table lists the previously release-noted and customer-found defects that were resolved in FXOS 2.2.2.28:
| Identifier | Description |
|---|---|
| CSCve93880 | Cisco FX-OS and NX-OS System Software CLI Command Injection Vulnerability |
| CSCvf60078 | Cisco UCS Mngr, Cisco Firepower 4100 Series NGFW, & Cisco Firepower 9300 Series Devices Cmd Inj Vuln |
| CSCvg22203 | Evaluation of pix-asa for Dnsmasq October 2017 vulnerabilities |
| CSCvg59491 | Etherchannel between FXOS chassis may get stuck in \"Suspended\" state after reloading simultaneously |
| CSCvg87702 | Unable to copy images using scp from switch boot |
| CSCuw44001 | Address CIAM CVE-2015-5621 in Net-SNMP Master Agent |
| CSCve17075 | Include /dev/mtd0 in fprm detail tech-support |
| CSCvf79289 | FCM Export Configuration doesn't download XML file on IE11 |
| CSCvg02469 | Prevent potential Assertion core for empty CRL filename |
| CSCvg07539 | New QP Intel SSD was not displayed properly |
| CSCvg15516 | Evaluate Red Hat Linux CVE-2017-1000253 Vulnerability |
| CSCvg15519 | Evaluate Red Hat Linux CVE-2017-1000253 Vulnerability |
| CSCvg72204 | SNMPv3 users created for noauth aren't present in FXOS CLI config, only at scope monitoring and GUI |
| CSCvg12566 | Inconsistent reporting on Management Interface for SNMP Queries |
| CSCvg87518 | Ethanalyzer command on FX-OS prompts for password when tacacs authentication is enabled |
| CSCvg29876 | FXOS: Change FSM:FAILED fault severity from Critical to Info |
Resolved Bugs in FXOS 2.2.2.26
The following table lists the previously release-noted and customer-found defects that were resolved in FXOS 2.2.2.26:
| Identifier | Description |
|---|---|
| CSCvg03555 | When multiple NTP servers are configured, NTP status becomes unreachable/invalid |
| CSCvg81822 | FXOS NTP Client chooses IPv4 over Ipv6 when Dual Stack Server Resolution is returned |
| CSCvg81882 | Utilizing FQDN for IPv6 NTP Server causes false "Unreachable or Invalid" state |
Resolved Bugs in FXOS 2.2.2.24
The following table lists the previously release-noted and customer-found defects that were resolved in FXOS 2.2.2.24:
| Identifier | Description |
|---|---|
| CSCvd27726 | FPR4100 Chassis Manager and CLI still shows the presence of SSD even after removal |
| CSCvd63389 | FXOS may show thermal condition due to loss of connectivity with blade |
| CSCve03660 | Cisco FXOS and NX-OS Authentication, Authorization, and Accounting Denial of Service Vulnerability |
| CSCve85027 | QP-A-STS 92.3.1.2119 failed to downgrade baseline - 'Oper State: In Progress' in 'show detail' o/p |
| CSCve97137 | Apache HTTP Server ap_get_basic_auth_pw() Authentication Bypass Vulnerability |
| CSCvf60220 | Mgmt interface nameif “Diagnostic” getting removed after swapping mgmt interface from LD |
| CSCvf71673 | FP2100 Bandwidth values wrong for port-channel interface |
| CSCvf91479 | Sumitomo 100G LR4 QSFP crashed during EDVT cold corner boot cycle |
| CSCvf95185 | FXOS - Unable to clear SSH host key in local-mgmt CLI |
| CSCvg00589 | FPR4100/9300: FTW feature failing when MIO shuts down/rebooted causing packet loss. |
| CSCvg18454 | MIO does not boot from rommon during recovery process |
| CSCvg19034 | FP9300 unexpected reload due to service "pfma" hap |
| CSCvg25443 | FTD App Instance goes unresponsive after NTP synchronisation completes on FXOS |
| CSCvg27182 | Evaluation of FXOS for Apache/Struts related vulnerabilities |
| CSCvg34848 | NTP Server information not loading when using FQDN for ipv6 |
| CSCvg40142 | ASA Inter-cluster slave blades fail to come online after downgrade CSP from 9.7.1.4 to 9.6.3.1 |
| CSCvg43424 | App-Instance failed to install on BS module 1 FXOS 2.2.2.20, ASA 9.8.2.8 |
| CSCvg54622 | KP-HA:Secondary shows as “Unknown” and Deployment fails after that. |
Resolved Bugs in FXOS 2.2.2.19
The following table lists the previously release-noted and customer-found defects that were resolved in FXOS 2.2.2.19:
| Identifier | Description |
|---|---|
| CSCvd06442 | Deleting SNMPv3 user should be rejected |
| CSCvd25253 | Bootup MIO with ASA running but FTW pairs in bypass mode |
| CSCvd70434 | Validation error in chassis manager when assigning data int to logical device that was a mgmt int |
| CSCve07152 | CRL must be signed by certificate containing cRLSign key usage |
| CSCve26753 | Upon logging into FP with different user other than admin, some show CLI commands fail |
| CSCve56216 | SNMP sysDescr missing software type and version |
| CSCve70132 | Watford and Harlesden showing deprecated OIDs in BS/QP |
| CSCve97422 | Remote Error Code is not correct for Signature Validation failure |
