CSCtx83747
|
Syslog 718055 contains wrongly formatted MAC address
|
CSCui74211
|
Expired DHCP-Client leases not purged on ASA-standby unit
|
CSCuj60109
|
ENH: SFP transceivers attached to ASA-IC-6GE-SFP-A are not shown by
CLI
|
CSCuj99176
|
Make ASA-SSM cplane keepalives more tolerable to communication
delays
|
CSCun74870
|
ASA IKEv2: NO-PROPOSAL-CHOSEN sent instead of TS_UNSUPPORTED
|
CSCuq47482
|
ENH: ASA show tech should include "show module x
detail"
|
CSCut44164
|
ASA: Add additional crypto stats to "show tech"
|
CSCuu60064
|
ENH: ASAv show tech should include "show vm"
|
CSCuu84198
|
DHCPRelay debugs should highlight invalid parameters from DHCP
server
|
CSCuw51499
|
TCM doesn't work for ACE addition/removal, ACL
object/object-group edits
|
CSCuy53106
|
ASA OS incorrectly calculates certificate expiry date in Syslog
717054
|
CSCvb92169
|
ASA should provide better fragment-related logs and ASP drop
reasons
|
CSCvc40724
|
Invalid group URL causes improperly formatted message back to
AnyConnect
|
CSCvf88062
|
CTM: Nitrox S/G lengths need to be validated
|
CSCvg59385
|
ASA scansafe connector takes too long to failover to secondary CWS
Tower
|
CSCvg69380
|
ASA - rare cp processing corruption causes console lock
|
CSCvg73237
|
ENH: Configure CAC as an absolute value as well instead of just
percentage of total VPN capacity.
|
CSCvh30209
|
Traceback in mfib_idb_get when toggling multicast on/off
repeatedly
|
CSCvh85504
|
"Backlog Status" health module false negative alerts
|
CSCvi07901
|
CISCO-REMOTE-ACCESS-MONITOR-MIB crasIPSecNumSessions is zero on ASA
for IKEv2 AnyConnect
|
CSCvi85020
|
Order of SSH configuration generates "SSH version 1 is not
secure." error messages at boot
|
CSCvk51778
|
"show inventory" (or) "show environment" on ASA
5515/5525/5545/5555 shows up Driver/ioctl error logs
|
CSCvm15088
|
ENH: Add PSU details in "show environment" for ASA5525
|
CSCvm78605
|
ASA Failover: 'show interface tunnel' shows tunnel source as
standby IP address
|
CSCvm82290
|
ASA core blocks depleted when host unreachable in IRB/TFW
configuration
|
CSCvm98585
|
CPU hog from idfw module observed in 5525 FTD
|
CSCvn12453
|
Implement debug menu command to show RX ring number a flow is hashed
to
|
CSCvn16864
|
ENH: Missing Content-Security-Policy Header in ASA HTTP WebVPN
portal
|
CSCvn16877
|
ENH: Missing X-Content-Type-Options Header in ASA HTTP WebVPN
portal
|
CSCvn16887
|
ENH: Missing X-XSS-Protection Header in ASA HTTP WebVPN portal
|
CSCvn64647
|
ASA traceback and reload due to tcp_retrans_timeout internal thread
handling
|
CSCvn82441
|
[SXP] Issue with establishing SXP connection between ASA on FPR-2110
and switches
|
CSCvn93683
|
ASA: cluster exec show commands not show all output
|
CSCvn95731
|
ASA traceback and reload on Thread Name SSH
|
CSCvo11623
|
ASAv/Azure: Smart Licensing does not use hostname from custom
template for registration
|
CSCvo12504
|
ASA: Failover fsm gets stuck in a multicontext in case of module
difference.
|
CSCvo33227
|
BusyBox udhcp Components Out-of-Bounds Read Information Disclosure
Vul
|
CSCvo33896
|
snmpd(): insufficient memory to handle queries
|
CSCvo34210
|
ASA running 9.6.4.20 Traceback in threadname Unicorn Proxy Thread
|
CSCvo58030
|
Failover mac address configured on interface does not allow to delete
subinterface
|
CSCvo64516
|
ASA fails command authorization if tcp syslog is down.
|
CSCvo68887
|
Timestamp in Crash File name says UTC but is local timezone
|
CSCvo78772
|
ENH: ASA WebVPN should send "Cache-Control: no-store"
instead of "Cache-Control: no-cache"
|
CSCvo81249
|
ASA may cause high-rate of DNS queries between ASA (acting as a DNS
client) and a server
|
CSCvo86485
|
incorrect HTML <base> tag handling by Grammar Based Parser
|
CSCvo87430
|
FTD : Can't deploy ISAKMP VPNs containing question marks
|
CSCvo99076
|
ENH: IKEv2 quick connection preempt for static IP assigned to client
by AAA
|
CSCvp09083
|
ASA working as DHCP server drops DHCP renewal request packet sent by
DHCP clients
|
CSCvp10079
|
DB switch role failed on FMC HA switch
|
CSCvp13352
|
ASA continues to do TCP keepalives for Client side connections even
after vpn session times out
|
CSCvp16618
|
URL inside HTML base tag is not rewritten after it is handled by
GBP
|
CSCvp23530
|
OSPF neighbor command not replicated to standy after write standby or
reload
|
CSCvp29554
|
Traceback and reload due to a watchdog timeout when
accessingfilesystem (webvpn related)
|
CSCvp29803
|
Apache HTTP Server Modules Scripts Arbitrary Code Execution Vulnerab
...
|
CSCvp31311
|
There should be enough PKI handles for the max sessions on a given
platform
|
CSCvp38774
|
WebVPN rewriter not loading website correctly
|
CSCvp42484
|
IS-IS hello packet length not updated to correct mtu when mtu
modified
|
CSCvp42722
|
ASA does not generate logging message 611103 for any syslog
destination (buffer, trap, etc)
|
CSCvp52437
|
ASA | Saving configuration, give message "Platform does not
support appliance mode configuration."
