Resolved Issues

For your convenience, the release notes list the resolved issues for each patch.

If you have a support contract, you can use the Cisco Bug Search Tool to obtain up-to-date bug lists. You can constrain searches to bugs affecting specific platforms and versions. You can also search by bug status, bug ID, and for specific keywords.

Important

Bug lists are auto-generated once and are not subsequently updated. Depending on how and when a bug was categorized or updated in our system, it may not appear in the release notes. You should regard the Cisco Bug Search Tool as the source of truth.

Resolved Issues in New Builds

Sometimes Cisco releases updated builds. In most cases, only the latest build for each platform is available on the Cisco Support & Download site. We strongly recommend you use the latest build. If you downloaded an earlier build, do not use it.

You cannot upgrade from one build to another for the same Firepower version. If a new build would fix your issue, determine if an upgrade or hotfix would work instead. If not, contact Cisco TAC. See the Cisco Firepower Hotfix Release Notes for quicklinks to publicly available Firepower hotfixes.

Use this table to determine if a new build is available for your platform.

Table 1. Version 6.4.0.x Patches with New Builds
Version	New Build	Released	Platforms	Resolves
6.4.0.2	35	2019-07-03	FMC/FMCv FTD/FTDv, except Firepower 1000 series	CSCvq34224: Firepower Primary Detection Engine process terminated after Manager upgrade If you already upgraded to Version 6.4.0.2-34 and have FTD devices configured for high availability, apply Hotfix F. In FMC deployments, apply the hotfix to the FMC. In FDM deployments, apply the hotfix to both devices.

Version 6.4.0.14 Resolved Issues

Table 2. Version 6.4.0.14 Resolved Issues
Bug ID	Headline
CSCwa46963	Security: CVE-2021-44228 -> Log4j 2 Vulnerability
CSCwa70008	Expired certs cause Security Intel. and malware file preclassification signature updates to fail
CSCwa88571	Unable to register FMC with the Smart Portal

Version 6.4.0.13 Resolved Issues

Table 3. Version 6.4.0.13 Resolved Issues
Bug ID	Headline
CSCum03297	ENH: ASA should save the timestamp of the MAXHOG in 'show proc cpu-hog'
CSCvg66052	2 CPU Cores continuously spike on firepower appliances
CSCvi58484	Cluster: ping sourced from FTD/ASA to external IPs may if reply lands on different cluster unit
CSCvm76755	DP-CP arp-in and adj-absent queues need to be separated
CSCvp16933	Cisco Firepower Threat Defense Software Shell Access Vulnerability
CSCvp69936	ASA : Traceback on tcp_intercept Thread name : Threat detection
CSCvq39187	KP: Host key verification is getting failed while ssh to host
CSCvq43454	ENH : Support a tolerance time for the "NotValidBefore" timestamp, while using SAML auth
CSCvq54299	After restart of both A/S units, not all context configs may be loaded when using SL on 2100
CSCvr11958	AWS FTD: Deployment failure with ERROR: failed to set interface to promiscuous mode
CSCvr33586	FPR1010 - Add temperature/warnings for SSD when thresholds are exceeded
CSCvr38379	Upgraded FTD will not reimage to base FTD version with the use of 'auto-install' feature in FPR2100
CSCvr39217	Fxos Snmp-user is not persistent after reboot
CSCvs27336	Traceback on ASA by Smart Call Home process
CSCvs47365	Event rate seen on FMC slows down or stops coming from devices using FXOS 2.9.1 update
CSCvt10944	ctm crashed while sending emix traffic over VTI tunnel
CSCvt15348	ASA show processes cpu-usage output is misleading on multi-core platforms
CSCvt25917	FTD CLI - Fail to display the disabled local user and cannot enable back
CSCvt31292	FTD device might not send events to SSE
CSCvt64238	FXOS pktmgr Rx Drops counter keeps increasing in LACP Port-Channel
CSCvt85766	FPR2k: FCM Syslog Remote Destinations tab disappeared after upgrading
CSCvu36302	%ASA-3-737403 is used incorrectly when vpn-addr-assign local reuse-delay is configured
CSCvu97242	FTD 2100: Corefile and crashinfo might both be truncated and incomplete in the event of a crash
CSCvv07917	ASA learning a new route removes asp route table created by floating static
CSCvv20780	Policy deploy fails with "Failed to hold the deployment transaction" error
CSCvv24647	FTD 2100 - SNMP: incorrect values returned for Ethernet statistics polling
CSCvv43190	Crypto engine errors when GRE header protocol field doesn't match protocol field in inner ip header
CSCvv48594	Memory leak: due to snp_tcp_intercept_stat_top_n_integrate() in threat detection
CSCvv48942	Snmpwalk showing traffic counter as 0 for failover interface
CSCvv55248	Syslogs generated for ACL transaction commit are not in consistent format & not available some times
CSCvv62499	FMC: Remove_peers.pl script should work when FTD is member of a cluster
CSCvv71097	traceback: ASA reloaded snp_fdb_destroy_fh_callback+104
CSCvv79459	WR6, WR8 and LTS18 commit id update in CCM layer (sprint 94, seq 1)
CSCvv84172	Dangling ref in Clustered table and EO upon failed registration
CSCvv85029	ASA5555 traceback and reload on Thread Name: ace_work
CSCvv89715	Fastpath rules for Firepower 8000 series stack disappear randomly from the FMC
CSCvw03628	ASA will not import CA certificate with name constraint of RFC822Name set as empty
CSCvw06298	ASA duplicate MAC addresses in Shared Interfaces of different Contexts causing traffic impact
CSCvw13348	WR6, WR8 and LTS18 commit id update in CCM layer (sprint 98, seq 2)
CSCvw16165	Firepower 1010 Series stops passing traffic when a member of the port-channel is down
CSCvw18614	ASA/FTD traceback in the LINA process
CSCvw48829	Timezone in "show clock" is different from which in "show run clock"
CSCvw62526	ASA traceback and reload on engineering ASA build - 9.12.3.237
CSCvw68593	A flaw in the way reply ICMP packets are limited in the Linux kernel f
CSCvw71405	FPR1120 running ASA traceback and reload in crypto process.
CSCvw90923	WR6, WR8 and LTS18 commit id update in CCM layer (sprint 101, seq 4)
CSCvw93159	Firepower 2100: ASA/FTD generates message "Local disk 2 missing on server 1/1"
CSCvw93276	Cisco Firepower Management Center Software Cross-Site Scripting Vulnerability
CSCvw97256	Need handling of rmu read failure to ignore link state update when link state API read fails
CSCvx04003	Lack of throttling of ARP miss indications to CP leads to oversubscription
CSCvx06920	WR6, WR8 and LTS18 commit id update in CCM layer (sprint 103, seq 5)
CSCvx14031	IPv4 DACL stuck on Active device when DACL removed after CoA for IKEv2 Session, traffic not impacted
CSCvx16134	100% cpu-usage for some processes seen in "show processes cpu-usage" though using multicore
CSCvx23833	IKEv2 rekey - Invalid SPI for ESP packet using new SPI received right after Create_Child_SA response
CSCvx24537	SAML: SAML Authentication may fail if we have 2 or more IDP certs with same Subject Name
CSCvx25719	X-Frame-Options header is not set in webvpn response pages
CSCvx29814	IP address in DHCP GIADDR field is reversed after sending DHCP DECLINE to DHCP server
CSCvx33904	Sudo before 1.9.5p2 has a Heap-based Buffer Overflow, allowing privilege escalation
CSCvx34237	ASA reload with FIPS failure
CSCvx42081	FPR4150 ASA Standby Ready unit Loops to failed and remove config to install it again
CSCvx43150	On the FMC, process of registration of member device post RMA is not successful
CSCvx45976	ASA/FTD Watchdog forced traceback and reload in Threadname: vnet-proxy (rip: socks_proxy_datarelay)
CSCvx47230	X-Frame-Options header support for older versions of IE and windows platforms
CSCvx47550	WR6, WR8 and LTS18 commit id update in CCM layer(sprint 105, seq 6)
CSCvx49715	Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may
CSCvx50980	ASA CP CPU wrong calculation leads to high percentage (100% CP CPU)
CSCvx54235	ASP capture dispatch-queue-limit shows no packets
CSCvx57417	Smart Tunnel Code signing certifcate renewal
CSCvx64478	Unwanted console output during SAML transactions
CSCvx65745	FPR2100: enable kernel panic on octeon for UE events to trigger crash
CSCvx66329	FTD Hotfix Cisco_FTD_SSP_FP2K_Hotfix_O installation fails on script 000_start/125_verify_bundle.sh
