This document contains release information for Cisco Firepower eXtensible Operating System (FXOS) 2.14.1.
Use these Release Notes as a supplement with the other documents listed in the documentation roadmap:
 Note |
The online versions of the user documentation are occasionally updated after the initial release. As a result, the information contained in the documentation on Cisco.com supersedes any information contained in the context-sensitive help included with the product. |
Introduction
The Cisco security appliance is a next-generation platform for network and content security solutions. The security appliance is part of the Cisco Application Centric Infrastructure (ACI) Security Solution and provides an agile, open, secure platform that is built for scalability, consistent control, and simplified management.
The security appliance provides the following features:
-
Modular chassis-based security system—Provides high performance, flexible input/output configurations, and scalability.
-
Chassis Manager—Graphical user interface provides a streamlined, visual representation of the current chassis status and allows for simplified configuration of chassis features.
-
FXOS CLI—Provides command-based interface for configuring features, monitoring chassis status, and accessing advanced troubleshooting features.
-
FXOS REST API—Allows users to programmatically configure and manage their chassis.
What's New
New Features in FXOS 2.14.1.187
Fixes for various problems (see Resolved bugs in Resolved bugs in FXOS 2.14.1.187)
New Features in FXOS 2.14.1.186
Fixes for various problems (see Resolved bugs in Resolved bugs in FXOS 2.14.1.186)
New Features in FXOS 2.14.1.167
Fixes for various problems (see Resolved bugs in Resolved bugs in FXOS 2.14.1.167)
New Features in FXOS 2.14.1.163
Fixes for various problems (see Resolved bugs in Resolved bugs in FXOS 2.14.1.163)
New Features in FXOS 2.14.1.143
Fixes for various problems (see Resolved bugs in Resolved bugs in FXOS 2.14.1.143)
New Features in FXOS 2.14.1
Cisco FXOS 2.14.1 introduces the following new features:
| Feature | Description |
|---|---|
|
Monitor Chassis-level health alerts in Secure Firewall Management Center |
This feature allows you to monitor your chassis in the management center for chassis-level health alerts. To monitor chassis-level health alerts in the management center, you must manually configure the management center as manager on the chassis, and then register the chassis in the management center. New/modified CLI: create device-manager manager_name hostname {hostname | ipv4_address | ipv6_address} nat-id nat_id |
|
Integrated firmware upgrade |
The FXOS firmware upgrade package is now integrated with platform bundle for firmware auto-upgrade during the FXOS upgrade. Whenever you upgrade your FXOS to latetst version, the firmware package gets unpacked based on the platform and the system checks for the firmware version running on your supervisor. If the firmware version is lower than the firmware version integrated in the platform bundle, the firmware gets auto-upgraded without any user intervention. New/modified CLI: No new CLIs added. You can use the existing show firmware monitor command to monitor the upgrade process. Firmware Package Included: Firmware package 1.0.19 |
|
Secure Firewall chassis manager single sign-on |
The chassis manager now supports single sign-on (SSO) for external users configured at any third-party SAML 2.0-compliant identity provider (IdP). New/modified pages: |
Software Download
You can download software images for FXOS and supported applications from one of the following URLs:
-
Firepower 9300 — https://software.cisco.com/download/type.html?mdfid=286287252
-
Firepower 4100 — https://software.cisco.com/download/navigator.html?mdfid=286305164
For information about the applications that are supported on a specific version of FXOS, see the Cisco FXOS Compatibility guide at this URL:
https://www.cisco.com/c/en/us/td/docs/security/firepower/fxos/compatibility/fxos-compatibility.html
Important Notes
-
In FXOS 2.4(1) or later, if you are using an IPSec secure channel in FIPS mode, the IPSec peer entity must support RFC 7427.