|
CSCvp56719
|
Cisco FMC and FTD Software sftunnel Pass the Hash Vulnerability
|
CSCvp57417
|
Upon downgrade of an ASAv, the firewall may traceback and reload
|
CSCvp67033
|
ASA: Cannot distinguish name aliases for IPv6 and displays a
"incomplete command" error message
|
CSCvp69229
|
OpenSSL 0-byte Record Padding Oracle Information Disclosure
Vulnerabil
|
CSCvp71766
|
Radius authentication fails when sourced from BVI across a VPN
tunnel
|
CSCvp71879
|
limit-resource CLI for ssh/telnet has no effect if quota-CLI is not
configured
|
CSCvp72624
|
SNMP Limit for OID 1.3.6.1.2.1.4.35 (ipNetToPhysicalTable)
|
CSCvp73394
|
Failover ASA IKEv2 VTI: Secondary ASA sends standby IP as the traffic
selector
|
CSCvp75965
|
primary FPR2110 crash after customer configure syslog setting on
FMC
|
CSCvp76904
|
With dhcp-network-scope configured incorrectly, DHCP debugs on ASA
show wrong gateway and netmask.
|
CSCvp77226
|
ASA traceback and reload on sysopt traffic detailed in multicontext
mode
|
CSCvp78171
|
ASA in cluster fail to synchronise IPv6 ND table with peer units.
|
CSCvp91905
|
ASA will add the newly configured IPv6 Address to the current
link-local address
|
CSCvp94478
|
ASA scp quite slow
|
CSCvp96658
|
Inconsistency in timezone for show logging in newer versions
|
CSCvq00560
|
ASA silently drops packets which violate ESP Authentication data
field size (ICV)
|
CSCvq15976
|
ASA Memory Leak - snp_svc_insert_dtls_session
|
CSCvq17551
|
Syslog 711004 not consistently triggering event manager event
|
CSCvq22358
|
Disabling anti-replay for one context it disables it for other
contexts as well
|
CSCvq27016
|
FMC shows 'Unable to fetch failover history..' for FTD
HA.
|
CSCvq37913
|
VPN-sessiondb does not replicate to standby ASA
|
CSCvq47743
|
AnyConnect and Management Sessions fail to connect after several
weeks
|
CSCvq49124
|
ASA on FP1010 Traceback in http_exec_cli thread
|
CSCvq49718
|
Observed Traceback in ASA with dns debugs enabled while resolving
FQDN Entries
|
CSCvq50944
|
OSPFv3 neighborship is flapping every ~30 minutes
|
CSCvq54620
|
FPR4110 crashes after using 'vpn-sessions logoff all'
|
CSCvq54624
|
DTLS AnyConnect tunnel doesn't resume due to cache miss
|
CSCvq55426
|
Adding an ipv6 default route causes CLI to hang for 50 seconds
|
CSCvq58729
|
2140: crypto accelerator status show SOFTWARE mode by default
|
CSCvq65864
|
Traceback in HTTP Cli Exec with rest-api agent enabled
|
CSCvq70536
|
FTD: Deployment failure when breaking HA and graceful-restart is
present on config
|
CSCvq73595
|
ASA webvpn unable to extract username from cert UPN if username is
longer than 32 chars
|
CSCvq76706
|
Ability to clear message logged statistics in output of "show
logging"
|
CSCvq78126
|
V route is missing even after setting the reverse route in Crypto map
config in HA-IKEv2
|
CSCvq79042
|
FQDN ACL entries incomplete due to DNS response from server is large
and truncated
|
CSCvq81410
|
ASA::Unable to execute any ASA command via http using safari
browser.
|
CSCvq81692
|
ASA: After changing admin-context, call-home does not use new admin
context setting
|
CSCvq83060
|
SNMP: Cannot get failover link information from oid in multiple
mode
|
CSCvq84444
|
Configuring static routes causes "Route Session" rerr
counter to increment on standby ASA
|
CSCvq87625
|
ENH: Addition of 'show run all sysopt' to 'show tech'
output
|
CSCvq92240
|
Memory leak observed while running AnyConnect ssl vpn tests
|
CSCvq93640
|
WRL6 and WRL8 commit id update in CCM layer (sprint 67)
|
CSCvq93836
|
ENH: Addition of 'show logging setting' to 'show
tech' output
|
CSCvq98396
|
ASA: crypto session handles leak on the standby unit
|
CSCvq99107
|
Hot swap of SFP is not taking effect on the ASA
|
CSCvr03705
|
We need to have default route with AD and tunneled at the same time
for the same next hub.
|
CSCvr04203
|
Memory leak observed while running AnyConnect ssl vpn tests
|
CSCvr09399
|
Dynamic flow-offload can't be disabled
|
CSCvr12018
|
ASA: VPN traffic fails to take the tunnel route when the default
route is learnt over BGP.
|
CSCvr15503
|
ASA: SSH and ASDM sessions stuck in CLOSE_WAIT causing lack of MGMT
for the ASA
|
CSCvr20486
|
FTD 1010 Passive interfaces does not receive unicast packets
|
CSCvr20757
|
Block leak on ASA while running Cisco Umbrella DNS inspection
|
CSCvr20876
|
low memory causes kernel to invoke - oom and reload device - modified
rlimit for KP
|
CSCvr23580
|
Can't delete 2 or more than two IP address-pool
|
CSCvr23986
|
Cisco ASA & FTD devices may reload under conditions of low memory
and frequent complete MIB walks
|
CSCvr33428
|
FMC generates Connection Events from a SYN flood attack
|
CSCvr35872
|
ASA traceback Thread Name: DATAPATH with PBR configured
|
CSCvr37486
|
established rules in asp table are not un-installed on config
removal
|
CSCvr37502
|
libexpat Improper Parsing Denial of Service Vulnerability
|
CSCvr39516
|
lina segfault/reload caused by malloc failure in modexp-octeon
|
CSCvr50509
|
Some 3DES related configurations are lost after booted
|
CSCvr50630
|
ASA Traceback: SCTP bulk sync and HA synchronization
|
CSCvr50718
|
ASA | Incorrect handling of ICMP-TYPE objects for ICMP6 rules
|
CSCvr51426
|
ASA is not sending the mask in the accounting packets
|
CSCvr55518
|
Missing clean up on rule creation failure.
