Cisco
ASA Interim Release Notes
The software
images listed below are Interim releases.
They contain bug fixes which address specific
issues found since the last Feature or Maintenance release. The images are fully supported by Cisco TAC and
will remain on the download site only until the next Maintenance release is
available. If you do not have a specific problem which
is resolved by an Interim release, we recommend that you use the Feature or
Maintenance release images.
Important: These images were not fully regression
tested. Each individual fix was unit
tested, and the image has had a limited amount of automated regression testing
to confirm a baseline of functionality.
Keep this testing status in mind if you decide to run them in a
production environment. We strongly
encourage you to upgrade to a fully tested Maintenance or Feature release when
it becomes available.
Revision: Version 9.2(2)8 – 10/10/2014
Files: asa922-8-smp-k8.bin
Defects resolved since 9.2(2)4:
vpn-sessiondb detail missing
Filter Name after IKEv1 rekey |
|||||
Arsenal:twice NAT with service
type ftp not working. |
|||||
WebVPN portal DOM based Cross-Site-Scripting Issue |
|||||
new operator is rewritten incorrectly when used for function from
object |
|||||
Wrong IP is displayed in buffered logging of ASA-6-737015 |
|||||
ASA Webvpn CIFS vnode_create:
VNODE ALLOCATION LIMIT 100000 REACHED! |
|||||
traffic does not match time-rang access-list configured with policy-maps |
|||||
SSH timeout on ASA |
|||||
negation of host-group and host command not allowed with encryption |
|||||
ASA stops decrypting certain L2L traffic after working for some
time |
|||||
ASA WebVPN Memory leak leading to
Blank Portal Page/AnyConnect failure |
|||||
ENH: Add "speed nonegotiate"
command for fiber interfaces on ASA5585 |
|||||
ASA allows IKEv1 clients to bypass address assignment, causing
conflict |
|||||
ASA with CX module crashes with http traffic inspection |
|||||
Traceback in Thread Name: ssh_init |
|||||
When ACL optimization is enabled, wrong rules get deleted |
|||||
ASA tmatch_summary_alloc block leak in
binsize 1024 |
|||||
webvpn jscript post to wrong URL - ASA FQDN same as server FQDN |
|||||
Cisco ASA SSL VPN Portal
Customization Integrity Vulnerability |
|
||||
ASA Traceback in Thread name:
ci/console while modifying an object-group |
|
||||
"no speed nonegotiate"
command in ASA 5580 running 9.1.5 in show run |
|||||
ASA - Traceback in DATAPATH-0-1275 |
|||||
ASA traceback in thread name idfw_adagent |
|||||
Cisco ASA SharePoint RAMFS Integrity and Lua
Injection Vulnerability |
|||||
ASA: Traceback Page Fault in vpnfol_thread_msg on Standby ASA |
|||||
ASA with ACL optimization crashing in "fover_parse"
thread |
|||||
ASA: BGP not performing outbound route-filtering |
|||||
Flowcontrol feature broken on Benetton with 4GE SSM card |
|||||
Personal bookmarks get deleted with ASA in Active/Standby
failover |
|||||
ASA SSLVPN Citrix plugin not starting java.lang.ClassNotFoundException |
|||||
ASA crashes with Page Fault with multiple configuration sessions |
|||||
ASA failover standby device reboots due to delays in config replication |
|||||
ASA Smart Call does not hide IPv6 addresses for ND |
|||||
IPv4 ACLs not working after merging IPv4 and IPv6 ACLs by
upgrading |
|||||
ASA : Failover descriptor does not change after reconfiguring VLAN |
|||||
accounting not per rfc in dual factor auth case |
|||||
SNMP: Power supply OIDs missing if no power input on 5500-X |
|||||
ASA providing inaccurate Tunnel count to ASDM |
|||||
ASA drops DNS PTR Reply w/ reason Label length exceeded during
rewrite |
|||||
IPsecOverNatT tunnel disappears after ASA failovers |
|||||
Smart Tunnels Spawn "UNKNOWN Publisher" Warning w/Java
7 Update 60 |
|||||
Using "?" to list files in directory with thousands of
files causing hog |
|||||
Show memory app-cache command shows incorrect bytes if more than
2^32 |
|||||
vbscript getting caught in
loop when passing thru ASA WebVPN Rewriter |
|||||
Using ASA 9.2.1, Anyconnect weblaunch fails with URL-list in DAP |
|||||
Local pool address not released -> Duplicate local pool
address found |
|||||
SCP copy generates syslog 769004 with password in it |
|||||
traceback in thread name: netfs_thread_init |
|||||
WebVPN HTML Style "Overflow:Hidden"
Breaks Custom Logon Pages |