-
When you upgrade a network or security module, certain faults are generated and then cleared automatically. These include a “hot swap not supported” fault or a “module removed when in online state” fault. If you have followed the appropriate procedures, as described in the Cisco Firepower 9300 Hardware Installation Guide or Cisco Firepower 4100 Series Hardware Installation Guide, the fault(s) are cleared automatically and no additional action is required.
-
From FXOS 2.13 release, the set maxfailedlogins command no longer works. The value can still be set, but if you try to log in a greater number of times than the already set value with an invalid password, you are not locked out. For compatibility, a similar command, set max-login-attempts, is available under scope security. This command also prevents logging in after a certain number of failed attempts but sets the value for all users. These commands are only available for Firepower 2100 platform mode and do not affect other platforms.
System Requirements
-
You can access the chassis manager using the following browsers:
-
Mozilla Firefox—Version 42 and later
-
Google Chrome—Version 47 and later
-
Microsoft Internet Explorer—Version 11 and later
We tested FXOS 2.14.1 using Mozilla Firefox version 42, Google Chrome version 47, and Internet Explorer version 11. Other versions of these browsers are expected to work. However, if you experience any browser-related issues, we suggest you use one of the tested versions.
-
Upgrade Instructions
You can upgrade your Firepower 9300 or Firepower 4100 series security appliance directly to FXOS 2.14.1 if it is currently running FXOS version 2.2(2) or later. Before you upgrade your Firepower 9300 or Firepower 4100 series security appliance to FXOS 2.14.0, first upgrade to FXOS 2.2(2), or verify that you are currently running FXOS 2.2(2).
For upgrade instructions, see the Cisco Firepower 4100/9300 Upgrade Guide.
Installation Notes
-
From FXOS 2.14.1, the FXOS firmware is bundled with FXOS software image. During FXOS upgrade, the system will auto-upgrade the firmware to the latest version if applicable. If the firmware is upgraded, the system will reboot 2 times and the total FXOS upgrade duration will be extended.
Following tables lists the time taken for upgrade with or without firmaware uprade:
FXOS Upgrade With Firmware Upgrade Duration(in mins) Initiate FXOS Upgrade with integrated FW changes - First Reboot triggered by FXOS upgrade ~9 CLI after FXOS Upgrade (before FW Upgrade) ~8 Second Reboot triggered by FW Upgrade ~1 to 20 * CLI after FXOS Upgrade and FW Upgrade ~8 Blade to come online ~13 Application to come online ~10 Total ~49-70mins FXOS Upgrade Without Firmware Upgrade Duration(in mins) Initiate FXOS Upgrade with integrated firmware changes - Reboot triggered by FXOS upgrade ~9 CLI after FXOS Upgrade (before firmware upgrade) ~8 Blade to come online ~13 Application to come online ~10 Total ~40 mins -
If you are upgrading a Firepower 9300 or Firepower 4100 series security appliance that is running a standalone logical device or if you are upgrading a Firepower 9300 security appliance that is running an intra-chassis cluster, traffic does not traverse through the device while it is upgrading.
-
If you are upgrading a Firepower 9300 or a Firepower 4100 series security appliance that is part of an inter-chassis cluster, traffic does not traverse through the device being upgraded while it is upgrading. However, the other devices in the cluster continue to pass traffic.
-
Downgrade of FXOS images is not officially supported. The only Cisco-supported method of downgrading an image version of FXOS is to perform a complete re-image of the device.
Resolved and Open Bugs
The resolved and open bugs for this release are accessible through the Cisco Bug Search Tool. This web-based tool provides you with access to the Cisco bug tracking system, which maintains information about bugs and vulnerabilities in this product and other Cisco hardware and software products.
Note |
You must have a Cisco.com account to log in and access the Cisco Bug Search Tool. If you do not have one, you can Cisco.com. |
For more information about the Cisco Bug Search Tool, see the Bug Search Tool Help & FAQ.