|
CSCvr57605
|
ASA after reload had license context count greater than platform
limits
|
CSCvr58411
|
RRI on static HUB/SPOKE config is not working on HUB when a new
static SPOKE is added or deleted
|
CSCvr60195
|
ASA/FTD may traceback and reload when repeatedly adding/removing
multicast commands
|
CSCvr68146
|
Unable to auto-rejoin FTD cluster
|
CSCvr68872
|
Secondary unit exceed platform context count limit in split brain
scenario when failover link down
|
CSCvr72648
|
BIGNUM leak in ec_bits()
|
CSCvr80164
|
WR6 and WR8 commit id update in CCM layer(sprint 72)
|
CSCvr83372
|
I/O error occurred while writing; fd='28',
error='Resource temporarily unavailable (11)'
|
CSCvr86077
|
ASA Traceback/pagefault in Datapath due to re_multi_match_ascii
|
CSCvr90079
|
HSTS config option not updated on show run all
|
CSCvr90462
|
Improve ipv6 duplicate address detection to avoid disabling ipv6 in
case of transient active-active
|
CSCvr92311
|
Standby ASA logging %ASA-4-720022: (VPN-Secondary) Cannot find trust
point __tmpCiscoM1Root__
|
CSCvr98924
|
ASA traceback and reload due to routing subsystem
|
CSCvr99642
|
ASA traceback and reload multiple times with trace
"webvpn_periodic_signal"
|
CSCvs02954
|
ASA OSPF: Prefix removed from the RIB when topology changes, then
added back when another SPF is run
|
CSCvs04179
|
ASA - 9.8.4.12 traceback and reload in ssh or fover_rx Thread
|
CSCvs05262
|
Decrement TTL display wrong result
|
CSCvs13204
|
ASAv failover traffic on SR-IOV interfaces might be dropped due to
interface-down
|
CSCvs16073
|
snmp poll failure with host and host-group configured
|
CSCvs27264
|
mroute entries on ASA not getting refreshed.
|
CSCvs28213
|
ASA Traceback in Thread Name SSH with assertion slib_malloc.c
|
CSCvs29779
|
ASA may traceback and reload while waitinPC g for
"DATAPATH-12-1899" process to finish.
|
CSCvs31159
|
Incorrect empty location handling inside CSCOGet_location wrapper
|
CSCvs31443
|
ASA reporting negative memory values on "%ASA-5-321001: Resource
'memory' limit'" message
|
CSCvs31470
|
OSPF Hello causing 9K block depletion, control point CPU 100% and
cluster unstable.
|
CSCvs32907
|
Addition of debug counters for STRAP implementation.
|
CSCvs33102
|
ASA/FTD may traceback and reload in Thread Name
'EIGRP-IPv4'
|
CSCvs33852
|
After upgrade to version 9.6.4.34 is not possible to add an
access-group
|
CSCvs38785
|
Inconsistent timestamp format in syslog
|
CSCvs39589
|
ASA doesn't honor SSH Timeout When Data Channel is not
Negotiated
|
CSCvs40230
|
ICMP not working and failed with inspect-icmp-seq-num-not-matched
|
CSCvs43154
|
Secondary ASA is unable to join the failover due to aggressive
warning messages.
|
CSCvs45111
|
WR6 and WR8 commit id update in CCM layer(sprint 75)
|
CSCvs45548
|
reactivation-mode timed causing untimely reactivation of failed
server
|
CSCvs47283
|
Traffic may match an access-list incorrectly with object-group-search
enabled
|
CSCvs48437
|
ASA cannot send syslog to two UDP ports at same time
|
CSCvs52108
|
ASA Traceback Due to Umbrella Inspection
|
CSCvs52169
|
ASA sends malformed RADIUS message when device-id from AnyConnect is
too long
|
CSCvs55603
|
ICMP Reply Dropped when matched by ACL
|
CSCvs56802
|
Cisco Firepower 2100 Series SSL/TLS Inspection Denial of Service
Vulnerability
|
CSCvs59487
|
Observed crash in KP device while upgrading to 99.14.1.64 image.