|||||
ASA - Traceback in thread name SSH
while changing NAT configuration |
|||||
Cisco ASA VPN Failover Commands Injection Vulnerability |
|||||
WebVPN: Rewriter issue with PATHIX Inspection Database |
|||||
Cisco ASA SSL VPN Info Disclosure and DoS
Vulnerability |
|||||
Double Free when processing DTLS packets |
|||||
OpenSSL Zero-Length Fragments DTLS Memory Leak Denial of Service Vuln |
|||||
Webvpn: Support for XFRAME in additional portal and CSD pages |
|||||
Cisco ASA Failover IPSEC does not encrypt failover link |
|||||
ASA : timeout floating-conn not working when PPPoE
is configured |
|||||
ASA 9.2 : Static Null route not
redistributed over EIGRP to neighbors |
|||||
ASA Radius Access-Request contains both User-Password and
CHAP-Password |
|||||
ASA: EIGRP neighbor relationship flapping |
|||||
Cisco ASA VNMC Input Validation Vulnerability |
|||||
IPv6 tunneled route on link-local interfaces |
|||||
LDAP CLI: Quotes removed if ldap
attribute-map name has spaces |
|||||
ASA can use wrong trustpoint with
rekeyed CAs are cfg in trustpoints. |
|||||
with Anyconnect deflate compression ASA
gives ASA-3-722021 syslog |
|||||
ASA returns wrong content-length for cut-thru proxy
authentication page |
|||||
ASA tracebacks in Thread Name: ssh due to watchdog |
|||||
Incorrect content-length when maddr
present with URI in SIP message body |
|||||
Cisco ASA Software Version Information Disclosure Vulnerability |
|||||
ASA Cluster slave unit loses default route due to sla monitor |
|||||
ASA - 80 Byte memory block depletion |
|||||
ASA:Page fault traceback ACL FQDN Object-group |
|||||
ASA Cluster: IDFW traceback inThread Name: DATAPATH-3-132 |
|||||
Revision: Version 9.2(2)4 – 08/12/2014
Files: asa922-4-smp-k8.bin
Defects resolved since 9.2(2):
Traceback when using IDFW ACL's with VPN VPN
Filters |
|
5585-20 9.2.1 Traceback in Thread
Name: DATAPATH-1-1567 |
|
ASA NAT: Some NAT removed after upgrade from 8.6.1.5 to 9.x |
|
ASA allows to empty an access-list referenced elsewhere |
|
Windriver: Traceback during AnyConnect
IPv6 TLS TPS Test |
|
ASA AnyConnect failure or crash in SSL
Client compression with low mem |
|
show vpn load-balancing shows Public addr as Cluster IP addr for
Master |
|
Inconsistencies seen while sending warmstart
trap on reload |
|
Failover Standby unit has higher memory utilization |
|
ASA: Crash in DATAPATH |
|
Snmp-server hosts entries are lost when upgrading from 9.1(4) to
9.1(5) |
|
ASA: no auth prompt when accessing
internet website using ASA-CX |
|
ASA WebVPN: Script error when using
port-forwarding |
|
9.0(4)5 - Unable to access internal
site via clientless SSLVPN |
|
ASA SSLVPN Java plugins fail through proxy with Connection
Exception |
|
ASA WebVPN Rewriter: Custom HTTP
Headers Not Properly Rewritten |
|
L2TP/IPsec fragmentation change
causing ICMP-PMTU being sent |
|
show webvpn kcd
Error code 2 (ERROR_FILE_NOT_FOUND) |
|
ASA: Webvpn Clientless - certificate authentication
fails intermittently |
|
ASA - Traceback in thread name: sch_prompt anonymous reporting |
|
ASA traceback in Thread Name : Checkheaps when snmp config is cleared |
|
IKEv2 DPD is sent at an interval not correlating to the
specified value |
|
Multiple Vulnerabilities in OpenSSL -
June 2014 |
|
Jumbo frame calculations are incorrect or hard coded |
|
TCP intercept does not work after embryonic connection ends |
|
ASA Panic: CP Processing - ERROR: shrlock_join_domain |
|
ASA EIGRP does not reset hold time after receiving update |
|
ASA doesn't apply vpn-filter if group
policy is assigned by Cisco VSA 25 |
|
WebVPN Problem- icons missing, buttons not working |
|
SNMP: Unable to verify presence of second power supply in ASA
5545 |
|
ASA Traceback in Thread name:
ci/console while modifying an object-group |
|
ASA: Page fault traceback in DATAPATH
when DNS inspection is enabled |
|
ASA - Wrong object-group migration during upgrade from 8.2 |
|
ASA - Permitting/blocking traffic based on wrong IPs in ACL |
|
No syslogs for ASDM or clientless
access with blank username/password |
|
WebVPN: uploading customized portal.css breaks the portal login page |
|
ASA rewrites incorrect content-length in SIP message |
|
jumbo frame enabled will cause ASA5585-20 in boot loop from 9.3.0.101 |
|
Jumbo Frame is not support in the ASA558560 due to wrong bigphys size |