First Published: April 30, 2025

Introduction

This document contains the following information about Cisco Evolved Programmable Network Manager 7.1.4:

New functionality added

This release does not include any new functionality enhancements.

Important notes

Cisco EPN Manager software is distributed with all the components necessary for its optimized and secure operation, including the Red Hat Linux operating system and the Oracle database. All security-related configurations, regression testing, performance, and scalability metrics are based on the set of components and configurations included in the original Cisco EPN Manager software distribution. Cisco provides periodic EPN Manager software updates that can also contain necessary updates to the packages installed on the operating system or to the database.


Note

If any of the following changes are made to the original distributed Cisco EPN Manager software, Cisco will no longer support the operating environment:

  • Configuration changes to the software or operating system, or installation of other components that are not part of the original distribution.

  • Direct installation and application of third-party software on the Red Hat Linux operating system that is embedded within Cisco EPN Manager.

  • Application of updates or patches that are not provided by Cisco to individual Cisco EPN Manager components.

  • Changes to the internal Cisco EPN Manager settings that are not documented as modifiable in the Cisco EPN Manager User and Administrator Guide on Cisco.com, as these changes may weaken security, disable functionality, or degrade scalability and performance.

System Behavior and Functionality Updates

  • In Cisco EPN Manager 6.1 release, under Inventory > Other > Circuits,/VCs & Network Interfaces, the column order was retained and maintained as it was stored in the database. However, in Cisco EPN Manager 7.1 release, there has been a change in the storage mechanism for column order. The column order will now be stored in the browser session storage instead of the database. Therefore, any adjustments that are made to the column order will be applicable only for the current session and will not be permanently saved in the database.

Securing User Inputs to Prevent XSS Vulnerabilities

Cross-site Scripting (XSS) is a security vulnerability that allows attackers to inject malicious scripts into applications. These scripts can be used to steal information or perform other malicious actions. To safeguard the Cisco EPN Manager, it is crucial to avoid certain patterns in user input fields and POST/PUT payloads.

The following patterns have been identified as vulnerable and are blocked by the Cisco EPN Manager's XSS prevention feature. The Cisco EPN Manager will not execute the command or proceed to the next step if it finds these patterns; therefore, ensure they are not used in user inputs or API calls.

  • src=’…’ (multiline, case insensitive pattern): Avoid using src= followed by any text or newline within single quotes. For example, <img src='malicious_code'>.

  • src=”…” (multiline, case insensitive pattern): Avoid using src= followed by any text or newline within double quotes. For example, <img src="malicious_code">.

  • </script> (case insensitive pattern): Avoid using the closing script tag in any form.

  • <script…> (multiline, case insensitive pattern): Avoid using the opening script tag with any content inside.

  • eval(…) (multiline, case insensitive pattern): Avoid using the eval function in any context. For example, eval('malicious_code').

  • expression(…) (multiline, case insensitive pattern).

  • javascript: (case insensitive pattern): Avoid using javascript: protocol in any field.

  • vbscript: (case insensitive pattern): Avoid using vbscript: protocol.

  • onload…= (multiline, case insensitive pattern): Avoid using event handlers like onload in any of the fields.

  • <…> (multiline, case insensitive pattern).

  • <script…/script> (multiline, case insensitive pattern): Avoid any complete script tags with content.

Limited Scope of Specific Devices

  • The Cisco 8608-SYS and Cisco 8011-2X2XP4L platforms do not support provisioning and related use cases for any technology.

Upgrade Issues

  • FTP and TFTP are disabled by default.

  • Active Threshold Crossing Alarms (TCA) for temperature remain active and are not cleared automatically. Clear these alarms manually.

  • You must resync your devices to view ISIS links.

  • You must resync LDP-enabled devices to view LDP feature-related information.

  • You must recreate the TCAs for inbound/outbound errors and inbound/outbound discards in the Interface Health monitoring policy.

Limitations on Carrier Ethernet Circuit Provisioning

  • Promotion of services using the old probe name format is now supported. These probes are listed in the user interface with the appropriate standard OAM Profile name after promotion.

    • Sample profile: profile PM2_3_8_CoS5_DM type cfm-delay-measurement.

  • While custom profile names are supported in EPN Manager, modifying brownfield services with a different naming format deletes the existing custom profile and adds a new profile with a supported naming format.