CSCvx67468	WR6, WR8 and LTS18 commit id update in CCM layer(sprint 107, seq 7)
CSCvx68355	ASA - unable to import CA certificate when countryName is encoded as UTF8
CSCvx71571	ASA: "ERROR: Unable to delete entries from Hash Table" with CSM
CSCvx75963	ASA traceback while taking captures
CSCvx77768	Traceback and reload due to Umbrella
CSCvx80830	VPN conn fails from same user if Radius server sends a dACL and vpn-simultaneous-logins is set to 1
CSCvx86621	ASA(lina) clock (always shows Jan 2010) does not sync properly with fxos
CSCvx87709	FPR 2100 running ASA in HA. Traceback and reload on watchdog during failover
CSCvx95255	Supportive change in ASA to differentiate, new ASDM connections from existing ASDM context switch
CSCvx95884	High CPU and massive "no buffer" drops during HA bulk sync and during normal conn sync
CSCvx97632	ASA traceback and reload when copying files with long destination filenames using cluster command
CSCvx98807	WR6, WR8 and LTS18 commit id update in CCM layer(sprint 109, seq 9)
CSCvy01752	Traceback on FPR 4115 in Thread - Lic HA Cluster
CSCvy02448	Time sync do not work correctly for ASA on FPFPR2100 series platform
CSCvy02703	ASA/FTD tracebacks due to CTM message handler
CSCvy03006	improve debugging capability for uauth
CSCvy03045	Failure accessing FXOS with connect fxos admin from Multi-Context ASA if admin context is changed
CSCvy03907	Creation/Edit of Access Control Policy fails with error 'Rule Name Already Exists'
CSCvy04869	AnyConnect certificate authentication fails if user certificate has 8192 bits key size
CSCvy07491	ASA traceback when re-configuring access-list
CSCvy08798	WR6, WR8 and LTS18 commit id update in CCM layer(sprint 110, seq 10)
CSCvy08908	Port-forwarding application blocked by Java
CSCvy10583	ASA Traceback and Reload in Thread Name: DATAPATH
CSCvy10789	FTD 2110 ascii characters are disallowed in LDAP password
CSCvy12782	FTD/ASA: PATed traffic impacted when configured on ixgbe-vf SRIOV interfaces in HA
CSCvy14721	ssl traffic dropped by FTD while CH packet has a destination port no greater than source port
CSCvy16179	ASA cluster Traceback with Thread Name: Unicorn Admin Handler even when running fix for CSCuz67596
CSCvy17078	Traceback: ASA on FPR 2110 traceback and reload on process Lina
CSCvy17365	REST API Login Page Issue
CSCvy17470	ASA Traceback and reload on the A/S failover pair at IKEv2
CSCvy18366	LINA Crash from pdts_pd_segment.c:1941 on FPR1k & ISA3k
CSCvy21334	Active tries to send CoA update to Standby in case of "No Switchover"
CSCvy23349	FTD unnecessarily ACKing TCP flows on inline-pair deployment
CSCvy25849	ASA fails to process the OCSP response when the string 'OK' is missing in the HTTP response
CSCvy31424	QP FTD application fails to start due to outdated affinity.conf following FXOS/FTD upgrade
CSCvy33105	Ambiguous command error is shown for 'show route bgp' or 'show route isis' if DNS lookup is enabled
CSCvy33676	UN-NAT created on FTD once a prior dynamic xlate is created
CSCvy35737	FTD traceback and reload during anyconnect package verification
CSCvy35948	WR6, WR8 and LTS18 commit id update in CCM layer(sprint 111, seq 11)
CSCvy39621	ASA/FTD sends continuous Radius Access Requests Even After Max Retry Count is Reached
CSCvy39659	ASA/FTD may traceback and reload in Thread Name 'DATAPATH-15-14815'
CSCvy43447	FTD traceback and reload on Lic TMR Thread on Multi Instance FTD
CSCvy46026	"Unable to load container (UUID)" when try to open a device under Devices > Device management
CSCvy47108	Remote Access IKEv2 VPN session cannot be established because of stuck Uauth entry
CSCvy48159	ASA Traceback & reload on process name lina due to memory header validation
CSCvy49732	ASA/FTD may traceback and reload in Thread Name 'ssh'
CSCvy50011	ASA traceback in IKE Daemon process and reload
CSCvy51814	Firepower flow-offload stops offloading all existing and new flows
CSCvy52074	ASA/FTD may traceback and reload in Thread Name 'webvpn_task'
CSCvy53461	RSA keys & Certs get removed post reload on WS-SVC-ASA-SM1-K7 with ASA code 9.12.x
CSCvy55356	CPU hogs less than 10 msec are produced contrary to documentation
CSCvy57905	VTI tunnel interface stays down post reload on KP/WM platform in HA
CSCvy60574	Port dcosAG leak fix CSCvx14602 to KP/WM
CSCvy61008	Time out of sync between Lina and FXOS
CSCvy64145	WR6, WR8 and LTS18 commit id update in CCM layer(sprint 113, seq 12)
CSCvy64492	ASAv adding non-identity L2 entries for own addresses on MAC table and dropping HA hellos
CSCvy64911	Debugs for: SNMP MIB value for crasLocalAddress is not showing the IP address
CSCvy67756	Firepower Services HTTPS traffic stops working when matching Do not decrypt rule in SSL policy
CSCvy69189	FTD HA stuck in bulk state due to stuck vpnfol_sync/Bulk-sync keytab
CSCvy72846	ASA accounting reports incorrect Acct-Session-Time
CSCvy74781	The standby device is sending the keep alive messages for ssl traffic after the failover
CSCvy80202	Intrusion Event Performance Graphs load blank on 4100 despite of fix of CSCvm48451
CSCvy89658	WR6, WR8 and LTS18 commit id update in CCM layer(sprint 114, seq 13)
CSCvy91668	PAT pool exhaustion with stickiness traffic could lead to new connection drop.
CSCvy92990	FTD traceback and reload related to SSL after upgrade to 7.0
CSCvy96625	Revert 'fix' introduced by CSCvr33428 and CSCvy39659
CSCvy96698	Resolve spurious status actions checking speed values twice in FXOS portmgr
CSCvy98027	Application interface down whereas physical interface Up on FXOS
CSCvy98458	FP21xx -traceback "Panic:DATAPATH-10-xxxx -remove_mem_from_head: Error - found a bad header"
CSCvz00383	FTD lina traceback and reload in thread Name Checkheaps
CSCvz00699	Traceback in webvpn and reload experienced periodically after ASA upgrade
CSCvz05189	FTD reload with Lina traceback during xlate replication in Cluster
CSCvz07614	ASA: Orphaned SSH session not allowing us to delete a policy-map from CLI
CSCvz15529	ASA traceback and reload thread name: Datapath
CSCvz20544	ASA/FTD may traceback and reload in loop processing Anyconnect profile
CSCvz20679	FTDv - Lina Traceback and reload
CSCvz21886	Twice nat's un-nat not happening if nat matches a pbr acl that matches a port number instead of IP
CSCvz25434	ASA/FTD blackholes traffic due to 1550 block depletion when BVI is configured as DHCP client
CSCvz27714	Interface flapping on 8350 sensor during policy deployments
CSCvz29233	ASA: ARP entries from custom context not removed when an interface flap occurs on system context
CSCvz34831	If ASA fails to download DACL it will never stop trying
CSCvz37306	ASDM session is not served for new user after doing multiple context switches in existing user
CSCvz38361	BGP packets dropped for non directly connected neighbors
CSCvz39565	ASA/FTD Traceback and Reload during bulk VPN session connect
CSCvz39646	ASA/AnyConnect - Stale RADIUS sessions
CSCvz40352	ASA traffic dropped by Implicit ACL despite the fact of explicit rules present on Access-list
CSCvz43414	Internal ldap attribute mappings fail after HA failover
CSCvz43455	ASAv observed traceback while upgrading hostscan
CSCvz48407	Traceback and reload in Thread Name: DATAPATH-15-18621
CSCvz53142	ASA does not use the interface specified in the name-server command to reach IPv6 DNS servers
CSCvz57710	conf t is converted to disk0:/t under context-config mode
CSCvz58710	ASA traceback due to SCTP traffic.
CSCvz60901	ASA: IPv6 Neighbor reachability issues
CSCvz60970	ASA Traceback in Thread Name: DATAPATH-4-23199 in enic_put / FREEB when sending LU to statelink
CSCvz64470	ASA/FTD Traceback and reload due to memory corruption when generating ICMP unreachable message
CSCvz66795	ASA traceback and reload in SSH process when executing the command "show access-list"
CSCvz69571	ASA log shows wrong value of the transferred data after the anyconnect session terminated.
CSCvz73709	ASA/FTD Standby unit fails to join HA
CSCvz77744	OSPFv3: FTD Wrong "Forwarding address" added in ospfv3 database
CSCvz81934	Revert 'fix' introduced by CSCvx95884
CSCvz84850	ASA/FTD traceback and reload caused by "timer services" function
CSCvz87824	ASASM traceback and reload on "snp_svcmod_heart_beat_timeout_cb" function