|
CSCvs59558
|
Failover mac address getting removed on the reload of the Primary
active unit
|
CSCvs59966
|
false reported value for OID "cipSecGlobalActiveTunnels" -
same as ASDM
|
CSCvs60254
|
libxml2 xmlParseBalancedChunkMemoryRecover Memory Leak
Vulnerability
|
CSCvs63484
|
SAML tokens are not removed from hash table
|
CSCvs70260
|
IKEv2 vpn-filter drops traffic with implicit deny after volume based
rekey collision
|
CSCvs71698
|
Management default route conflicts with default data routing
|
CSCvs71969
|
Multiple Cisco Products Snort HTTP Detection Engine File Policy
Bypass Vulnerability
|
CSCvs72378
|
ASDM session being abruptly terminated when switching between
different contexts
|
CSCvs72450
|
FXOS - Recover hwclock of service module from corruption due to
simultaneous write collision
|
CSCvs73663
|
ASA Traceback on IPsec message handler Thread
|
CSCvs73754
|
ASA/FTD: Block 256 size depletion caused by ARP of BVI not assigned
to any physical interface
|
CSCvs76605
|
Wrong Module version listed for FXOS 2.6(1.174)
|
CSCvs77818
|
Traceback: spin_lock_fair_mode_enqueue: Lock (np_conn_shrlock_t) is
held for a long time
|
CSCvs82726
|
Placeholder to address CSCvs31470 in Multi-Context Mode
|
CSCvs84542
|
ASA traceback with thread: idfw_proc
|
CSCvs85196
|
ASA SIP connections drop after several consecutive failovers: pinhole
timeout/closed by inspection
|
CSCvs87795
|
ASA: backup context failed to "ERROR: No such file or
directory"
|
CSCvs88413
|
Port-channel bundling is failing after upgrade to 9.8 version
|
CSCvs90100
|
ASA/FTD may traceback and reload in Thread Name 'License
Thread'
|
CSCvs94486
|
CSCvs59487 requires additional fix for resolution
|
CSCvs97863
|
Reduce number of fsync calls during close in flash file system
|
CSCvs97908
|
Invalid scp session terminates other active http, scp sessions
|
CSCvt00255
|
Upgrade kernel to cpe:2.3:o:linux:linux_kernel:4.14.187:
|
CSCvt01282
|
WR6 and WR8 commit id update in CCM layer(sprint 79)
|
CSCvt05862
|
IPv6 DNS server resolution fails when the server is reachable over
the management interface.
|
CSCvt06606
|
Flow offload not working with combination of FTD 6.2(3.10) and FXOS
2.6(1.169)
|
CSCvt06841
|
Incorrect access-list hitcount seen when configuring it with a
capture on ASA
|
CSCvt08492
|
Events are not generated on FDM after FXOS upgrade
|
CSCvt11302
|
On FPR devices when FIPS is enabled cannot create webtype ACLs
|
CSCvt11547
|
Cisco Firepower Device Manager Software Filesystem Space Exhaustion
Denial of Service Vuln
|
CSCvt11661
|
DOC - Clarify the meaning of mp-svc-flow-control under show asp
drop
|
CSCvt11742
|
ASA/FTD may traceback and reload in Thread Name 'ssh'
|
CSCvt12463
|
ASA: Traceback in thread Unicorn Admin Handler
|
CSCvt13301
|
Default Syslog using non-standard port does not work for Intrusion
events
|
CSCvt13822
|
ASA: VTI rejecting IPSec tunnel due to no matching crypto map
entry
|
CSCvt15056
|
SFR managed by ASDM: System policy does not apply.
|
CSCvt17912
|
stress, pushing platform limits causing segfault/reload in
lina_free_exec_st
|
CSCvt18199
|
IPv6 Nat rejected with error "overlaps with inside standby
interface address" for Standalone ASA
|
CSCvt22356
|
Health-check monitor-interface debounce-time in ASA Cluster resets to
9000ms after ASA reboot
|
CSCvt23643
|
VPN failover recovery is taking approx. 30 seconds for data to
resume
|
CSCvt25225
|
ASA: Active unit HA traceback and reload during Config Sync state
during OSPF sync
|
CSCvt26031
|
ASAv Unable to register smart licensing with IPv6
|
CSCvt26530
|
FTD failed over due to 'Inspection engine in other unit has
failed due to snort failure'
|
CSCvt27585
|
Observed traceback on 2100 while performing Failover Switch from
Standby.
|
CSCvt30731
|
WR6, WR8 and LTS18 commit id update in CCM layer(sprint 80)
|
CSCvt35945
|
Encryption-3DES-AES should not be required when enabling ssh version
2 on 9.8 train
|
CSCvt36542
|
Multi-context ASA/LINA on FPR not sending DHCP release message
|
CSCvt38279
|
Erase disk0 on ISA3000 causes file system not supported
|
CSCvt39977
|
Invalid packet data when PSNG_TCP_PORTSCAN [122:1:1] rule alerts.
|
CSCvt41357
|
"no logging permit-hostdown" does not block connections
when syslog host is inaccessible
|
CSCvt43136
|
Multiple Cisco Products Snort TCP Fast Open File Policy Bypass
Vulnerability
|
CSCvt43967
|
Pad packets received from RA tunnel which are less than or equal 46
bytes in length with zeros
|
CSCvt46289
|
ASA LDAPS connection fails on Firepower 1000 Series
|
CSCvt48601
|
Cisco Firepower Manament Center Software Stored Cross-Site Scripting
Vulnerability
|
CSCvt50528
|
Warning Message for default settings with Installation of
Certificates in ASA/FTD - CLI
|
CSCvt51349
|
Fragmented packets forwarded to fragment owner are not visible on
data interface captures
|
CSCvt51987
|
Traffic outage due to 80 size block exhaustion on the ASA FPR9300
SM56
|
CSCvt53640
|
ASA5585 may traceback and reload after upgrading SFR from 6.4.0 to
6.4.0.x
|
CSCvt54182
|
LINA cores are generated when FTD is configured to do SSL
decryption.
|
CSCvt63027
|
Cisco Firepower Management Center XML Entity Expansion
Vulnerability
|
CSCvt63484
|
ASA High CPU with igb_saleen_io_sfp_mod_poll_thre process
|
CSCvt64035
|
remote acess mib - SNMP 64 bit only reporting 4Gb before wrapping
around
|
CSCvt64952
|
"Show crypto accelerator load-balance detail" has missing
and undefined output
|
CSCvt65982
|
Route Fallback doesn't happen on Slave unit, upon RRI route
removal.
|
CSCvt68294
|
Adjust Firepower 4120 Maximum VPN Session Limit to 20,000
|
CSCvt70664
|
ASA: acct-session-time accounting attribute missing from Radius
Acct-Requests for AnyConnect
|
CSCvt71529
|
ASA traceback and reload during SSL handshake
|
CSCvt72683
|
NAT policy configuration after NAT policy deployment on FP 8130 is
not seen
|
CSCvt73407
|
TACACS Fallback authorization fails for Username enable_15 on ASA
device.