| CSCvf02982 | xml file import failure occur when between Port-channel and ASA or FTD are associated. |
| CSCvf20973 | 40G LOROM 4M copper cable displayed as "QSFP 40G CR4" in show inventory expand detail |
| CSCvf31037 | ipmi is not supported for KP |
| CSCvf36828 | Service manager should support deleting mgmt. port link and re-creating it in a single transaction. |
| CSCvf46372 | Evaluation for the vulnerabilities CVE-2017-1000364 and CVE-2017-1000366 |
| CSCvf46869 | System crash with snm hap reset |
| CSCvf54485 | FXOS: FTW 1G EPM packets with frame size greater than 1554 is getting dropped. |
| CSCvf65919 | FP9300 chassis running fxos 2.1.1.73 reloaded due to license manager service. |
| CSCvf68274 | FP2100 warning message displayed when upgrading ASA bundle is incorrect |
| CSCvf70505 | FPR Chassis manager continues contacting previous TACACS server configured after it is deleted. |
| CSCvf72423 | CSP image download fails while trying via FTP |
| CSCvf73138 | SL: Port smart agent fix for smart agent race condition issue |
| CSCvf95068 | Upgrade to ASA might have a mismatch version after reboot |
Resolved Bugs in FXOS 2.2.2.17
The following table lists the previously release-noted and customer-found defects that were resolved in FXOS 2.2.2.17:
| Identifier | Description |
|---|---|
| CSCvd32155 | FPR Network Modules returning the wrong vendorequipmenttype |
| CSCvd35471 | App stuck in “Installing” after MIO reboot due to time is set back for 7hr |
| CSCvd58911 | Chassis reboots while copying large (5GB) files to /bootflash |
| CSCvd66066 | FXOS inconsistent behaviour when setting the hostname |
| CSCvd75663 | Help files not loading when we click on ? mark |
| CSCvd88338 | Switch configuration failed - Error: unknown - delete Ipmc ipmc-group 5 |
| CSCvd89895 | FP4100 FXOS 2.1.1.73 ecmp-groups to "del" state intermittently after link shut/unshut |
| CSCvd91049 | Image loading taking more time when downgrading |
| CSCvd98034 | Seeing error message in the output for STS ethanalyzer testcase in clapton image 92.2.1.2016 |
| CSCve02820 | Damaged EPM resistor causes chassis reboot after SFP/QSFP OIR |
| CSCve14981 | FPR4100: insufficient max memory for appAG |
| CSCve16011 | ASA Install Failed with Error message "CSP reached max-app-limit -Install Rejected" |
| CSCve34729 | ASA interfaces may stop passing traffic after ASA reload with FIPS mode enabled |
| CSCve40222 | FCM: SSH encryption and mac algorithms change in Debden |
| CSCve58269 | NTP: change v2 to v3 |
| CSCve58356 | HA isn't working after the initial KP ASA image installation |
| CSCve95234 | Unable to collect blade logs. Support send_diag_archive' command failed |
| CSCvf07255 | Application is not coming up after powering the chassis "off" and then "on" |
| CSCvf12326 | Failed Auth renewal causing Smart License to deregister unexpectedly |
| CSCvf14733 | NTP server status does not show correctly for IPv6 |
| CSCvf35263 | Port Manager Debug File portmgr.out contains incomplete Timestamps |
Related Documentation
For additional information on the Firepower 9300 or 4100 series security appliance and FXOS, see Navigating the Cisco FXOS Documentation.
Online Resources
Cisco provides online resources to download documentation, software, and tools, to query bugs, and to open service requests. Use these resources to install and configure Firepower software and to troubleshoot and resolve technical issues.
-
Cisco Support & Download site: https://www.cisco.com/c/en/us/support/index.html
-
Cisco Bug Search Tool: https://tools.cisco.com/bugsearch/
-
Cisco Notification Service: https://www.cisco.com/cisco/support/notifications.html
Access to most tools on the Cisco Support & Download site requires a Cisco.com user ID and password.
Contact Cisco
If you cannot resolve an issue using the online resources listed above, contact Cisco TAC:
-
Email Cisco TAC: tac@cisco.com
-
Call Cisco TAC (North America): 1.408.526.7209 or 1.800.553.2447
-
Call Cisco TAC (worldwide): Cisco Worldwide Support Contacts
Communications, Services, and Additional Information
-
To receive timely, relevant information from Cisco, sign up at Cisco Profile Manager.
-
To get the business impact you’re looking for with the technologies that matter, visit Cisco Services.
-
To submit a service request, visit Cisco Support.
-
To discover and browse secure, validated enterprise-class apps, products, solutions and services, visit Cisco Marketplace.
-
To obtain general networking, training, and certification titles, visit Cisco Press.
-
To find warranty information for a specific product or product family, access Cisco Warranty Finder.
Feedback