Version 6.4.0.12 Resolved Issues

Table 4. Version 6.4.0.12 Resolved Issues
Bug ID	Headline
CSCtx83747	Syslog 718055 contains wrongly formatted MAC address
CSCui74211	Expired DHCP-Client leases not purged on ASA-standby unit
CSCuj60109	ENH: SFP transceivers attached to ASA-IC-6GE-SFP-A are not shown by CLI
CSCuj99176	Make ASA-SSM cplane keepalives more tolerable to communication delays
CSCun74870	ASA IKEv2: NO-PROPOSAL-CHOSEN sent instead of TS_UNSUPPORTED
CSCuq47482	ENH: ASA show tech should include "show module x detail"
CSCut44164	ASA: Add additional crypto stats to "show tech"
CSCuu60064	ENH: ASAv show tech should include "show vm"
CSCuu84198	DHCPRelay debugs should highlight invalid parameters from DHCP server
CSCuw51499	TCM doesn't work for ACE addition/removal, ACL object/object-group edits
CSCuy53106	ASA OS incorrectly calculates certificate expiry date in Syslog 717054
CSCvb92169	ASA should provide better fragment-related logs and ASP drop reasons
CSCvc40724	Invalid group URL causes improperly formatted message back to AnyConnect
CSCvf88062	CTM: Nitrox S/G lengths need to be validated
CSCvg59385	ASA scansafe connector takes too long to failover to secondary CWS Tower
CSCvg69380	ASA - rare cp processing corruption causes console lock
CSCvg73237	ENH: Configure CAC as an absolute value as well instead of just percentage of total VPN capacity.
CSCvh30209	Traceback in mfib_idb_get when toggling multicast on/off repeatedly
CSCvh85504	"Backlog Status" health module false negative alerts
CSCvi07901	CISCO-REMOTE-ACCESS-MONITOR-MIB crasIPSecNumSessions is zero on ASA for IKEv2 AnyConnect
CSCvi85020	Order of SSH configuration generates "SSH version 1 is not secure." error messages at boot
CSCvk51778	"show inventory" (or) "show environment" on ASA 5515/5525/5545/5555 shows up Driver/ioctl error logs
CSCvm15088	ENH: Add PSU details in "show environment" for ASA5525
CSCvm78605	ASA Failover: 'show interface tunnel' shows tunnel source as standby IP address
CSCvm82290	ASA core blocks depleted when host unreachable in IRB/TFW configuration
CSCvm98585	CPU hog from idfw module observed in 5525 FTD
CSCvn12453	Implement debug menu command to show RX ring number a flow is hashed to
CSCvn16864	ENH: Missing Content-Security-Policy Header in ASA HTTP WebVPN portal
CSCvn16877	ENH: Missing X-Content-Type-Options Header in ASA HTTP WebVPN portal
CSCvn16887	ENH: Missing X-XSS-Protection Header in ASA HTTP WebVPN portal
CSCvn64647	ASA traceback and reload due to tcp_retrans_timeout internal thread handling
CSCvn82441	[SXP] Issue with establishing SXP connection between ASA on FPR-2110 and switches
CSCvn93683	ASA: cluster exec show commands not show all output
CSCvn95731	ASA traceback and reload on Thread Name SSH
CSCvo11623	ASAv/Azure: Smart Licensing does not use hostname from custom template for registration
CSCvo12504	ASA: Failover fsm gets stuck in a multicontext in case of module difference.
CSCvo33227	BusyBox udhcp Components Out-of-Bounds Read Information Disclosure Vul
CSCvo33896	snmpd(): insufficient memory to handle queries
CSCvo34210	ASA running 9.6.4.20 Traceback in threadname Unicorn Proxy Thread
CSCvo58030	Failover mac address configured on interface does not allow to delete subinterface
CSCvo64516	ASA fails command authorization if tcp syslog is down.
CSCvo68887	Timestamp in Crash File name says UTC but is local timezone
CSCvo78772	ENH: ASA WebVPN should send "Cache-Control: no-store" instead of "Cache-Control: no-cache"
CSCvo81249	ASA may cause high-rate of DNS queries between ASA (acting as a DNS client) and a server
CSCvo86485	incorrect HTML <base> tag handling by Grammar Based Parser
CSCvo87430	FTD : Can't deploy ISAKMP VPNs containing question marks
CSCvo99076	ENH: IKEv2 quick connection preempt for static IP assigned to client by AAA
CSCvp09083	ASA working as DHCP server drops DHCP renewal request packet sent by DHCP clients
CSCvp10079	DB switch role failed on FMC HA switch
CSCvp13352	ASA continues to do TCP keepalives for Client side connections even after vpn session times out
CSCvp16618	URL inside HTML base tag is not rewritten after it is handled by GBP
CSCvp23530	OSPF neighbor command not replicated to standy after write standby or reload
CSCvp29554	Traceback and reload due to a watchdog timeout when accessingfilesystem (webvpn related)
CSCvp29803	Apache HTTP Server Modules Scripts Arbitrary Code Execution Vulnerab ...
CSCvp31311	There should be enough PKI handles for the max sessions on a given platform
CSCvp38774	WebVPN rewriter not loading website correctly
CSCvp42484	IS-IS hello packet length not updated to correct mtu when mtu modified
CSCvp42722	ASA does not generate logging message 611103 for any syslog destination (buffer, trap, etc)
CSCvp52437	ASA \| Saving configuration, give message "Platform does not support appliance mode configuration."
CSCvp56719	Cisco FMC and FTD Software sftunnel Pass the Hash Vulnerability
CSCvp57417	Upon downgrade of an ASAv, the firewall may traceback and reload
CSCvp67033	ASA: Cannot distinguish name aliases for IPv6 and displays a "incomplete command" error message
CSCvp69229	OpenSSL 0-byte Record Padding Oracle Information Disclosure Vulnerabil
CSCvp71766	Radius authentication fails when sourced from BVI across a VPN tunnel
CSCvp71879	limit-resource CLI for ssh/telnet has no effect if quota-CLI is not configured
CSCvp72624	SNMP Limit for OID 1.3.6.1.2.1.4.35 (ipNetToPhysicalTable)
CSCvp73394	Failover ASA IKEv2 VTI: Secondary ASA sends standby IP as the traffic selector
CSCvp75965	primary FPR2110 crash after customer configure syslog setting on FMC
CSCvp76904	With dhcp-network-scope configured incorrectly, DHCP debugs on ASA show wrong gateway and netmask.
CSCvp77226	ASA traceback and reload on sysopt traffic detailed in multicontext mode
CSCvp78171	ASA in cluster fail to synchronise IPv6 ND table with peer units.
CSCvp91905	ASA will add the newly configured IPv6 Address to the current link-local address
CSCvp94478	ASA scp quite slow
CSCvp96658	Inconsistency in timezone for show logging in newer versions
CSCvq00560	ASA silently drops packets which violate ESP Authentication data field size (ICV)
CSCvq15976	ASA Memory Leak - snp_svc_insert_dtls_session
CSCvq17551	Syslog 711004 not consistently triggering event manager event
CSCvq22358	Disabling anti-replay for one context it disables it for other contexts as well
CSCvq27016	FMC shows 'Unable to fetch failover history..' for FTD HA.
CSCvq37913	VPN-sessiondb does not replicate to standby ASA
CSCvq47743	AnyConnect and Management Sessions fail to connect after several weeks
CSCvq49124	ASA on FP1010 Traceback in http_exec_cli thread
CSCvq49718	Observed Traceback in ASA with dns debugs enabled while resolving FQDN Entries
CSCvq50944	OSPFv3 neighborship is flapping every ~30 minutes
CSCvq54620	FPR4110 crashes after using 'vpn-sessions logoff all'
CSCvq54624	DTLS AnyConnect tunnel doesn't resume due to cache miss
CSCvq55426	Adding an ipv6 default route causes CLI to hang for 50 seconds
CSCvq58729	2140: crypto accelerator status show SOFTWARE mode by default
CSCvq65864	Traceback in HTTP Cli Exec with rest-api agent enabled
CSCvq70536	FTD: Deployment failure when breaking HA and graceful-restart is present on config
CSCvq73595	ASA webvpn unable to extract username from cert UPN if username is longer than 32 chars
CSCvq76706	Ability to clear message logged statistics in output of "show logging"
CSCvq78126	V route is missing even after setting the reverse route in Crypto map config in HA-IKEv2
CSCvq79042	FQDN ACL entries incomplete due to DNS response from server is large and truncated
CSCvq81410	ASA::Unable to execute any ASA command via http using safari browser.
CSCvq81692	ASA: After changing admin-context, call-home does not use new admin context setting
CSCvq83060	SNMP: Cannot get failover link information from oid in multiple mode
CSCvq84444	Configuring static routes causes "Route Session" rerr counter to increment on standby ASA
CSCvq87625	ENH: Addition of 'show run all sysopt' to 'show tech' output
CSCvq92240	Memory leak observed while running AnyConnect ssl vpn tests
CSCvq93640	WRL6 and WRL8 commit id update in CCM layer (sprint 67)
CSCvq93836	ENH: Addition of 'show logging setting' to 'show tech' output
CSCvq98396	ASA: crypto session handles leak on the standby unit
CSCvq99107	Hot swap of SFP is not taking effect on the ASA
CSCvr03705	We need to have default route with AD and tunneled at the same time for the same next hub.
CSCvr04203	Memory leak observed while running AnyConnect ssl vpn tests
CSCvr09399	Dynamic flow-offload can't be disabled
CSCvr12018	ASA: VPN traffic fails to take the tunnel route when the default route is learnt over BGP.
CSCvr15503	ASA: SSH and ASDM sessions stuck in CLOSE_WAIT causing lack of MGMT for the ASA
CSCvr20486	FTD 1010 Passive interfaces does not receive unicast packets
CSCvr20757	Block leak on ASA while running Cisco Umbrella DNS inspection
CSCvr20876	low memory causes kernel to invoke - oom and reload device - modified rlimit for KP
CSCvr23580	Can't delete 2 or more than two IP address-pool
CSCvr23986	Cisco ASA & FTD devices may reload under conditions of low memory and frequent complete MIB walks
CSCvr33428	FMC generates Connection Events from a SYN flood attack
CSCvr35872	ASA traceback Thread Name: DATAPATH with PBR configured