  • Inventory models do not correctly display the profiles that are not associated to a service.

  • The validation limit for the number of profiles is 100. If you create a new SLA operation profile after 100 existing profiles, the device generates an error and deployment fails.

TLS 1.2 Required for Secured Channel Communication for HTTPS and TLS

Only Transport Layer Security (TLS) 1.2 is supported for HTTPS and TLS related secured communication, for example, RADIUS EAP-TLS.

Support for TLS 1.0, TLS 1.1, and all versions of SSL has been disabled due to security vulnerabilities.

This means that all peer systems and clients that transact with Cisco EPN Manager using HTTPS/TLS must support TLS 1.2. If they do not support TLS 1.2, you must upgrade these systems. Wherever possible, the Cisco EPN Manager documentation highlights the potentially affected systems. Contact your Cisco representative for support in this regard, if necessary.

Reconciliation Report Limitations

If you have not provided a value for an attribute while provisioning a service, the provisioned value for that attribute is displayed as “Missing” in the reconciliation report. The device may have a default value for this attribute, but Cisco EPN Manager does configure this value.

Limitations on Cisco ME 1200 Devices

The Y.1564 performance test does not work if the source/destination is a Cisco ME 1200 device.

Limitations on Cisco NCS 4200 Devices Running IOS-XE 16.8.1

The following functionalities do not work on Cisco NCS 4200 devices running IOS-XE 16.8.1:

  • Alarm profile

  • Configuration of SONET LOP and CT3 LOP from the GUI

  • Admin shut/no shut functionality on SONET/T1/T3 HOP/LOP

Limitations on Cisco NCS 540 and Cisco NCS 5500 devices

Cisco NCS 540 and Cisco NCS 5500 device series do not support Fault-OAM, Wrap-Protection, and BFD.

Use CLI Templates for Configuring PTP Commands

On ASR920 devices with software version 16.9.1, IEEE 1588-2008 BC/MC license is required to execute the 1588 PTP commands.

Configuration and Inventory Not Supported for PTP Templates

The behavior of modeling the configurations that are pushed through PTP templates may not work as expected because the model may not be in place for all the configurations that are pushed through PTP templates. Configuration/Inventory is not supported for these configurations.

Deprecation of Support for ONS 10.00.10, 10.01.00, 10.03.00

ONS 10.00.10, 10.01.00, 10.03.00 ONS 10.00.10, 10.01.00, and 10.03.00 are no longer supported on Cisco NCS 2002, Cisco NCS 2006, and Cisco NCS 2015 devices.

Data Center Device Lifecycle Support Only

Cisco EPN Manager provides essential support for a few selected UCS compute systems, Nexus series devices, and the CSR 1000v devices.

LINK_DOWN alarm on sub interfaces in Gig Port

LINK_DOWN alarms will not be generated when a link is down on subinterfaces in a Gig Port.

Resolved bugs in Cisco EPN Manager

For a list of bugs resolved in this release, refer the table below:
Bugs Description
CSCwk80658

EPNM 7.1.1 | Smart licensing gets de-registered after failover to Secondary server
CSCwo54071

Evaluation of Evolved Programmable Network Manager for Apache Tomcat RCE 2025 Vulnerabilty
CSCwf85011

SNMP Engine ID mismatch between snmp request from EPNM and devices
CSCwi03821

Several pages on System Setting menu not accessible
CSCwi76582

Y1731 statistics service API with circuit name not returning value and stuck in scaled setup
CSCwj10573

IE2000U device is using small license instead of generic
CSCwj30293

Discovering devices with SNMPv3 credentials are failing
CSCwj44653

Wildcard notation of IP addresses are blocked for SSH2 credentials in discovery settings
CSCwj74819

Can not create hairpin DS3 to OCx circuit via EPNM
CSCwk05102

new sub domains itdoesn't appear under virtual domain drop down
CSCwk42018

For IOS XR, static route ipaddress is missing, only interface exist to use in CLI templates
CSCwk54071

Modify of RT table entry is not saved for L3VPN unicast Profile
CSCwk66072

In Reports Time conversion doesn't happen properly
CSCwk71215

OMS link serviceability state is down when link and services up
CSCwk82623

Unable to register smart license while using http/https proxy
CSCwm01066

Framing type configuration for lower-order paths created through SONET-ACR controller grouping
CSCwm03161