Resolved bugs in FXOS 2.14.1.187
The following table lists the previously release-noted and customer-found bugs that were resolved in FXOS 2.14.1.187:
|
Identifier |
Headline |
|---|---|
|
External authentication radius SSH login failure with FXOS version 2.14.1.186 |
|
|
Directory/var/tmp triggering fault F0182 due to vdc.log (Excessive Logging, Log Rotation) |
Resolved bugs in FXOS 2.14.1.186
The following table lists the previously release-noted and customer-found bugs that were resolved in FXOS 2.14.1.186:
|
Identifier |
Headline |
|---|---|
|
Unnecessary FAN error logs needs to be removed from thermal file |
|
|
Address SSP OpenSSH regreSSHion vulnerability |
|
|
Default Hashing Algorithm is SHA1 for Firepower Chassis Manager Certificate on 4110 |
|
|
Evaluation of ssp for OpenSSH regreSSHion vulnerability |
|
|
The more command is missing on FMC |
|
|
Secure Firewall 3100 threat defense performance down 25% |
|
| CSCwm07419 | ldap.conf does not get generated using hostname |
| CSCwe45584 | FP2130 - Incorrect spelling seen in tech_support_brief in FPRM |
| CSCwk64418 | NTP is not synchronising when using SHA-1 authentication |
| CSCwm52973 | Low End FPR3100:Changing interface speed from 1g to 100mbps/100mps to 1g bring downs the link. |
| CSCwk22959 | Issue summary: Some non-default TLS server configurations can cause un |
| CSCwi84615 | some stdout logs not rotated by logrotate |
| CSCwi90399 | threat defense/ASA system clock resets to year 2023 |
| CSCwi56743 | MSP Quota setting for instances is not correct |
| CSCwe92324 | FPR31xx - SNMP poll reports incorrect FanTray Status at Down while actually operational |
| CSCwj49958 | Crypto IPSEC Negotiation Failing At "Failed to compute a hash value" |
| CSCwk48628 | threat defense/FxOS - Upgrade/erase configuration result in App-instance 'Operational State: Starting' |
| CSCwj08040 | To keep its cache database efficient, `named` running as a recursive r |
| CSCwj25629 | Error when running 'show tech-support module detail' on FPR9K |
| CSCwf04460 | The fxos directory disappears after cancel show tech fprm detail command with Ctr+c is executed . |
| CSCwj89054 | An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of |
| CSCwm51874 | FXOS: messages rotates every 40 minutes due to Notification Daemon messages' being spammed |
| CSCwi70989 | Handle notification demon false positives |
| CSCwj08023 | Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6 |
| CSCwj08021 | The DNS message parsing code in `named` includes a section whose compu |
| CSCwi68133 | A use-after-free vulnerability in the Linux kernel's ipv4: igmp compon |
| CSCwi68132 | A heap out-of-bounds write vulnerability in the Linux kernel's Perform |
| CSCwj08025 | The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 whe |
| CSCwm35751 | FPR3100: Interface may go to half duplex speed is hardcoded to 100mbps |
| CSCwh94201 | An issue was discovered in drivers/net/ethernet/intel/igb/igb_main.c i |
| CSCwm49154 | FXOS fault F1738 in multi-instance deploymet. Error: CSP_OP_ERROR. CSP signature verification error |
| CSCwk67859 | threat defense and FXOS: RADIUS Protocol Spoofing Vulnerability (Blast-RADIUS): July 2024 |
| CSCwj43355 | A bug in QEMU could cause a guest I/O operation otherwise addressed to |
| CSCwm88105 | An issue was discovered in libexpat before 2.6.3. xmlparse.c does not |
| CSCwj57435 | Cleanup stale logrotate files |
| CSCwm75514 | A flaw was found in the python-cryptography package. This issue may al |
| CSCwm29876 | Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.5 |
| CSCwh71516 | Due to failure in validating the length provided by an attacker-crafte |
| CSCwm06393 | Changes in port-channel membership or member status may cause periodic OSPF/EIGRP adjacency flaps |