CSCvr37486	established rules in asp table are not un-installed on config removal
CSCvr37502	libexpat Improper Parsing Denial of Service Vulnerability
CSCvr39516	lina segfault/reload caused by malloc failure in modexp-octeon
CSCvr50509	Some 3DES related configurations are lost after booted
CSCvr50630	ASA Traceback: SCTP bulk sync and HA synchronization
CSCvr50718	ASA \| Incorrect handling of ICMP-TYPE objects for ICMP6 rules
CSCvr51426	ASA is not sending the mask in the accounting packets
CSCvr55518	Missing clean up on rule creation failure.
CSCvr57605	ASA after reload had license context count greater than platform limits
CSCvr58411	RRI on static HUB/SPOKE config is not working on HUB when a new static SPOKE is added or deleted
CSCvr60195	ASA/FTD may traceback and reload when repeatedly adding/removing multicast commands
CSCvr68146	Unable to auto-rejoin FTD cluster
CSCvr68872	Secondary unit exceed platform context count limit in split brain scenario when failover link down
CSCvr72648	BIGNUM leak in ec_bits()
CSCvr80164	WR6 and WR8 commit id update in CCM layer(sprint 72)
CSCvr83372	I/O error occurred while writing; fd='28', error='Resource temporarily unavailable (11)'
CSCvr86077	ASA Traceback/pagefault in Datapath due to re_multi_match_ascii
CSCvr90079	HSTS config option not updated on show run all
CSCvr90462	Improve ipv6 duplicate address detection to avoid disabling ipv6 in case of transient active-active
CSCvr92311	Standby ASA logging %ASA-4-720022: (VPN-Secondary) Cannot find trust point __tmpCiscoM1Root__
CSCvr98924	ASA traceback and reload due to routing subsystem
CSCvr99642	ASA traceback and reload multiple times with trace "webvpn_periodic_signal"
CSCvs02954	ASA OSPF: Prefix removed from the RIB when topology changes, then added back when another SPF is run
CSCvs04179	ASA - 9.8.4.12 traceback and reload in ssh or fover_rx Thread
CSCvs05262	Decrement TTL display wrong result
CSCvs13204	ASAv failover traffic on SR-IOV interfaces might be dropped due to interface-down
CSCvs16073	snmp poll failure with host and host-group configured
CSCvs27264	mroute entries on ASA not getting refreshed.
CSCvs28213	ASA Traceback in Thread Name SSH with assertion slib_malloc.c
CSCvs29779	ASA may traceback and reload while waitinPC g for "DATAPATH-12-1899" process to finish.
CSCvs31159	Incorrect empty location handling inside CSCOGet_location wrapper
CSCvs31443	ASA reporting negative memory values on "%ASA-5-321001: Resource 'memory' limit'" message
CSCvs31470	OSPF Hello causing 9K block depletion, control point CPU 100% and cluster unstable.
CSCvs32907	Addition of debug counters for STRAP implementation.
CSCvs33102	ASA/FTD may traceback and reload in Thread Name 'EIGRP-IPv4'
CSCvs33852	After upgrade to version 9.6.4.34 is not possible to add an access-group
CSCvs38785	Inconsistent timestamp format in syslog
CSCvs39589	ASA doesn't honor SSH Timeout When Data Channel is not Negotiated
CSCvs40230	ICMP not working and failed with inspect-icmp-seq-num-not-matched
CSCvs43154	Secondary ASA is unable to join the failover due to aggressive warning messages.
CSCvs45111	WR6 and WR8 commit id update in CCM layer(sprint 75)
CSCvs45548	reactivation-mode timed causing untimely reactivation of failed server
CSCvs47283	Traffic may match an access-list incorrectly with object-group-search enabled
CSCvs48437	ASA cannot send syslog to two UDP ports at same time
CSCvs52108	ASA Traceback Due to Umbrella Inspection
CSCvs52169	ASA sends malformed RADIUS message when device-id from AnyConnect is too long
CSCvs55603	ICMP Reply Dropped when matched by ACL
CSCvs56802	Cisco Firepower 2100 Series SSL/TLS Inspection Denial of Service Vulnerability
CSCvs59487	Observed crash in KP device while upgrading to 99.14.1.64 image.
CSCvs59558	Failover mac address getting removed on the reload of the Primary active unit
CSCvs59966	false reported value for OID "cipSecGlobalActiveTunnels" - same as ASDM
CSCvs60254	libxml2 xmlParseBalancedChunkMemoryRecover Memory Leak Vulnerability
CSCvs63484	SAML tokens are not removed from hash table
CSCvs70260	IKEv2 vpn-filter drops traffic with implicit deny after volume based rekey collision
CSCvs71698	Management default route conflicts with default data routing
CSCvs71969	Multiple Cisco Products Snort HTTP Detection Engine File Policy Bypass Vulnerability
CSCvs72378	ASDM session being abruptly terminated when switching between different contexts
CSCvs72450	FXOS - Recover hwclock of service module from corruption due to simultaneous write collision
CSCvs73663	ASA Traceback on IPsec message handler Thread
CSCvs73754	ASA/FTD: Block 256 size depletion caused by ARP of BVI not assigned to any physical interface
CSCvs76605	Wrong Module version listed for FXOS 2.6(1.174)
CSCvs77818	Traceback: spin_lock_fair_mode_enqueue: Lock (np_conn_shrlock_t) is held for a long time
CSCvs82726	Placeholder to address CSCvs31470 in Multi-Context Mode
CSCvs84542	ASA traceback with thread: idfw_proc
CSCvs85196	ASA SIP connections drop after several consecutive failovers: pinhole timeout/closed by inspection
CSCvs87795	ASA: backup context failed to "ERROR: No such file or directory"
CSCvs88413	Port-channel bundling is failing after upgrade to 9.8 version
CSCvs90100	ASA/FTD may traceback and reload in Thread Name 'License Thread'
CSCvs94486	CSCvs59487 requires additional fix for resolution
CSCvs97863	Reduce number of fsync calls during close in flash file system
CSCvs97908	Invalid scp session terminates other active http, scp sessions
CSCvt00255	Upgrade kernel to cpe:2.3:o:linux:linux_kernel:4.14.187:
CSCvt01282	WR6 and WR8 commit id update in CCM layer(sprint 79)
CSCvt05862	IPv6 DNS server resolution fails when the server is reachable over the management interface.
CSCvt06606	Flow offload not working with combination of FTD 6.2(3.10) and FXOS 2.6(1.169)
CSCvt06841	Incorrect access-list hitcount seen when configuring it with a capture on ASA
CSCvt08492	Events are not generated on FDM after FXOS upgrade
CSCvt11302	On FPR devices when FIPS is enabled cannot create webtype ACLs
CSCvt11547	Cisco Firepower Device Manager Software Filesystem Space Exhaustion Denial of Service Vuln
CSCvt11661	DOC - Clarify the meaning of mp-svc-flow-control under show asp drop
CSCvt11742	ASA/FTD may traceback and reload in Thread Name 'ssh'
CSCvt12463	ASA: Traceback in thread Unicorn Admin Handler
CSCvt13301	Default Syslog using non-standard port does not work for Intrusion events
CSCvt13822	ASA: VTI rejecting IPSec tunnel due to no matching crypto map entry
CSCvt15056	SFR managed by ASDM: System policy does not apply.
CSCvt17912	stress, pushing platform limits causing segfault/reload in lina_free_exec_st
CSCvt18199	IPv6 Nat rejected with error "overlaps with inside standby interface address" for Standalone ASA
CSCvt22356	Health-check monitor-interface debounce-time in ASA Cluster resets to 9000ms after ASA reboot
CSCvt23643	VPN failover recovery is taking approx. 30 seconds for data to resume
CSCvt25225	ASA: Active unit HA traceback and reload during Config Sync state during OSPF sync
CSCvt26031	ASAv Unable to register smart licensing with IPv6
CSCvt26530	FTD failed over due to 'Inspection engine in other unit has failed due to snort failure'
CSCvt27585	Observed traceback on 2100 while performing Failover Switch from Standby.
CSCvt30731	WR6, WR8 and LTS18 commit id update in CCM layer(sprint 80)
CSCvt35945	Encryption-3DES-AES should not be required when enabling ssh version 2 on 9.8 train
CSCvt36542	Multi-context ASA/LINA on FPR not sending DHCP release message
CSCvt38279	Erase disk0 on ISA3000 causes file system not supported
CSCvt39977	Invalid packet data when PSNG_TCP_PORTSCAN [122:1:1] rule alerts.
CSCvt41357	"no logging permit-hostdown" does not block connections when syslog host is inaccessible
CSCvt43136	Multiple Cisco Products Snort TCP Fast Open File Policy Bypass Vulnerability
CSCvt43967	Pad packets received from RA tunnel which are less than or equal 46 bytes in length with zeros
CSCvt46289	ASA LDAPS connection fails on Firepower 1000 Series
CSCvt48601	Cisco Firepower Manament Center Software Stored Cross-Site Scripting Vulnerability
CSCvt50528	Warning Message for default settings with Installation of Certificates in ASA/FTD - CLI
CSCvt51349	Fragmented packets forwarded to fragment owner are not visible on data interface captures
CSCvt51987	Traffic outage due to 80 size block exhaustion on the ASA FPR9300 SM56
CSCvt53640	ASA5585 may traceback and reload after upgrading SFR from 6.4.0 to 6.4.0.x
CSCvt54182	LINA cores are generated when FTD is configured to do SSL decryption.
CSCvt63027	Cisco Firepower Management Center XML Entity Expansion Vulnerability
CSCvt63484	ASA High CPU with igb_saleen_io_sfp_mod_poll_thre process
CSCvt64035	remote acess mib - SNMP 64 bit only reporting 4Gb before wrapping around
CSCvt64952	"Show crypto accelerator load-balance detail" has missing and undefined output
CSCvt65982	Route Fallback doesn't happen on Slave unit, upon RRI route removal.
CSCvt68294	Adjust Firepower 4120 Maximum VPN Session Limit to 20,000
CSCvt70664	ASA: acct-session-time accounting attribute missing from Radius Acct-Requests for AnyConnect
CSCvt71529	ASA traceback and reload during SSL handshake
CSCvt72683	NAT policy configuration after NAT policy deployment on FP 8130 is not seen