|
CSCvt75760
|
Traceback/Page-fault in Clientless WebVPN due to HTTP cleanup
|
CSCvt80126
|
ASA traceback and reload for the CLI "show asp table socket
18421590 det"
|
CSCvt80134
|
WebVPN rewriter fails to parse data from SAP Netweaver.
|
CSCvt80172
|
Supervisor software needs to be upgraded to address
CVE-2017-11610
|
CSCvt83133
|
Unable to access anyconnect webvpn portal from google chrome using
group-url
|
CSCvt90330
|
ASA traceback and reload with thread name coa_task
|
CSCvt91521
|
Crypto accelerator bias setting should be included in show tech
|
CSCvt92647
|
Connectivity over the state link configured with IPv6 addresses is
lost after upgrading the ASA
|
CSCvt98599
|
IKEv2 Call Admission Statistics "Active SAs" counter out of
sync with the real number of sessions
|
CSCvt99020
|
Cisco Firepower Manament Center Software Stored Cross-Site Scripting
Vulnerability
|
CSCvt99137
|
With huge FTP traffic in cluster, the SEC_FLOW messages are in a
retransmit loop
|
CSCvu00112
|
tsd0 not reset when ssh quota limit is hit in ci_cons_shell
|
CSCvu03107
|
AnyConnect statistics is doubled in both %ASA-4-113019 and RADIUS
accounting
|
CSCvu03562
|
Device loses ssh connectivity when username and password is
entered
|
CSCvu03675
|
FPR2100: ASA console may hang & become unresponsive in low memory
conditions
|
CSCvu05180
|
aaa-server configuration missing on the FTD after a Remote Access VPN
policy deployment
|
CSCvu06767
|
Lina cores on multi-instance causing a boot loop on both
logical-devices
|
CSCvu07602
|
FPR-41x5: 'clear crypto accelerator load-balance' will cause
a traceback and reload
|
CSCvu07880
|
ASA on QP platforms display wrong coredump filesystem space (50
GB)
|
CSCvu12039
|
Cluster data unit might fail to synchronize SCTP configuration from
the control unit after bootup
|
CSCvu12045
|
Deployment fails for NGIPS with error "System
(/etc/rc.d/init.d/netif-speed eth0) Failed"
|
CSCvu12248
|
ASA-FPWR 1010 traceback and reload when users connect using
AnyConnect VPN
|
CSCvu16423
|
ASA 9.12(2) - Multiple tracebacks due to Unicorn Proxy Thread
|
CSCvu17924
|
FTD failover units traceback and reload on DATAPATH
|
CSCvu17965
|
ASA generated a traceback and reloaded when changing the port value
of a manual nat rule
|
CSCvu20007
|
Config_XML_Response from LINA is not in the correct format,Lina
reporting as No memory available.
|
CSCvu20666
|
Few FPR 2100 series External Authentication RADIUS not taking
configuration
|
CSCvu26296
|
ASA interface ACL dropping snmp control-plane traffic from ASA
|
CSCvu26561
|
WebVPN SSO Gives Unexpected Results when Integrated with Kerberos
|
CSCvu29184
|
Cisco Firepower Threat Defense Software Command File Overwrite
Vulnerability
|
CSCvu29395
|
Traceback observed while performing master role change with active
IGMP joins
|
CSCvu29660
|
Block exhaustion snapshot not created when available blocks goes to
zero
|
CSCvu32698
|
ASA Crashes in SNMP while joining the cluster when key config-key
password-encryption" is present
|
CSCvu33992
|
traceback: ASA reloaded lina_sigcrash+1394
|
CSCvu34413
|
SSH keys lost in ASA after reload
|
CSCvu40213
|
ASA traceback in Thread Name kerberos_recv
|
CSCvu40324
|
ASA traceback and reload with Flow lookup calling traceback
|
CSCvu40398
|
ASAv reload due to FIPS SELF-TEST FAILURE after enabling FIPS
|
CSCvu43924
|
GIADDR of DHCP Discover packet is changed to the ip address of
dhcp-network-scope
|
CSCvu45748
|
ASA traceback in threadname 'ppp_timer_thread'
|
CSCvu45822
|
ASA experienced a traceback and reloaded
|
CSCvu48886
|
FTD deployment failure when removing non-default "crypto ikev2
limit max-in-negotiation-sa"
|
CSCvu49625
|
[PKI] Standard Based IKEv2 Certificate Auth session does second
userfromcert lookup unnecessarily
|
CSCvu55469
|
FTD - Connection idle timeout doesn't reset
|
CSCvu55843
|
ASA traceback after TACACS authorized user made configuration
changes
|
CSCvu61704
|
ASA high CPU with intel_82576_check_link_thread impacting on overall
unit performance
|
CSCvu65688
|
IKEv2 CAC "Active SAs" counter out of sync with the real
number of sessions despite CSCvt98599
|
CSCvu68529
|
Embryonic connections limit does not work consistently
|
CSCvu70931
|
Cluster / aaa-server key missing after "no key config-key"
is entered
|
CSCvu72094
|
ASA traceback and reload on thread name DATAPATH
|
CSCvu73207
|
DSCP values not preserved in DTLS packets towards AnyConnect
users
|
CSCvu77095
|
ASA unable to delete ACEs with remarks and display error
"Specified remark does not exist"
|
CSCvu78721
|
Cannot change (modify) interface speed after upgrade
|
CSCvu89110
|
ASA: Block new conns even when the "logging
permit-hostdown" is set & TCP syslog is down
|
CSCvu90727
|
Native VPN client with EAP-TLS authentication fails to connect to
ASA
|
CSCvu91097
|
Cisco Firepower Management Center Software Policy Vulnerability
|
CSCvu91792
|
SNMP IfInDiscards OIDs for Internal-Data 0/0 and 0/1 may return
incorrect values
|
CSCvu98222
|
FTD Lina engine may traceback in datapath after enabling SSL
decryption policy
|
CSCvv04584
|
Multicast traffic is being dropped with the resson no-mcast-intrf
|
CSCvv07721
|
FirePOWER: System>Users>User Roles Pages is blank on Firepower
7000 and Firepower 8000 series
|
CSCvv07864
|
Multicast EIGRP traffic not seen on internal FTD interface
|
CSCvv08244
|
Firepower module may block trusted HTTPS connections matching 'Do
not decrypt' SSL decryption rule
|
CSCvv08684
|
Cluster site-specific MAC addresses not rewritten by flow-offload
|
CSCvv09396
|
Stale VPN routes for L2TP, after the session was terminated
|
CSCvv10778
|
Traceback in threadname DATAPATH (5585) or Lina (2100) after upgrade
to 9.12.4
|
CSCvv12127
|
Series 3 policy deploy can fail when adding a large number of IPV4
source and destination AC rules.