EPNM Backup failed due to backup script failure
CSCwm04394

Secondary server Health Monitoring service is down due to thread leak
CSCwm40404

Missing links in EPNM MLT display for ODU UNI circuits
CSCwm55544

Source Routing Process not auto-filled if selecting device by double click for MPLS TE tunnel prov
CSCwm77165

Software Activation job stuck in IN_PROGRESS, reboot command not sent from EPNM for ASR 920-12SZ-IM
CSCwm82415

Failback process is failing with remove HA and db reset in primary
CSCwm98300

EPNM 7.1.1: Incorrect display of FAN operational status on C8300
CSCwm99493

EPNM 7.1: template deployment with port group selection not working
CSCwn87605

EPNM not purging CliTemplateDeployIOSDevices job history according to configured retention
CSCwn96710

EPNM 7.1.3: Notification policies are not editable with user privileges
CSCwo02943

customer TasteOS security scan reported CVE-2023-37920 and CVE-2018-12699
CSCwo12242

Radiusconnectivity check report Exception: Not a valid RADIUS Server
CSCwo28711

Manual clearing functionality for EPNM active alarms
CSCwj26633

Device sync failing with feature xde-l3vpn-mpbgp-inventory
CSCwj60714

Device sync failing with feature xde-l3vpn-mpbgp-inventory
CSCwj96202

Configuration Archive Collection Time is shown as \u201cNaN-undefined-0NaN NaN:NaN:NaN AM GNN\u201d
CSCwk23876

Incorrect IOS version displayed due to imageName parsing exception seen on ISR1K devices
CSCwk38328

Inventory sync for some devices is in a cww state due to a failure in the ifm_aclapp feature
CSCwk65679

Abort functionality in Switch Inventory is not working
CSCwk81150

EPNM OTDR scan page icons change to black background color after launching OTS link OTDR scan
CSCwm10694

EPNM 7.1 : Removing the Customize Data tab for SFP Port and Module Details
CSCwm78753

While giving '&' and '< ' characters for L3VPN BGP service provisioning password we are getting error
CSCwo06126

Alarm and Events - Events- Tab- UI page consumes all available client device memory (RAM)

For more information about the resolved bugs, go to the Bug Search Tool.

Get information about Cisco EPN manager bugs

Use the Bug Search tool (BST) to get the latest information about Cisco EPN Manager bugs. BST allows partners and customers to search for software bugs based on product, release, and keyword, and it aggregates key data such as bug details, product, and version.

Cisco EPN Manager bugs may be caused by defects in a device's platform or operating system. In such cases, the Cisco EPN Manager bug will be resolved when the hardware/operating system bug is resolved.

Procedure

Step 1

Log into the Bug Search Tool.

  1. Go to https://tools.cisco.com/bugsearch/.

  2. At the Log In screen, enter your registered Cisco.com username and password; then, click Log In.

Note

 
If you do not have a Cisco.com username and password, you can register for them at http://tools.cisco.com/RPF/register/register.do

Step 2

To list all bugs for this version, click the Select from list hyperlink that is next to the Product field and select the product.

  1. Choose Cloud and Systems Management > Routing and Switching Management > Cisco Evolved Programmable Network (EPN) Manager and then select the required product version.

  2. When the results are displayed, use the filter and sort tools to find bugs according to their status, severity, how recently they were modified, if any support cases are associated with them, and so forth.

You can also search using bug IDs or keywords. For more information, click Help at the top right of the Bug Search page.

Accessibility features

For a list of accessibility features in Cisco EPN Manager 7.1.4, contact accessibility@cisco.com.

All product documents are accessible. If you would like to receive the product documentation in audio format, braille, or large print, contact accessibility@cisco.com

Obtaining documentation and submitting a service request

For information on obtaining documentation, using the Cisco Bug Search Tool (BST), submitting a service request, and gathering additional information, see What’s New in Cisco Product Documentation.

Subscribe to What’s New in Cisco Product Documentation, which lists all new and revised Cisco technical documentation, as an RSS feed and deliver content directly to your desktop using a reader application. The RSS feeds are a free service.