| CSCwm05158 | "Failed to upgrade firmware Image" fault should mention the firmware that failed to upgrade |
| CSCwj09999 | Secure Firewall 3100 MTU change on management interface is NOT persistent across reboots (returns to default MTU) |
| CSCwj08035 | A flaw in query-handling code can cause `named` to exit prematurely wi |
| CSCwj08037 | A bad interaction between DNS64 and serve-stale may cause `named` to c |
| CSCwn79553 | Unreachable LDAP/AD referrals may cause delays or timeouts in external authentication on threat defense |
| CSCwi57476 | Interface idb logging log rotation to FXOS logrotate utility |
| CSCwi24032 | A heap out-of-bounds write vulnerability in the Linux kernel's Linux K |
| CSCwi78189 | It was discovered that when exec'ing from a non-leader thread, armed P |
| CSCwj91494 | FXOS LTP: Some platforms return more than one image for analysis |
| CSCwk79288 | Partition "/opt/cisco/config" gets full due to btmp file not getting logrotated |
| CSCwm95243 | There is a LOW severity vulnerability affecting CPython, specifically |
| CSCwm95242 | There is a MEDIUM severity vulnerability affecting CPython. Regul |
| CSCwk71227 | threat defense running on FPR 2k with LDAP skips backslash when updating ldap.conf |
| CSCwn21204 | SNMPv3 on Management Interface Intermittently Unresponsive with Frequent SNMP Core Files Generated |
| CSCwi60256 | strongSwan before 5.9.12 has a buffer overflow and possible unauthenti |
| CSCwi85951 | A use-after-free flaw was found in the __ext4_remount in fs/ext4/super |
| CSCwm49782 | enhance sma 2nd cruz heartbeat logging |
| CSCwb77894 | Firepower 1000/2100 may boot to ROMMON mode |
| CSCwj87770 | FPR2100-ASA Unable to generate CSR without FXOS IP address on SAN field |
| CSCwm42964 | It was discovered that the cls_route filter implementation in the Linu |
| CSCwi92927 | A use-after-free vulnerability in the Linux kernel's netfilter: nf_tab |
| CSCwi83821 | Reword the CLI message shown after running the 'erase configuration' command |
| CSCwi24027 | A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` |
| CSCwi24021 | An issue was discovered in the Linux kernel before 6.5.9, exploitable |
| CSCwn11728 | FPR9K-SM-56 module intermittently lock up and cause traffic impact. |
| CSCwk75036 | Null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and |
| CSCwk75032 | In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the |
| CSCwk75033 | In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause inva |
| CSCwk75030 | The IPv6 implementation in the Linux kernel before 6.3 has a net/ipv6/ |
| CSCwi60248 | A malicious HTTP sender can use chunk extensions to cause a receiver r |
| CSCwm12910 | Jinja is an extensible templating engine. Special placeholders in the |
| CSCwk88225 | Critical fault : [FSM:FAILED]: user configuration(FSM:sam:dme:AaaUserEpUpdateUserEp) |
| CSCwk21562 | Radius server configuration for threat defense external authentication is not deployed to threat defense. |
| CSCwk94449 | Include show mgmt-ip-debug in fxos tech support |
| CSCwn47308 | Critical health alerts 'user configuration(FSM.sam.dme.AaaUserEpUpdateUserEp)' on FPR 1100/2100/3100 |
| CSCwk14685 | threat defense : Management interface showing down despite being up and operational |
| CSCwm42977 | An out-of-bounds read vulnerability was found in Netfilter Connection |
| CSCwi76630 | FP2100/FP1000: ASA Smart licenses lost after reload |
| CSCwi92914 | A flaw was found in the networking subsystem of the Linux kernel withi |
| CSCwn13187 | ASA upgrade failing from 9.20.2.21 to the target version 9.20.3.4 |
| CSCwm42979 | A null pointer dereference flaw was found in the hugetlbfs_fill_super |
| CSCwi68163 | Postfix through 3.8.4 allows SMTP smuggling unless configured with smt |