|
CSCvv12857
|
ASA gets frozen after crypto engine failure
|
CSCvv15572
|
ASA traceback observed when "config-url" is entered while
creating new context
|
CSCvv16082
|
stress/low memory: assert: mh->mh_mem_pool > MEMPOOL_UNDEFINED
&& mh->mh_mem_pool < MEMPOOL_MAX_TYPE
|
CSCvv19230
|
ASAv Anyconnect users unexpectedly disconnect with reason: Idle
Timeout
|
CSCvv20450
|
FMC 6.4 to 6.7 upgrade fails "Error running script
500_rpms/110_generate_dbaccess.sh"
|
CSCvv23370
|
Observed traceback in FPR2130 while running webVPN, SNMP related
traffic.
|
CSCvv25394
|
After upgrade ASA swapped names for disks, disk0 became disk1 and
vice versa.
|
CSCvv25839
|
reCAPTCHA is not working when SSl decryption is enable.
|
CSCvv28997
|
ASA Traceback and reload on thread name Crypto CA
|
CSCvv29687
|
Rate-limit syslogs 780001/780002 by default on ASA
|
CSCvv30172
|
Intermittently after reboot, ADI can't join KCD
|
CSCvv31334
|
Lina traceback and reload seen on trying to switch peer on KP HA with
6.6.1-63
|
CSCvv31629
|
Intermittently embedded ping reply over GRE drops on FTD cluster if
traffic passes asymmetrically.
|
CSCvv32333
|
ASA still doesn't allow to poll internal-data0/0 counters via
SNMP in multiple mode
|
CSCvv32425
|
ASA traceback when running show asp table classify domain permit
|
CSCvv34003
|
snmpwalk for OID 1.3.6.1.2.1.47.1.1.1.1.5 on ISA 3000 returning value
of 0 for .16 and .17
|
CSCvv34140
|
ASA IKEv2 VTI - Failed to request SPI from CTM as responder
|
CSCvv36518
|
ASA: Extended downtime after reload after CSCuw51499 fix
|
CSCvv36725
|
ASA logging rate-limit 1 5 message ... limits to 1 message in 10
seconds instead of 5
|
CSCvv37629
|
Malformed SIP packets leads to 4k block hold-up till SIP conn timeout
causing probable traffic issue
|
CSCvv40223
|
Error parsing flash:/LOCAL-CA-SERVER/LOCAL-CA-SERVER.cdb, when trying
to modify/read the user-db
|
CSCvv41453
|
Removing static ipv6 route from management-only route table affects
data traffic
|
CSCvv43484
|
ASA stops processing RIP packets after system upgrade
|
CSCvv44270
|
ASAv5 reloads without traceback.
|
CSCvv48942
|
Snmpwalk showing traffic counter as 0 for failover interface
|
CSCvv49698
|
ASA Anyconnect url-redirect not working for ipv6
|
CSCvv49800
|
ASA/FTD: HA switchover doesn't happen with graceful reboot of
firepower chassis
|
CSCvv50338
|
Traceback Cluster unit on snpi_nat_xlate_destroy+2508
|
CSCvv53696
|
ASA/FTD traceback and reload during AAA or CoA task of Anyconnect
user
|
CSCvv56644
|
Cisco Adaptive Security Appliance Software and Firepower Threat
Defense Software Web DoS
|
CSCvv57590
|
ASA: ACL compilation takes more time on standby
|
CSCvv57842
|
WebSSL clientless user accounts being locked out on 1st bad
password
|
CSCvv58332
|
ASA/FTD is reading BGP MP_REACH_NLRI attribute's next-hop bytes
in reverse order
|
CSCvv58605
|
ASA traceback and reload in thread:Crypto CA,mem corruption by
unvirtualized pki global table in MTX
|
CSCvv59036
|
Static routes deleted from the FMC without user deleting it.
|
CSCvv59676
|
Snort2: Implement aggressive pruning for certificate cache for TLS to
free up memory
|
CSCvv62305
|
ASA traceback and reload in fover_parse when attempting to join the
failover pair.
|
CSCvv63412
|
ASA dropping all traffic with reason "No route to host"
when tmatch compilation is ongoing
|
CSCvv65184
|
Cisco Adaptive Security Appliance Software and Firepower Threat
Defense Software Web DoS
|
CSCvv66005
|
ASA traceback and reload on inspect esmtp
|
CSCvv66920
|
Inner flow: U-turn GRE flows trigger incorrect connection flow
creation
|
CSCvv67500
|
ASA 9.12 random traceback and reload in DATAPATH
|
CSCvv70984
|
ASA traceback while modifying the bookmark SSL Ciphers
configuration
|
CSCvv72466
|
OSPF network commands go missing in the startup-config after
upgrading the ASA
|
CSCvv73017
|
Traceback due to fover and ssh thread
|
CSCvv79897
|
Block "sensor restart" command for FTD units to prevent
Lina crash and system reboot event
|
CSCvv86926
|
Unexpected traceback and reload on FTD creating a Core file
|
CSCvv87232
|
ASA: High number of CPU hog in igb_saleen_io_sfp_mod_poll_thread
process
|
CSCvv87496
|
ASA cluster members 2048 block depletion due to "VPN packet
redirect on peer"
|
CSCvv88017
|
ASA: EasyVPN HW Client triggers duplicate phase 2 rekey causing
disconnections across the tunnel
|
CSCvv90181
|
No deployment failure reason in transcript if 'show
running-config' is running during deployment
|
CSCvv90720
|
ASA/FTD: Mac address-table flap seen on connected switch after a HA
switchover
|
CSCvv94701
|
ASA keeps reloading with "octnic_hm_thread". After the
reload, it takes very long time to recover.