CSCvt73407	TACACS Fallback authorization fails for Username enable_15 on ASA device.
CSCvt75760	Traceback/Page-fault in Clientless WebVPN due to HTTP cleanup
CSCvt80126	ASA traceback and reload for the CLI "show asp table socket 18421590 det"
CSCvt80134	WebVPN rewriter fails to parse data from SAP Netweaver.
CSCvt80172	Supervisor software needs to be upgraded to address CVE-2017-11610
CSCvt83133	Unable to access anyconnect webvpn portal from google chrome using group-url
CSCvt90330	ASA traceback and reload with thread name coa_task
CSCvt91521	Crypto accelerator bias setting should be included in show tech
CSCvt92647	Connectivity over the state link configured with IPv6 addresses is lost after upgrading the ASA
CSCvt98599	IKEv2 Call Admission Statistics "Active SAs" counter out of sync with the real number of sessions
CSCvt99020	Cisco Firepower Manament Center Software Stored Cross-Site Scripting Vulnerability
CSCvt99137	With huge FTP traffic in cluster, the SEC_FLOW messages are in a retransmit loop
CSCvu00112	tsd0 not reset when ssh quota limit is hit in ci_cons_shell
CSCvu03107	AnyConnect statistics is doubled in both %ASA-4-113019 and RADIUS accounting
CSCvu03562	Device loses ssh connectivity when username and password is entered
CSCvu03675	FPR2100: ASA console may hang & become unresponsive in low memory conditions
CSCvu05180	aaa-server configuration missing on the FTD after a Remote Access VPN policy deployment
CSCvu06767	Lina cores on multi-instance causing a boot loop on both logical-devices
CSCvu07602	FPR-41x5: 'clear crypto accelerator load-balance' will cause a traceback and reload
CSCvu07880	ASA on QP platforms display wrong coredump filesystem space (50 GB)
CSCvu12039	Cluster data unit might fail to synchronize SCTP configuration from the control unit after bootup
CSCvu12045	Deployment fails for NGIPS with error "System (/etc/rc.d/init.d/netif-speed eth0) Failed"
CSCvu12248	ASA-FPWR 1010 traceback and reload when users connect using AnyConnect VPN
CSCvu16423	ASA 9.12(2) - Multiple tracebacks due to Unicorn Proxy Thread
CSCvu17924	FTD failover units traceback and reload on DATAPATH
CSCvu17965	ASA generated a traceback and reloaded when changing the port value of a manual nat rule
CSCvu20007	Config_XML_Response from LINA is not in the correct format,Lina reporting as No memory available.
CSCvu20666	Few FPR 2100 series External Authentication RADIUS not taking configuration
CSCvu26296	ASA interface ACL dropping snmp control-plane traffic from ASA
CSCvu26561	WebVPN SSO Gives Unexpected Results when Integrated with Kerberos
CSCvu29184	Cisco Firepower Threat Defense Software Command File Overwrite Vulnerability
CSCvu29395	Traceback observed while performing master role change with active IGMP joins
CSCvu29660	Block exhaustion snapshot not created when available blocks goes to zero
CSCvu32698	ASA Crashes in SNMP while joining the cluster when key config-key password-encryption" is present
CSCvu33992	traceback: ASA reloaded lina_sigcrash+1394
CSCvu34413	SSH keys lost in ASA after reload
CSCvu40213	ASA traceback in Thread Name kerberos_recv
CSCvu40324	ASA traceback and reload with Flow lookup calling traceback
CSCvu40398	ASAv reload due to FIPS SELF-TEST FAILURE after enabling FIPS
CSCvu43924	GIADDR of DHCP Discover packet is changed to the ip address of dhcp-network-scope
CSCvu45748	ASA traceback in threadname 'ppp_timer_thread'
CSCvu45822	ASA experienced a traceback and reloaded
CSCvu48886	FTD deployment failure when removing non-default "crypto ikev2 limit max-in-negotiation-sa"
CSCvu49625	[PKI] Standard Based IKEv2 Certificate Auth session does second userfromcert lookup unnecessarily
CSCvu55469	FTD - Connection idle timeout doesn't reset
CSCvu55843	ASA traceback after TACACS authorized user made configuration changes
CSCvu61704	ASA high CPU with intel_82576_check_link_thread impacting on overall unit performance
CSCvu65688	IKEv2 CAC "Active SAs" counter out of sync with the real number of sessions despite CSCvt98599
CSCvu68529	Embryonic connections limit does not work consistently
CSCvu70931	Cluster / aaa-server key missing after "no key config-key" is entered
CSCvu72094	ASA traceback and reload on thread name DATAPATH
CSCvu73207	DSCP values not preserved in DTLS packets towards AnyConnect users
CSCvu77095	ASA unable to delete ACEs with remarks and display error "Specified remark does not exist"
CSCvu78721	Cannot change (modify) interface speed after upgrade
CSCvu89110	ASA: Block new conns even when the "logging permit-hostdown" is set & TCP syslog is down
CSCvu90727	Native VPN client with EAP-TLS authentication fails to connect to ASA
CSCvu91097	Cisco Firepower Management Center Software Policy Vulnerability
CSCvu91792	SNMP IfInDiscards OIDs for Internal-Data 0/0 and 0/1 may return incorrect values
CSCvu98222	FTD Lina engine may traceback in datapath after enabling SSL decryption policy
CSCvv04584	Multicast traffic is being dropped with the resson no-mcast-intrf
CSCvv07721	FirePOWER: System>Users>User Roles Pages is blank on Firepower 7000 and Firepower 8000 series
CSCvv07864	Multicast EIGRP traffic not seen on internal FTD interface
CSCvv08244	Firepower module may block trusted HTTPS connections matching 'Do not decrypt' SSL decryption rule
CSCvv08684	Cluster site-specific MAC addresses not rewritten by flow-offload
CSCvv09396	Stale VPN routes for L2TP, after the session was terminated
CSCvv10778	Traceback in threadname DATAPATH (5585) or Lina (2100) after upgrade to 9.12.4
CSCvv12127	Series 3 policy deploy can fail when adding a large number of IPV4 source and destination AC rules.
CSCvv12857	ASA gets frozen after crypto engine failure
CSCvv15572	ASA traceback observed when "config-url" is entered while creating new context
CSCvv16082	stress/low memory: assert: mh->mh_mem_pool > MEMPOOL_UNDEFINED && mh->mh_mem_pool < MEMPOOL_MAX_TYPE
CSCvv19230	ASAv Anyconnect users unexpectedly disconnect with reason: Idle Timeout
CSCvv20450	FMC 6.4 to 6.7 upgrade fails "Error running script 500_rpms/110_generate_dbaccess.sh"
CSCvv23370	Observed traceback in FPR2130 while running webVPN, SNMP related traffic.
CSCvv25394	After upgrade ASA swapped names for disks, disk0 became disk1 and vice versa.
CSCvv25839	reCAPTCHA is not working when SSl decryption is enable.
CSCvv28997	ASA Traceback and reload on thread name Crypto CA
CSCvv29687	Rate-limit syslogs 780001/780002 by default on ASA
CSCvv30172	Intermittently after reboot, ADI can't join KCD
CSCvv31334	Lina traceback and reload seen on trying to switch peer on KP HA with 6.6.1-63
CSCvv31629	Intermittently embedded ping reply over GRE drops on FTD cluster if traffic passes asymmetrically.
CSCvv32333	ASA still doesn't allow to poll internal-data0/0 counters via SNMP in multiple mode
CSCvv32425	ASA traceback when running show asp table classify domain permit
CSCvv34003	snmpwalk for OID 1.3.6.1.2.1.47.1.1.1.1.5 on ISA 3000 returning value of 0 for .16 and .17
CSCvv34140	ASA IKEv2 VTI - Failed to request SPI from CTM as responder
CSCvv36518	ASA: Extended downtime after reload after CSCuw51499 fix
CSCvv36725	ASA logging rate-limit 1 5 message ... limits to 1 message in 10 seconds instead of 5
CSCvv37629	Malformed SIP packets leads to 4k block hold-up till SIP conn timeout causing probable traffic issue
CSCvv40223	Error parsing flash:/LOCAL-CA-SERVER/LOCAL-CA-SERVER.cdb, when trying to modify/read the user-db
CSCvv41453	Removing static ipv6 route from management-only route table affects data traffic
CSCvv43484	ASA stops processing RIP packets after system upgrade
CSCvv44270	ASAv5 reloads without traceback.
CSCvv48942	Snmpwalk showing traffic counter as 0 for failover interface
CSCvv49698	ASA Anyconnect url-redirect not working for ipv6
CSCvv49800	ASA/FTD: HA switchover doesn't happen with graceful reboot of firepower chassis
CSCvv50338	Traceback Cluster unit on snpi_nat_xlate_destroy+2508
CSCvv53696	ASA/FTD traceback and reload during AAA or CoA task of Anyconnect user
CSCvv56644	Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web DoS
CSCvv57590	ASA: ACL compilation takes more time on standby
CSCvv57842	WebSSL clientless user accounts being locked out on 1st bad password
CSCvv58332	ASA/FTD is reading BGP MP_REACH_NLRI attribute's next-hop bytes in reverse order
CSCvv58605	ASA traceback and reload in thread:Crypto CA,mem corruption by unvirtualized pki global table in MTX
CSCvv59036	Static routes deleted from the FMC without user deleting it.
CSCvv59676	Snort2: Implement aggressive pruning for certificate cache for TLS to free up memory
CSCvv62305	ASA traceback and reload in fover_parse when attempting to join the failover pair.
CSCvv63412	ASA dropping all traffic with reason "No route to host" when tmatch compilation is ongoing
CSCvv65184	Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web DoS
CSCvv66005	ASA traceback and reload on inspect esmtp
CSCvv66920	Inner flow: U-turn GRE flows trigger incorrect connection flow creation
CSCvv67500	ASA 9.12 random traceback and reload in DATAPATH
CSCvv70984	ASA traceback while modifying the bookmark SSL Ciphers configuration
CSCvv72466	OSPF network commands go missing in the startup-config after upgrading the ASA
CSCvv73017	Traceback due to fover and ssh thread
CSCvv79897	Block "sensor restart" command for FTD units to prevent Lina crash and system reboot event