| CSCwi49360 | A flaw was found in the 9p passthrough filesystem (9pfs) implementatio |
| CSCwj77877 | Disable/Enable an MI instance results it in "State Failed" |
| CSCwk81381 | Increase Logging Level for TAm Services |
| CSCwm95189 | Redis is an open source, in-memory database that persists on disk. An |
| CSCwm95187 | Redis is an open source, in-memory database that persists on disk. Aut |
| CSCwh71235 | A flaw was found in QEMU. The async nature of hot-unplug enables a rac |
| CSCwn29611 | Radius user ssh login fails with error: username is not defined with a service type that is valid |
| CSCwi33710 | ipv6 table flush exception when cli_firstboot installs bootstrap configuration multi instance |
| CSCwj08083 | An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.1 |
| CSCwj88930 | net-snmp provides various tools relating to the Simple Network Managem |
| CSCwj88931 | net-snmp provides various tools relating to the Simple Network Managem |
| CSCwj88932 | net-snmp provides various tools relating to the Simple Network Managem |
| CSCwm96280 | Threat Defense device stuck in rommon mode after pressing reset button |
| CSCwj89051 | In GNU tar before 1.35, mishandled extension attributes in a PAX archi |
| CSCwj61086 | High CPU usage in svc_sam_dme process during deployment post breaking cluster or deleting inline-set |
| CSCwj88929 | net-snmp provides various tools relating to the Simple Network Managem |
| CSCwj88928 | net-snmp provides various tools relating to the Simple Network Managem |
| CSCwi79703 | Incorrect Timezone Format on threat defense when Configured via FXOS |
| CSCwj88925 | net-snmp provides various tools relating to the Simple Network Management |
| CSCwj81031 | snmpd core seen in ASA/threat defense |
| CSCwj08073 | libuv is a multi-platform support library with a focus on asynchronous |
| CSCwj04154 | Intermittent loss of management traffic due to DHCP service failing to start |
| CSCwi78210 | An out-of-bounds memory write flaw was found in the Linux kernels Tra |
| CSCwm52264 | Not able to remove or clear Fault "The password encryption key has not been set." |
| CSCwm33529 | FXOS MTU Handling for Front Panel and Uplink Ports on Firepower devices require improvement |
| CSCwj16119 | FP2110: When Leaving On-Box (FDM) Mode Platform API Fails |
| CSCwj56099 | ASA: Running the failsafe-exit command caused the interface to enter a DISABLED state |
| CSCwk66255 | urllib3 is a user-friendly HTTP client library for Python. When using |
| CSCwk66253 | An out-of-bounds access vulnerability involving netfilter was reported |
| CSCwj98648 | Failure to read the signature keys (mult-instance deployment) |
| CSCwj93718 | Unable to run "nslookup" command on FXOS |
| CSCwh24932 | ASA software on FP3110 showing incorrect serial number in show inventory output |
| CSCwj79895 | ENH Logs FP4110 (FXOS 2.10.1.179) Security module stopped responding after device reboot |
| CSCwn44335 | FXOS - Download command generates an extra "/" over HTTP and HTTPS GET requests |
| CSCwi23964 | Python 3.x through 3.10 has an open redirection vulnerability in lib/h |
| CSCwh71262 | A flaw was found in glibc. In an uncommon situation, the gaih_inet fun |
| CSCwi53987 | SSL protocol settings does not modify the FDM GUI certificate configuration or disable TLSv1.1 |
Resolved bugs in FXOS 2.14.1.167
The following table lists the previously release-noted and customer-found bugs that were resolved in FXOS 2.14.1.167:
|
Identifier |
Headline |
|---|---|
|
Unnecessary FAN error logs needs to be removed from thermal file |
|
|
Address SSP OpenSSH regreSSHion vulnerability |
|
|
Default Hashing Algorithm is SHA1 for Firepower Chassis Manager Certificate on 4110 |
|
|