|
CSCvv97877
|
Secondary unit not able to join the cluster
|
CSCvw01028
|
7K/8K devices experience unresponsiveness if upgraded to
6.4.0.[9,10,11] from release prior to 6.4.0
|
CSCvw05393
|
Certificate validation syslog is not generated on OCSP revocation
check
|
CSCvw06195
|
ASA traceback cp_midpath_process_thread
|
CSCvw07000
|
Snort busy drops with PDTS Tx queue stuck
|
CSCvw12008
|
ASA traceback and reload while executing "show
tech-support" command
|
CSCvw12100
|
ASA stale VPN Context seen for site to site and AnyConnect
sessions
|
CSCvw19272
|
Multiple Cisco Products Snort HTTP Detection Engine File Policy
Bypass Vulnerability
|
CSCvw21844
|
FTD traceback and reload on DATAPATH thread when processing
encapsulated flows
|
CSCvw22881
|
radius_rcv_auth can shoot up control plane CPU to 100%.
|
CSCvw22986
|
Secondary unit stuck in Bulk sync infinitely due to interface of
Primary stuck in init state
|
CSCvw23199
|
ASA/FTD Traceback and reload in Thread Name: Logger
|
CSCvw24164
|
heartbeat false positives
|
CSCvw24556
|
TCP File transfer (Big File) not properly closed when Flow offload is
enabled
|
CSCvw24700
|
FPR2100 ASA running 9.12.4.7 fails to boot with ERROR: FIPS Self-Test
failure, fipsPostGFSboxKat
|
CSCvw26171
|
ASA syslog traceback while strncpy NULL string passed from SSL
library
|
CSCvw26331
|
ASA traceback and reload on Thread Name: ci/console
|
CSCvw26544
|
Cisco ASA and FTD Software SIP Denial of Service Vulnerability
|
CSCvw27301
|
IKEv2 with EAP, MOBIKE status fails to be processed.
|
CSCvw28894
|
SFDataCorrelator slow startup and vuln remap due to duplicate entries
in vuln tables
|
CSCvw31254
|
User with shell set to /bin/false on 8350 sensor causes deployment
failure
|
CSCvw31569
|
Director/Backup flows are left behind and traffic related to this
flow is blackholed
|
CSCvw32518
|
ASASM traceback and reload after upgrade up to 9.12(4)4 and
higher
|
CSCvw33987
|
ASAv/2100 Smart License failure post upgrade
|
CSCvw36662
|
TACACS+ ASCII password change request not handled properly
|
CSCvw37259
|
VPN syslogs are generated at a rate of 600/s until device goes into a
hang state
|
CSCvw41728
|
Unable to configure syslog via CLI on FTD
|
CSCvw42999
|
9.10.1.11 ASA on FPR2110 traceback and reloads randomly
|
CSCvw43486
|
ASA/FTD Traceback and reload during PBR configuration change
|
CSCvw43534
|
A Null pointer dereference vulnerability exists in Mozilla Network S
...
|
CSCvw43543
|
The inflateMark function in inflate.c in zlib 1.2.8 might allow cont
...
|
CSCvw43586
|
A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7
...
|
CSCvw43615
|
An issue was discovered in GnuTLS before 3.6.15. A server can trigge
...
|
CSCvw44122
|
ASA: "class-default" class-map redirecting non-DNS traffic
to DNS inspection engine
|
CSCvw46702
|
FTD Cluster secondary units fail to join cluster due to application
configuration sync timeout
|
CSCvw47321
|
IPSec transport mode traffic corruption for inbound traffic for some
FPR platforms
|
CSCvw48517
|
DAP stopped working after upgrading the ASA to 9.13(1)13
|
CSCvw49531
|
Applications are being misclassified after VDB upgrade.
|
CSCvw51462
|
IPv4 Default Tunneled Route Rejected
|
CSCvw51950
|
FPR 4K: SSL trust-point removed from new active ASA after manual
Failover
|
CSCvw51985
|
ASA: AnyConnect sessions cannot be resumed due to ipv6 DACL
failure
|
CSCvw52098
|
Upgrade to 6.4.0.11 fails at 800_post/901_reapply_sensor_policy.pl on
standby 2120
|
CSCvw52609
|
Cisco ASA and FTD Software Web Services Buffer Overflow Denial of
Service Vulnerability
|
CSCvw53255
|
FTD/ASA HA: Standby Unit FXOS is still able to forward traffic even
after failover due to traceback
|
CSCvw53427
|
ASA Fails to process HTTP POST with SAML assertion containing
multiple query parameters
|
CSCvw53796
|
Cisco ASA and FTD Web Services Interface Cross-Site Scripting
Vulnerability
|
CSCvw53884
|
M500IT Model Solid State Drives on ASA5506 may go unresponsive after
3.2 Years in service
|
CSCvw54640
|
FPR-4150 - ASA traceback and reload with thread name DATAPATH
|
CSCvw54802
|
Revocation check fails to move to none after ocsp check fails due to
server being unavailable
|
CSCvw58414
|
Name of anyconnect custom attribute of type
dynamic-split-exclude-domains is changed after reload
|
CSCvw58865
|
sftunnel TLS handshake should not include NewSessionTicket
|
CSCvw59035
|
Connection issues to directly connected IP from FTD BVI address
|
CSCvw60177
|
Standby/Secondary cluster unit might crash in Thread Name:
fover_parse and "cluster config sync"
|
CSCvw62526
|
ASA traceback and reload on engineering ASA build - 9.12.3.237
|
CSCvw62820
|
memcached 1.5.6 or higher update
|
CSCvw63862
|
ASA: Random L2TP users cannot access resources due to stale ACL
filter entries
|
CSCvw71766
|
ASA traceback and reload in Thread: Ikev2 Daemon
|
CSCvw74495
|
Application detection fails for FTP service when an unsuccessful
login is encountered.