CSCvv86926	Unexpected traceback and reload on FTD creating a Core file
CSCvv87232	ASA: High number of CPU hog in igb_saleen_io_sfp_mod_poll_thread process
CSCvv87496	ASA cluster members 2048 block depletion due to "VPN packet redirect on peer"
CSCvv88017	ASA: EasyVPN HW Client triggers duplicate phase 2 rekey causing disconnections across the tunnel
CSCvv90181	No deployment failure reason in transcript if 'show running-config' is running during deployment
CSCvv90720	ASA/FTD: Mac address-table flap seen on connected switch after a HA switchover
CSCvv94701	ASA keeps reloading with "octnic_hm_thread". After the reload, it takes very long time to recover.
CSCvv97877	Secondary unit not able to join the cluster
CSCvw01028	7K/8K devices experience unresponsiveness if upgraded to 6.4.0.[9,10,11] from release prior to 6.4.0
CSCvw05393	Certificate validation syslog is not generated on OCSP revocation check
CSCvw06195	ASA traceback cp_midpath_process_thread
CSCvw07000	Snort busy drops with PDTS Tx queue stuck
CSCvw12008	ASA traceback and reload while executing "show tech-support" command
CSCvw12100	ASA stale VPN Context seen for site to site and AnyConnect sessions
CSCvw19272	Multiple Cisco Products Snort HTTP Detection Engine File Policy Bypass Vulnerability
CSCvw21844	FTD traceback and reload on DATAPATH thread when processing encapsulated flows
CSCvw22881	radius_rcv_auth can shoot up control plane CPU to 100%.
CSCvw22986	Secondary unit stuck in Bulk sync infinitely due to interface of Primary stuck in init state
CSCvw23199	ASA/FTD Traceback and reload in Thread Name: Logger
CSCvw24164	heartbeat false positives
CSCvw24556	TCP File transfer (Big File) not properly closed when Flow offload is enabled
CSCvw24700	FPR2100 ASA running 9.12.4.7 fails to boot with ERROR: FIPS Self-Test failure, fipsPostGFSboxKat
CSCvw26171	ASA syslog traceback while strncpy NULL string passed from SSL library
CSCvw26331	ASA traceback and reload on Thread Name: ci/console
CSCvw26544	Cisco ASA and FTD Software SIP Denial of Service Vulnerability
CSCvw27301	IKEv2 with EAP, MOBIKE status fails to be processed.
CSCvw28894	SFDataCorrelator slow startup and vuln remap due to duplicate entries in vuln tables
CSCvw31254	User with shell set to /bin/false on 8350 sensor causes deployment failure
CSCvw31569	Director/Backup flows are left behind and traffic related to this flow is blackholed
CSCvw32518	ASASM traceback and reload after upgrade up to 9.12(4)4 and higher
CSCvw33987	ASAv/2100 Smart License failure post upgrade
CSCvw36662	TACACS+ ASCII password change request not handled properly
CSCvw37259	VPN syslogs are generated at a rate of 600/s until device goes into a hang state
CSCvw41728	Unable to configure syslog via CLI on FTD
CSCvw42999	9.10.1.11 ASA on FPR2110 traceback and reloads randomly
CSCvw43486	ASA/FTD Traceback and reload during PBR configuration change
CSCvw43534	A Null pointer dereference vulnerability exists in Mozilla Network S ...
CSCvw43543	The inflateMark function in inflate.c in zlib 1.2.8 might allow cont ...
CSCvw43586	A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7 ...
CSCvw43615	An issue was discovered in GnuTLS before 3.6.15. A server can trigge ...
CSCvw44122	ASA: "class-default" class-map redirecting non-DNS traffic to DNS inspection engine
CSCvw46702	FTD Cluster secondary units fail to join cluster due to application configuration sync timeout
CSCvw47321	IPSec transport mode traffic corruption for inbound traffic for some FPR platforms
CSCvw48517	DAP stopped working after upgrading the ASA to 9.13(1)13
CSCvw49531	Applications are being misclassified after VDB upgrade.
CSCvw51462	IPv4 Default Tunneled Route Rejected
CSCvw51950	FPR 4K: SSL trust-point removed from new active ASA after manual Failover
CSCvw51985	ASA: AnyConnect sessions cannot be resumed due to ipv6 DACL failure
CSCvw52098	Upgrade to 6.4.0.11 fails at 800_post/901_reapply_sensor_policy.pl on standby 2120
CSCvw52609	Cisco ASA and FTD Software Web Services Buffer Overflow Denial of Service Vulnerability
CSCvw53255	FTD/ASA HA: Standby Unit FXOS is still able to forward traffic even after failover due to traceback
CSCvw53427	ASA Fails to process HTTP POST with SAML assertion containing multiple query parameters
CSCvw53796	Cisco ASA and FTD Web Services Interface Cross-Site Scripting Vulnerability
CSCvw53884	M500IT Model Solid State Drives on ASA5506 may go unresponsive after 3.2 Years in service
CSCvw54640	FPR-4150 - ASA traceback and reload with thread name DATAPATH
CSCvw54802	Revocation check fails to move to none after ocsp check fails due to server being unavailable
CSCvw58414	Name of anyconnect custom attribute of type dynamic-split-exclude-domains is changed after reload
CSCvw58865	sftunnel TLS handshake should not include NewSessionTicket
CSCvw59035	Connection issues to directly connected IP from FTD BVI address
CSCvw60177	Standby/Secondary cluster unit might crash in Thread Name: fover_parse and "cluster config sync"
CSCvw62526	ASA traceback and reload on engineering ASA build - 9.12.3.237
CSCvw62820	memcached 1.5.6 or higher update
CSCvw63862	ASA: Random L2TP users cannot access resources due to stale ACL filter entries
CSCvw71766	ASA traceback and reload in Thread: Ikev2 Daemon
CSCvw74495	Application detection fails for FTP service when an unsuccessful login is encountered.
CSCvw74940	ASA traceback in IKE Daemon and reload
CSCvw79208	Incorrect URL normalization when "http://" substring is at a latter stage in the input string
CSCvw79294	sftunnel logging huge number of logs to messages file
CSCvw81322	FTD running multi-instance mode gets snort GID 3 rules disabled after SRU install and deploy
CSCvw81897	ASA: OpenSSL Vulnerability CVE-2020-1971
CSCvw82629	ASA Tracebacks when making "configuration session" changes regarding an ACL.
CSCvw83572	BVI HTTP/SSH access is not working in versions 9.14.1.30 or above
CSCvw84339	Managed device backup fails, for FTD, if hostname exceeds 30 characters
CSCvw85377	URL is not updated in the access policy URL filtering rule
CSCvw87788	ASA traceback and reload webvpn thread
CSCvw89365	ASA/FTD may traceback and reload during certificate changes.
CSCvw93272	Cisco Firepower Management Center Software Cross-Site Scripting Vulnerability
CSCvw93282	Cisco Firepower Management Center Software Cross-Site Scripting Vulnerability
CSCvw93513	Cisco Firepower Management Center Software Cross-Site Scripting Vulnerability
CSCvw95301	ASA traceback and reload with Thread name: ssh when capture was removed
CSCvw96295	Unable to add Route Tracking to static route in FMC 6.4.0.10
CSCvw96488	Traceback in inspect_h323_ras+1810
CSCvw97821	ASA: VPN traffic does not pass if no dACL is provided in CoA
CSCvw98840	ASA: dACL with no IPv6 entries is not applied to v6 traffic after CoA
CSCvx01381	FMC GUI year drop-down list for Manual Time set up only listing until 2020
CSCvx02869	Traceback in Thread Name: Lic TMR
CSCvx03764	Offload rewrite data needs to be fixed for identity nat traffic and clustering environment
CSCvx04057	When SGT name is unresolved and used in ACE, line is not being ignored/inactive
CSCvx04643	ASA reload is removing 'content-security-policy' config
CSCvx05381	Cisco ASA and FTD Software Command Injection Vulnerability
CSCvx05956	High snort cpu usage while copying navl attribute
CSCvx08734	ASA: default IPv6/IPv4 route tunneled does not work
CSCvx11295	ASA may traceback and reload on thread Crypto CA
CSCvx11460	Firepower 2110 silently dropping traffic with TFC enabled on the remote end
CSCvx13694	ASA/FTD traceback in Thread Name: PTHREAD-4432
CSCvx15040	DHCP Proxy Offer is getting drop on the ASA/FTD
CSCvx16202	self referenced object pushed from FMC results in lina crash with error - loop in grp hierarchy
CSCvx17664	ASA may traceback and reload in Thread Name 'webvpn_task'
CSCvx17785	Crash seen consistently by adding/removing acl & entering into route-map command
CSCvx20352	Snort PDTS buffer corruption during upgrade or heavy traffic load
CSCvx26286	IPV6 address was marked as duplicate on both units and ipv6 Traffic was stopped after the failover.
CSCvx26808	FTD traceback and reload on process lina on FPR2100 series
CSCvx27430	ASA: Unable to import PAC file if FIPS is enabled.
CSCvx29771	Firewall CPU can increase after a bulk routing update with flow offload
CSCvx30314	ASA 9.15.1.7 traceback and reload in ssl midpath
CSCvx41171	Concurrent modification of ACL configuration breaks output of "show running-config" completely
CSCvx42197	ASA EIGRP route stuck after neighbour disconnected
CSCvx44401	FTD/ASA traceback in Thread Name : Unicorn Proxy Thread
CSCvx48490	SSL Decrypted https flow EOF events showing 'Initiator/Responder' Packets as 0
CSCvx50366	Traceback in Thread Name: fover_health_monitoring_thread
CSCvx51860	Failed lookups due to license check when the sensor URL lookup is enabled in 6.4.0.x
CSCvx52122	ASA traceback and reload in SNMP Notify Thread while deleting transparent context
CSCvx59120	COA Received before data tunnel comes up results in tear down of parent session
CSCvx71434	ASA/FTD Traceback and reload in Thread Name: pix_startup_thread due to asa_run_ttyS0 script
CSCvx74035	ASA traceback and reload after run "clear configure all" with multiple ACLs and objects configured
CSCvy09252	Syncd exits repeatedly on secondary FMC in 6.4.0.12-97 FMC-HA pair