Evaluation of ssp for OpenSSH regreSSHion vulnerability |
|
|
The more command is missing on FMC |
|
|
TPK FTD performance down 25% |
|
|
FMCv passwd command fail |
Resolved bugs in FXOS 2.14.1.163
The following table lists the previously release-noted and customer-found bugs that were resolved in FXOS 2.14.1.163:
|
Identifier |
Headline |
|---|---|
|
libuv is a multi-platform support library with a focus on asynchronous |
|
|
Firpower 4100/9300 : Update CiscoSSH (Chassis Manager FXOS) to address CVE-2023-48795 |
|
|
CVE-2023-51385 (Medium Sev) In ssh in OpenSSH before 9.6, OS command injection might occur if a us |
|
|
High latency observed on FPR3120 |
|
|
A flaw was found in the networking subsystem of the Linux kernel withi |
|
|
Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulner |
|
|
some stdout logs not rotated by logrotate |
|
|
Device/port-channel goes down with a core generated for portmanager |
|
|
FTD/ASA system clock resets to year 2023 |
|
|
FPR3K loses connectivity to the management center via mgmt data interface on reboot of FPR3K |
|
|
FTDv reloads and generate backtrace after push EIGRP config |
|
|
Crypto IPSEC Negotiation Failing At "Failed to compute a hash value" |
|
|
Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.Th |
|
|
FXOS does not retry NTP sync with servers |
|
|
CCM ID LTS21-100 with RCPL21 update |
|
|
It was discovered that when exec'ing from a non-leader thread, armed P |
|
|
A malicious HTTP sender can use chunk extensions to cause a receiver r |
|
|
Strong Encryption license is not getting applied to ASA firewalls in HA. |
|
|
Suppress "End of script output before headers" syslog on FXOS |
|
|
Management UI presents self-signed cert rather than custom CA signed one after upgrade |
|
|
A flaw was found in QEMU. The async nature of hot-unplug enables a rac |
|
|
Before Go 1.20, the RSA based TLS key exchanges used the math/big libr |
|
|
FP2110: When Leaving On-Box (FDM) Mode Platform API Fails |
|
|
CCM ID 68 - LTS21 - CISCO_LTS21_R2160 release branch |
|
|
It was discovered that a nft object or expression could reference a nf |
|
|
Alert: Decommission failed, reason: Internal error is not cleared from FCM or CLI after acknowledge |
|
|
An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.1 |
|
|
net-snmp provides various tools relating to the Simple Network Managem |
|
|
net-snmp provides various tools relating to the Simple Network Managem |
|
|
net-snmp provides various tools relating to the Simple Network Managem |
|
|
strongSwan before 5.9.12 has a buffer overflow and possible unauthenti |
|
|
Hardware bypass not working as expected in FP3140 |
|
|
An out-of-bounds access vulnerability involving netfilter was reported |
|
|
net-snmp provides various tools relating to the Simple Network Managem |
|
|
A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classifie |
|
|
A use-after-free vulnerability in the Linux kernel's ipv4: igmp compon |
|
|
A heap out-of-bounds write vulnerability in the Linux kernel's Perform |
|
|
Python 3.x through 3.10 has an open redirection vulnerability in lib/h |
|
|
An out-of-bounds memory write flaw was found in the Linux kernelâs Tra |
|
|
An issue was discovered in drivers/net/ethernet/intel/igb/igb_main.c i |
|
|
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tab |
|
|
A heap out-of-bounds write vulnerability in the Linux kernel's Linux K |
|
|
ASA/FTD : Port-channels remain down on Firepower 1010 devices after upgrade |
|
|
A flaw was found in the 9p passthrough filesystem (9pfs) implementatio |
|
|
4200s have high UDP latency at low packet rates. |
|
|
A use-after-free vulnerability was found in drivers/nvme/target/tcp.c' |
|
|
Vulnerabilities in linux-kernel 5.10.79 CVE-2023-3111 and others |