|
CSCvw74940
|
ASA traceback in IKE Daemon and reload
|
CSCvw79208
|
Incorrect URL normalization when "http://" substring is at
a latter stage in the input string
|
CSCvw79294
|
sftunnel logging huge number of logs to messages file
|
CSCvw81322
|
FTD running multi-instance mode gets snort GID 3 rules disabled after
SRU install and deploy
|
CSCvw81897
|
ASA: OpenSSL Vulnerability CVE-2020-1971
|
CSCvw82629
|
ASA Tracebacks when making "configuration session" changes
regarding an ACL.
|
CSCvw83572
|
BVI HTTP/SSH access is not working in versions 9.14.1.30 or above
|
CSCvw84339
|
Managed device backup fails, for FTD, if hostname exceeds 30
characters
|
CSCvw85377
|
URL is not updated in the access policy URL filtering rule
|
CSCvw87788
|
ASA traceback and reload webvpn thread
|
CSCvw89365
|
ASA/FTD may traceback and reload during certificate changes.
|
CSCvw93272
|
Cisco Firepower Management Center Software Cross-Site Scripting
Vulnerability
|
CSCvw93282
|
Cisco Firepower Management Center Software Cross-Site Scripting
Vulnerability
|
CSCvw93513
|
Cisco Firepower Management Center Software Cross-Site Scripting
Vulnerability
|
CSCvw95301
|
ASA traceback and reload with Thread name: ssh when capture was
removed
|
CSCvw96295
|
Unable to add Route Tracking to static route in FMC 6.4.0.10
|
CSCvw96488
|
Traceback in inspect_h323_ras+1810
|
CSCvw97821
|
ASA: VPN traffic does not pass if no dACL is provided in CoA
|
CSCvw98840
|
ASA: dACL with no IPv6 entries is not applied to v6 traffic after
CoA
|
CSCvx01381
|
FMC GUI year drop-down list for Manual Time set up only listing until
2020
|
CSCvx02869
|
Traceback in Thread Name: Lic TMR
|
CSCvx03764
|
Offload rewrite data needs to be fixed for identity nat traffic and
clustering environment
|
CSCvx04057
|
When SGT name is unresolved and used in ACE, line is not being
ignored/inactive
|
CSCvx04643
|
ASA reload is removing 'content-security-policy' config
|
CSCvx05381
|
Cisco ASA and FTD Software Command Injection Vulnerability
|
CSCvx05956
|
High snort cpu usage while copying navl attribute
|
CSCvx08734
|
ASA: default IPv6/IPv4 route tunneled does not work
|
CSCvx11295
|
ASA may traceback and reload on thread Crypto CA
|
CSCvx11460
|
Firepower 2110 silently dropping traffic with TFC enabled on the
remote end
|
CSCvx13694
|
ASA/FTD traceback in Thread Name: PTHREAD-4432
|
CSCvx15040
|
DHCP Proxy Offer is getting drop on the ASA/FTD
|
CSCvx16202
|
self referenced object pushed from FMC results in lina crash with
error - loop in grp hierarchy
|
CSCvx17664
|
ASA may traceback and reload in Thread Name 'webvpn_task'
|
CSCvx17785
|
Crash seen consistently by adding/removing acl & entering into
route-map command
|
CSCvx20352
|
Snort PDTS buffer corruption during upgrade or heavy traffic load
|
CSCvx26286
|
IPV6 address was marked as duplicate on both units and ipv6 Traffic
was stopped after the failover.
|
CSCvx26808
|
FTD traceback and reload on process lina on FPR2100 series
|
CSCvx27430
|
ASA: Unable to import PAC file if FIPS is enabled.
|
CSCvx29771
|
Firewall CPU can increase after a bulk routing update with flow
offload
|
CSCvx30314
|
ASA 9.15.1.7 traceback and reload in ssl midpath
|
CSCvx41171
|
Concurrent modification of ACL configuration breaks output of
"show running-config" completely
|
CSCvx42197
|
ASA EIGRP route stuck after neighbour disconnected
|
CSCvx44401
|
FTD/ASA traceback in Thread Name : Unicorn Proxy Thread
|
CSCvx48490
|
SSL Decrypted https flow EOF events showing
'Initiator/Responder' Packets as 0
|
CSCvx50366
|
Traceback in Thread Name: fover_health_monitoring_thread
|
CSCvx51860
|
Failed lookups due to license check when the sensor URL lookup is
enabled in 6.4.0.x
|
CSCvx52122
|
ASA traceback and reload in SNMP Notify Thread while deleting
transparent context
|
CSCvx59120
|
COA Received before data tunnel comes up results in tear down of
parent session
|
CSCvx71434
|
ASA/FTD Traceback and reload in Thread Name: pix_startup_thread due
to asa_run_ttyS0 script
|
CSCvx74035
|
ASA traceback and reload after run "clear configure all"
with multiple ACLs and objects configured
|
CSCvy09252
|
Syncd exits repeatedly on secondary FMC in 6.4.0.12-97 FMC-HA
pair
|