Version 6.4.0.11 Resolved Issues

Table 5. Version 6.4.0.11 Resolved Issues
Bug ID	Headline
CSCvv59788	Lina traceback on 21xx following upgrade from 6.4.0.8 to 6.4.0.9
CSCvw42241	CRL command missing on FP1k

Version 6.4.0.10 Resolved Issues

Table 6. Version 6.4.0.10 Resolved Issues
Bug ID	Headline
CSCuw95798	Cisco Firepower Management Center Software Cross-Site Scripting Vulnerabilities
CSCuz24872	Original Client IP does not populate for dropped events when inline normalization enabled
CSCvh19161	ASA/FTD traceback and reload in Thread Name: SXP CORE
CSCvi46896	FeedDownloader should not update status to Downloading after download is complete
CSCvj93609	ASA traceback on spin_lock_release_actual
CSCvm69545	Multiple Cisco Products SNORT HTTP Detection Engine File Policy Bypass Vulnerability
CSCvn27043	Hostscan: LastSuccessfulInstallParams can not be detected by Hostscan
CSCvn78076	Firepower:Misleading stats w.r.t "Memory Usage" being displayed under System->Monitoring->Statistics
CSCvo26597	CLI Banner not seen on FTD
CSCvo59683	Large number of stale Objects in EOAttributes table results in high CPU/backup failure
CSCvp45786	Not able to upload the STIX or Flat File Manually under Threat Intelligence Director
CSCvp56719	Cisco FMC and FTD Software sftunnel Pass the Hash Vulnerability
CSCvp56744	Cisco FMC and FTD Software Directory Traversal Vulnerability
CSCvp76950	FTD Traceback and Reload on Lina thread for thread_logger
CSCvp99327	FMC UI Unresponsive After Attempt To Register Smart License With Smart Satellite
CSCvq04619	FTD ftd_sftunnel core is generated after upgrading from 6.4.0
CSCvq11282	Cisco Firepower Management Center Software Denial of Service Vulnerability
CSCvq20707	Snort rendering block verdict for rules with action of alert.
CSCvq43920	Cisco Firepower Threat Defense Software Hidden Commands Vulnerability
CSCvq46587	After failover, Active unit tcp sessions are not removed when timeout reached
CSCvq53902	Cisco Firepower Management Center Multiple Cross-Site Scripting Vulnerabilities
CSCvq63653	FTD may crash when processing fragmented packets
CSCvq95694	Memory leak SSL_ALLOC [ERROR] ssl_alloc.c:113:ssl_alloc_destroy()
CSCvr27584	Estreamer process queries wrong database for rna_policy_rules table and causes excessive logging
CSCvr46901	Analysis Connection Events doesn't show and report all the events in UI
CSCvr49229	FMC high CPU utilization in sfmbservice
CSCvr51955	Estreamer should terminate a connection when not receiving ACKs for a long time
CSCvr53058	Cisco Firepower Threat Defense Software TCP Intercept Bypass Vulnerability
CSCvr55741	FMC shows policies out of date after successful deploy
CSCvr57051	Policy deployment failed with error "Can't use an undefined value as a HASH reference "
CSCvr63851	SSH via External Auth to NGIPS succeeds then closes immediately
CSCvr66798	DNS Application Detector sometimes fails to detect DNS traffic
CSCvr76029	FTD-HA: after restoring FTD-HA backup file, snort process will be down
CSCvr76044	FTD Snort Rule Profiling does not work consistently - log folder is missing
CSCvr79974	Configuration might not replicated if packet loss on the failover Link
CSCvr86016	FMC connections to v3.sds.cisco.com are bypassing proxy
CSCvr94406	Cannot download TAXII feeds in Intelligence Sources v6.2.3 -> v6.4.0.4 on either HTTP or HTTPS
CSCvr99222	NTP configuration is not synchronized to LINA on Multi Instance
CSCvs01422	Lina traceback when changing device mode of FTD
CSCvs05066	Snort file mempool corruption leads to performance degradation and process failure.
CSCvs09533	FP2100: Traceback and reload when processing traffic through more than two inline sets
CSCvs10748	Cisco ASA Software and FTD Software Web Services Denial of Service Vulnerability
CSCvs21705	admin user is not authorized to access the device routing configuration inside the domain.
CSCvs24215	Firepower Device Manager (FDM) option to disable SSL rekey is not reflected on the config
CSCvs28290	Cisco Firepower Threat Defense Software SSL Input Validation Denial of Service Vulnerabili
CSCvs39253	Firepower 7000 & 8000 cannot sent emails on version 6.4
CSCvs41883	Deployment fails after upgrading to 6.4.0.x if ND policy refs are missing
CSCvs49104	Network Discovery Policy rules are ignored if it uses network groups
CSCvs50137	Same Security Zone used in ACP rule is Not pushed to NGFW rules
CSCvs50931	Policy deployment fails subsequent to SRU
CSCvs56802	Cisco Firepower 2100 Series SSL/TLS Inspection Denial of Service Vulnerability
CSCvs56888	Cisco Firepower Threat Defense Software TCP Flood Denial of Service Vulnerability
CSCvs64510	Deployment failure with message (Can't call method "binip" on unblessed reference)
CSCvs71766	Cisco Firepower Management Center Software Open Redirect Vulnerability
CSCvs74452	SFDatacorrelator and Snort process cores repeatedly while loading malware seed file
CSCvs74586	Firepower FTD transparent does not decode non-ip packets
CSCvs77334	FTD failover due to error "Inspection engine in other unit has failed due to snort and disk failure"
CSCvs82829	Calls fail once anyconnect configuration is added to the site to site VPN tunnel
CSCvs87168	SNORT Fatal Error due to out of range interface ID
CSCvs91270	Inspect Interruption - Error in deployment page.
CSCvt00113	ASA/FTD traceback and reload due to memory leak in SNMP community string
CSCvt01763	Application classification is not retried if a flow is marked brute force failed.
CSCvt02409	Cisco Firepower Threat Defense Software Inline Pair/Passive Mode DoS Vulnerability
CSCvt03598	Cisco ASA Software and FTD Software Web Services Read-Only Path Traversal Vulnerability
CSCvt03794	Policy deployment failure after SRU update on FTD with passive zone
CSCvt04377	When vlan encapsulation is exceeded decoding errors are depleting disk space.
CSCvt04535	Allow 30-seconds of NFE microengine missing heartbeat faults before engaging error recovery
CSCvt04560	SCTP heartbeats failing across the firewall in Cluster deploymnet.
CSCvt09940	Cisco Firepower 4110 ICMP Flood Denial of Service Vulnerability
CSCvt13445	Cisco ASA and FTD Software FTP Inspection Bypass Vulnerability
CSCvt16642	FMC not sending some audit messages to remote syslog server
CSCvt18028	Cisco ASA and FTD WebVPN CRLF Injection Vulnerability
CSCvt20709	Wrong direction in SSL-injected RESET causes it to exit through wrong interface, causing MAC flap
CSCvt24328	FTD: Traceback and reload related to lina_host_file_open_raw function
CSCvt26067	Active FTP fails when secondary interface is used on FTD
CSCvt28182	sctp-state-bypass is not getting invoked for inline FTD
CSCvt35053	Cisco Firepower Management Center Software Cross-Site Scripting Vulnerabilities
CSCvt35233	Excessive logging from the daq modules process_snort_verdict verdict blacklist
CSCvt35897	Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software DoS Vuln
CSCvt39135	snort instances CPU spikes to >90% at low non-SSL traffic with SSL policy applied
CSCvt39349	Registration of device should be allowed as long as deploy status = DEPLOYED or FAILED
CSCvt41333	Dynamic RRI route is not destroyed when IKEv2 tunnel goes down
CSCvt45863	Crypto ring stalls when the length in the ip header doesn't match the packet length
CSCvt48941	FTD Standby unit does not join HA due to "HA state progression failed due to APP SYNC timeout"
CSCvt50263	FMC Unable to fetch VPN troubleshooting logs from WM Model devices
CSCvt50946	Stuck uauth entry rejects AnyConnect user connections despite fix of CSCvi42008
CSCvt52782	ASA traceback Thread name - webvpn_task
CSCvt54267	Cisco Firepower Management Center Software Denial of Service Vulnerability
CSCvt59015	KP IOQ driver. Add defensive parameter and state checks.
CSCvt59253	ASA 9.13.1.7 traceback and reload while processing hostscan data (process name LINA )
CSCvt60190	Cisco ASA and FTD Web Services File Upload Denial of Service Vulnerability
CSCvt61370	Events may stop coming from a device due to a communication deadlock
CSCvt63556	Local User Password not updating in 6.4.0.9
CSCvt64270	ASA is sending failover interface check control packets with a wrong destination mac address
CSCvt64642	FMC -Deployment Failure- Anyconnect - "Certificate Map" using "DC (Domain Component)" to match cert.
CSCvt66136	6.4.0.9 upgrade from 6.4.0 with CC mode causes httpsd.conf to have an incorrect config
CSCvt66351	NetFlow reporting impossibly large flow bytes
CSCvt66875	AppId caches proxy IP instead of tunneled IP for ultrasurf
CSCvt68131	FTD traceback and reload on thread "IKEv2 Mgd Timer Thread"
CSCvt70322	Cisco ASA Software and FTD Software Web Services Denial of Service Vulnerability
CSCvt73806	FTD traceback and reload on FP2120 LINA Active Box. VPN
CSCvt73808	Handling for longer header length messages going from DAQ to Oct driver
CSCvt75241	Redistribution of VPN advertised static routes fail after reloading the FTD on FPR2100
CSCvt78068	Time sync do not work correctly for FTD on FP1000/1100 series platform
CSCvt79777	duplicate ip addresses in sfipproxy.conf
CSCvt81628	False positives for ultrasurf
CSCvt83121	Cisco ASA and FTD Software OSPFv2 Link-Local Signaling Denial of Service Vulnerability
CSCvt86188	SNMP traps can't be generated via diagnostic interface
CSCvt93142	ASA should allow null sequence encoding in certificates for client authentication.
CSCvt95517	Certificate mapping for AnyConnect on FTD stops working.
CSCvu01039	Traceback: Modifying FTD inline-set tap-mode configuration with active traffic
CSCvu08013	DTLS v1.2 and AES-GCM cipher when used drops a particular size packet frequently.
CSCvu08422	Cisco Firepower Threat Defense Software Multi-Instance Container Escape Vulnerability
CSCvu12684	HKT - Failover time increases with upgrade to 9.8.4.15
CSCvu15801	Cisco ASA and FTD Software SIP Denial of Service Vulnerability
CSCvu25030	FTD 6.4.0.8 traceback & reload on thread name : CP processing
CSCvu30134	High unmanaged disk usage on /ngfw due to logrotate and missing /var/spool/cron/root directory.
CSCvu38795	FTD firewall unit cannot join the cluster after a traceback due to invalid interface GOID entry
CSCvu42434	ASA: High CPU due to stuck running SSH sessions / Unable to SSH to ASA
CSCvu43355	FTD Lina traceback in datapath due to double free
CSCvu44910	Cisco ASA Software and FTD Software Web Services Cross-Site Scripting Vulnerability
CSCvu46685	Cisco ASA and FTD Software SSL/TLS Session Denial of Service Vulnerability
CSCvu47925	Cisco ASA and FTD IP Fragment Memory Leak Vulnerability
CSCvu48285	ASA configured with TACACS REST API: /cli api fail with "Command authorization failed" message
CSCvu53258	FMC pushes certificate map incorrectly to lina
CSCvu57834	syslog-ng process utilizing 100% CPU
CSCvu59817	Cisco ASA and FTD Software SSL VPN Direct Memory Access Denial of Service Vulnerability
CSCvu60923	Editing the IP in a Radius Server Group object results in unintended values for the IP address
CSCvu63458	FPR2100: Show crash output on show tech does not display outputs from most recent tracebacks
CSCvu66119	URL rules are incorrectly promoted on series 3 resulting in traffic matching the wrong rule.
CSCvu70529	Binary rules (SO rules) are not loaded when snort reloads
CSCvu72658	AnyConnect Connected Client IPs Not Advertised into OSPF Intermittently
CSCvu75581	Cisco ASA and FTD Web Services Interface Cross-Site Scripting Vulnerabilities
CSCvu75594	FTD: Traceback and reload when changing capture buffer options on a already applied capture
CSCvu75615	Cisco ASA Software and FTD Software WebVPN Portal Access Rule Bypass Vulnerability
CSCvu80370	Cisco Firepower Threat Defense Software SNMP Denial of Service Vulnerability
CSCvu82743	Encoded Rule Plugin SID: value, GID: 3 not registered properly. Disabling this rule
CSCvu83178	Dynamic routing protocols summary route not being replicated to standby
CSCvu83309	Cisco ASA and FTD Web Services Interface Cross-Site Scripting Vulnerabilities
CSCvu91105	High unmanaged disk usage on /ngfw due to large process_stdout.log file
CSCvu98197	HTTPS connections matching 'Do not decrypt' SSL decryption rule may be blocked
CSCvv09944	Lina Traceback during FTD deployment when WCCP config is being pushed
CSCvv13835	Cisco ASA and FTD Web Services Interface Cross-Site Scripting Vulnerabilities
CSCvv13993	Cisco Firepower 1000 Series Bleichenbacher Attack Vulnerability
CSCvv16245	Cisco Firepower Management Center Software Common Access Card Authentication Bypass Vuln
CSCvv33712	Cisco ASA Software Web-Based Management Interface Reflected Cross-Site Scripting Vulnerabi
CSCvv40916	3 min delay caused by AbstractBaseDeploymentValidationHandler.validatePreApply during deploy.
CSCvv44051	Cluster unit traceback on snp_cluster_forward_and_free_packet due to GRE/IPiniP passenger flows
CSCvv50107	FTD Traceback and reload while trying to switch peer on HA
CSCvv52591	DMA memory leak in ctm_hw_malloc_from_pool causing management and VPN connections to fail
CSCvv58604	Reset not sent when traffic matches AC-policy configured with block/reset and SSL inspection
CSCvv70096	Snort 2: Memory Leak in SSL Decrypt & Resign Processing
CSCvv77910	FQDN rules do not work on 1k platforms
CSCvv98534	Failed upgrade does not create audit messages in syslog
CSCvw48033	Changes to SNMPv3 authentication & privacy passwords in SNMP alerts not taking immediate effect