|
|
An issue was discovered in the Linux kernel before 6.5.9, exploitable |
|
|
SSL protocol settings does not modify the FDM GUI certificate configuration or disable TLSv1.1 |
|
|
FTDv may traceback and reload in Thread Name 'PTHREAD-3744' when changing interface status |
|
|
A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTL |
|
|
3140 3 MI instances upgrade failed |
|
|
A use-after-free flaw was found in the __ext4_remount in fs/ext4/super |
|
|
Debug messages seen on console on executing show tech-support fprm detail |
|
|
Radius secret key of over 14 characters for external authentication does not get deployed (FPR3100) |
|
|
net-snmp provides various tools relating to the Simple Network Managem |
|
|
Threat defense upgrade failling on script 999_finish/999_zz_install_bundle.sh |
|
|
Incorrect Timezone Format on FTD When Configured via FXOS |
|
|
net-snmp provides various tools relating to the Simple Network Managem |
|
|
Some ssh sessions not timing out, leading to ssh and console unable to connect to the FXOS CLI |
Resolved bugs in FXOS 2.14.1.143
The following table lists the previously release-noted and customer-found bugs that were resolved in FXOS 2.14.1.143:
|
Identifier |
Headline |
|---|---|
|
ASA crashed with SAML scenarios. |
|
|
Upgrade to CiscoSSH 1.13.46 in FXOS address CVE-2023-48795. |
|
|
Entropy mixing breaks NPU build. |
|
|
FP2100/FP1000: ASA Smart licenses lost after reload. |
|
|
FP 3100 MTU change on management interface is NOT persistent across reboots (returns to default MTU). |
|
|
Failing to dowload FTD image via SAML SSO login. |
|
|
FXOS: Remove enforcement of blades going into degraded state after multiple DIMM correctable errors. |
|
|
Upgrade to CiscoSSL 1.1.1v.7.3.338-fips in SSP MIO. |
|
|
Adding Jent library in SSP MIO. |
|
|
Jent Implemention in SSP MIO. |
|
|
Using entropy mixing with CiscoSSL. |
|
|
Use kill tree function in SMA instead of SIGTERM. |
|
|
ENH: Combine firmware bundle packages into FXOS MIO update packages. |
|
|
SSP MIO: Swims token support in signing image. |
|
|
Timezone not working correctly on 9300/4100 platforms. |
Related Documentation
For additional information on the Firepower 9300 or 4100 series security appliance and FXOS, see Navigating the Cisco FXOS Documentation.
Online Resources
Cisco provides online resources to download documentation, software, and tools, to query bugs, and to open service requests. Use these resources to install and configure FXOS software and to troubleshoot and resolve technical issues.
-
Cisco Support & Download site: https://www.cisco.com/c/en/us/support/index.html
-
Cisco Bug Search Tool: https://tools.cisco.com/bugsearch/
-
Cisco Notification Service: https://www.cisco.com/cisco/support/notifications.html
Access to most tools on the Cisco Support & Download site requires a Cisco.com user ID and password.
Contact Cisco
If you cannot resolve an issue using the online resources listed above, contact Cisco TAC:
-
Email Cisco TAC: tac@cisco.com
-
Call Cisco TAC (North America): 1.408.526.7209 or 1.800.553.2447
-
Call Cisco TAC (worldwide): Cisco Worldwide Support Contacts
Communications, Services, and Additional Information
-
To receive timely, relevant information from Cisco, sign up at Cisco Profile Manager.
-
To get the business impact you’re looking for with the technologies that matter, visit Cisco Services.
-
To submit a service request, visit Cisco Support.
-
To discover and browse secure, validated enterprise-class apps, products, solutions and services, visit Cisco Marketplace.
-
To obtain general networking, training, and certification titles, visit Cisco Press.
-
To find warranty information for a specific product or product family, access Cisco Warranty Finder.
Feedback