Version 6.4.0.9 Resolved Issues

Table 7. Version 6.4.0.9 Resolved Issues
Bug ID	Headline
CSCvi34123	ENHancement: Cannot add DNS lists that contain _ at the beginning of the list.
CSCvj00997	"show open-network-ports" not showing the proper infomration on FP4100 Series
CSCvm77115	Lina Traceback due to invalid TSC values
CSCvo31790	Cisco Firepower Threat Defense Software Management Interface DoS Vulnerability
CSCvo76866	Traceback on 2100 - watchdog
CSCvo80853	Cisco Firepower Threat Defense Software Packet Flood Denial of Service Vulnerability
CSCvp57643	FTD/ASA - Cluster/HA - Master/Active unit does not update all the route changes to Slaves/Standby
CSCvp63814	FTD - Inner Flow: Carrier id flow lookup enhancement
CSCvp90847	Refresh Root CAs that SSL uses for resigning in FTD/FMC
CSCvp93468	Cisco ASA Software and Cisco FTD Software SSL VPN Denial of Service Vulnerability
CSCvp99930	deployment failure with sftunnel exception while primary active.
CSCvq09357	Unrestricted File Upload in FMC -Backup Management - Upload Backup
CSCvq10500	captures of both CLISH and LINA doesn't work with IPv6 address
CSCvq24258	Increase number of worker for mojo-server on large appliances
CSCvq35440	Upgrade Enhancements to STRAP verification for anyconnect - Cisco VPN session replay vulnerability
CSCvq38889	slib memory manager : mempool mutex vs spinlock selection
CSCvq39344	Firepower managed devices may stop responding to SNMPv3 GET/WALK requests
CSCvq61601	OpenSSL vulnerability CVE-2019-1559 on FTD
CSCvq71351	FMC:Page stuck when editing inline sets
CSCvq79913	ICMP error packets being dropped for Null pdts_info
CSCvq89361	Cisco Firepower 1000 Series SSL/TLS Denial of Service Vulnerability
CSCvq89794	FDM - user downloads not working with LDAPS
CSCvq93572	Unable to add user on FTD using external authentication
CSCvq93669	Cisco Firepower Threat Defense Software SSL/TLS URL Category Bypass Vulnerability
CSCvq96495	Console connection for FPR2100 is disconnected randomly about 20 minutes.
CSCvr07460	ASA traceback and reload related to crypto PKI operation
CSCvr09468	ASA traceback and reload for the CLI "Show nat pool"
CSCvr13278	PPPoE session not coming up after reload.
CSCvr17735	SFDataCorrelator high CPU during SI update
CSCvr19922	Cluster: BGP route may go in out of sync in some scenarios
CSCvr20449	Policy deployment is reported as successful on the FMC but it is actually failed
CSCvr20893	FTD in HA pair crashes in ids_event_proce process after policy deployment
CSCvr21803	Mac address flap on switch with wrong packet injected on ingress FTD interface
CSCvr30694	FMC : FMC detect HA Sync Failed
CSCvr33586	FPR1010 - Add temperature/warnings for SSD when thresholds are exceeded
CSCvr35125	Packet loss over failover link triggers Split-Brain
CSCvr39556	Segfault in libclamav.so (in the context of SFDataCorrelator)
CSCvr42344	Traceback on snp_policy_based_route_lookup when deleting a rule from access-list configured for PBR
CSCvr49833	Cisco Firepower 2100 Series Security Appliances ARP Denial of Service Vulnerability
CSCvr51998	ASA Static route disappearing from asp table after learning default route via BGP
CSCvr54250	Many user_ip_map files even though no realm is configured
CSCvr54980	FPR2100: Power doesn't turn off after turned off the power button on back of chassis
CSCvr56031	FTD/LINA Traceback and reload observed in thread name: cli_xml_server
CSCvr72665	FMC upgrading to 6.3/6.4 shouldn't remove existing deprecated flexconfig
CSCvr73115	Initial FTD Deploy After Policy Import causes Unused Objects which bloat policy size
CSCvr78166	Deployment failed on FTD with reason "failed to retrieve running configuration"
CSCvr79008	Session processing delay from FMC wastefully querying all Directory Servers normalizing bad username
CSCvr86213	CD is required to ignore Cluster-Msg-Delivery-Confirmation in Cluster Node Release Lina State
CSCvr90768	FTD: Deployment through slow links may fail
CSCvr90965	FTDv Deployment in Azure causes unrecoverable traceback state due to no dns domain-lookup any"
CSCvr92168	Cisco ASA and Cisco FTD Software OSPF Packets Processing Memory Leak Vulnerability
CSCvr92327	ASA/FTD may traceback and reload in Thread Name 'PTHREAD-1533'
CSCvr92617	NPE in SecurityIntelligenceEoConvertor causes Lucene indexing failure
CSCvr93978	ASA traceback and reload on Thread DATAPATH-0-2064
CSCvr96527	FMC existing rule error while adding new rule
CSCvs00023	port manager crashes with "shutdown" command from clish CLI
CSCvs01422	Lina traceback when changing device mode of FTD
CSCvs03023	Clustering module needs to skip the hardware clock update to avoid the timeout error and clock jump
CSCvs04067	Not able to access FMC devices with Chrome on Mac after upgrade to Catalina.
CSCvs06043	TunnelClient for CSM_CCMservice on ngfwManager not reading ACK sent from CSM_CCM service on FMC
CSCvs07668	FTD traceback and reload on thread DATAPATH-1-15076 when SIP inspection is enabled
CSCvs07982	ASA TRACEBACK: sctpProcessNextSegment - SCTP_INIIT_CHUNK
CSCvs10443	6.5 CloudEvent code writes config files in a way that 6.4 code does not understand
CSCvs10526	Throttle SSE Attempts on FTDs
CSCvs12288	Snort unexpectedly exits with SSL policy enabled and debug_policy_all
CSCvs15276	ERROR: entry for ::/0 exists when configuring ipv6 icmp
CSCvs15972	Network Performance Degradation when SSL policy is enabled
CSCvs19968	Fix consoled from getting stuck and causing HA FTD policy deployment errors.
CSCvs22503	eStreamer repeatedly exits after "Failed to deserialize policy event"
CSCvs23750	6.4.0.4 FMC WebUI cannot create a Series-3 stack (Cannot select primary device)
CSCvs25607	addition of netmap_num to constraints causes performance degradation
CSCvs28094	Receiving error 403 when editing User Preferences on FP8000 sensors
CSCvs28580	Traceback when processing SSL traffic under heavy load
CSCvs29405	Snort handles traffic as Tagged, when CMD field does not exist in Frame
CSCvs32303	SNMP polling fails on Standby FMC as the snmpd process is in Waiting state
CSCvs33416	Upgrade kernel to cpe:2.3:o:linux:linux_kernel:4.14.158:
CSCvs34844	pm process becomes randomly deadlocked when communicating with hardware.
CSCvs34854	FMC generates referred interfaces cli delta after access-list cli delta
CSCvs37013	Prevent octeon_init from getting stuck and causing HA FTD policy deployment errors.
CSCvs39388	FTD not sending system syslog messages in CC mode
CSCvs40531	AnyConnect 4.8 is not working on the FPR1000 series
CSCvs45111	WR6 and WR8 commit id update in CCM layer(sprint 75)
CSCvs47201	GET ALL for devicerecords we get "isPartOfContainer": false for devices part of HA and cluster
CSCvs47252	ASA traceback and reload when running command "clear capture /"
CSCvs50459	Cisco ASA and Cisco FTD Malformed OSPF Packets Processing Denial of Service Vulnerability
CSCvs50952	Upgrade of 6.4.0.4-34 to 6.4.0.6 is deleting Static Route
CSCvs59056	ASA/FTD Tunneled Static Routes are Ignored by Suboptimal Lookup if Float-Conn is Enabled
CSCvs61392	On firepower devices, hardware rules are not updated after successful policy deployment
CSCvs79023	ASA/FTD Traceback in Thread Name: DATAPATH due to DNS inspection
CSCvs80157	ASA Traceback Thread Name: IKE Daemon
CSCvs80536	FP41xx incorrect interface applied in ASA capture
CSCvs91389	FTD Traceback Lina process
CSCvs91869	FPR-1000 Series Random Number Generation Error
CSCvs98634	catalina.<date>.log files can consume all disk space in their partition
CSCvt01397	Deployment is marked as success although LINA config was not pushed
CSCvt10097	logs about SF_Egress_Zone/SF_Ingress_Zone is empty even though security zones have interfaces
CSCvt15163	Cisco ASA and FTD Software Web Services Information Disclosure Vulnerability
CSCvt21041	FTD Traceback in thread 'ctm_ipsec_display_msg'
CSCvt33785	IPSec SAs are not being created for random VPN peers
CSCvt46830	FPR2100 'show crypto accelerator statistics' counters do not track symmetric crypto
CSCvt79988	Policy deployment failure due to snmp configuration after upgrading FMC to 6.6
CSCvt93177	Disable Full Proxy to Light Weight Proxy by Default. (FP2LWP) on FTD Devices

Version 6.4.0.8 Resolved Issues

Table 8. Version 6.4.0.8 Resolved Issues
Bug ID	Headline
CSCul34972	DHCP Client Proxy doesn't disable after FO units are flipped
CSCva36446	ASA Stops Accepting Anyconnect Sessions/Terminates Connections Right After Successful SSL handshake
CSCvd33448	fireamp.pl using 100% Cpu after restore backup.
CSCvh75756	Duplicate preprocessor keyword: ssl
CSCvk55766	Try to assign devices to platform settings policy list of devices randomly disappear under policy
CSCvm85823	Not able to ssh, ssh_exec: open(pager) error on console
CSCvo74833	High unmanaged disk space on Firepower devices due to untracked files
CSCvp04134	Traceback in HTTP Cli Exec when upgrading to 9.12.1
CSCvp06526	Manage the sfhassd thread CPU affinity to match the Snort CPU affinity
CSCvp39970	/var/opt/CSCOpx/MDC/tomcat/log/stdout.logs writing excessive log messages which may fill the disk
CSCvp70833	ASA/FTD: Twice nat Rule with same service displaying error "ERROR: NAT unable to reserve ports"
CSCvp81083	ASA/Lina Traceback related to TLS/VPN
CSCvq10239	With SSL HW acceleration enabled, FTD TCP Proxy tears down the connection after 3 retransmissions
CSCvq14954	Slave unit having mgmt-only can't join to cluster
CSCvq29969	Firepower Recommendations rule count changes even when not regenerated
CSCvq34160	traceback and reload when establishing ASDM connection to fp1000 series platform
CSCvq43453	Overrides cannot be added for port object if it is used in variable sets in sub domains
CSCvq45105	ENH: Add "Management-access" to FDM flex-config CLI and a CLI-console API issue via SSE/CDO
CSCvq46587	After failover, Active unit tcp sessions are not removed when timeout reached
CSCvq50587	ASA/FTD may traceback and reload in Thread Name 'BGP Router'
CSCvq51284	FPR 2100, low block 9472 causes packet loss through the device.
CSCvq56257	Cached malware disposition does not always expire as expected
CSCvq67271	Retrieving an specfic rule by ID of a child Access Policy returns a 404 : Not Found status.
CSCvq73534	Cisco ASA Software Kerberos Authentication Bypass Vulnerability
CSCvq73599	Cisco VPN session replay vulnerability : STRAP fix on ASA for SSL(OpenSSL 1.0.2) and SCEP proxy
CSCvq75634	Management interface configuration leads to immediate traceback and reload
CSCvq76198

Cisco Firepower Release Notes, Version 6.4.0 Patches

Bias-Free Language

Book Title

Cisco Firepower Release Notes, Version 6.4.0 Patches

Chapter Title

Resolved Issues

Results

Chapter: Resolved Issues

Resolved Issues

Resolved Issues in New Builds

Version 6.4.0.14 Resolved Issues

Version 6.4.0.13 Resolved Issues

Version 6.4.0.12 Resolved Issues

Version 6.4.0.11 Resolved Issues

Version 6.4.0.10 Resolved Issues

Version 6.4.0.9 Resolved Issues

Version 6.4.0.8 Resolved Issues