Cisco Firepower 4100/9300 FXOS Release Notes, 2.10(1)

This document contains release information for Cisco Firepower eXtensible Operating System (FXOS) 2.10(1).

Use these Release Notes as a supplement with the other documents listed in the documentation roadmap:


Note

The online versions of the user documentation are occasionally updated after the initial release. As a result, the information contained in the documentation on Cisco.com supersedes any information contained in the context-sensitive help included with the product.


Introduction

The Cisco security appliance is a next-generation platform for network and content security solutions. The security appliance is part of the Cisco Application Centric Infrastructure (ACI) Security Solution and provides an agile, open, secure platform that is built for scalability, consistent control, and simplified management.

The security appliance provides the following features:

  • Modular chassis-based security system—Provides high performance, flexible input/output configurations, and scalability.

  • Firepower Chassis Manager—Graphical user interface provides a streamlined, visual representation of the current chassis status and allows for simplified configuration of chassis features.

  • FXOS CLI—Provides command-based interface for configuring features, monitoring chassis status, and accessing advanced troubleshooting features.

  • FXOS REST API—Allows users to programmatically configure and manage their chassis.

What's New

Cisco FXOS 2.10.1 introduces the following:

New Features in FXOS 2.10.1.234

Fixes for various problems (see Resolved Bugs in FXOS 2.10.1.234).

New Features in FXOS 2.10.1.207

Fixes for various problems (see Resolved Bugs in FXOS 2.10.1.207).

New Features in FXOS 2.10.1.179

Fixes for various problems (see Resolved Bugs in FXOS 2.10.1.179).

New Features in FXOS 2.10.1.166

Fixes for various problems (see Resolved Bugs in FXOS 2.10.1.166).

New Features in FXOS 2.10.1.159

Fixes for various problems (see Resolved Bugs in FXOS 2.10.1.159).

New Features in FXOS 2.10.1.159

Cisco FXOS 2.10.1.159 has no new features:

Software Download

You can download software images for FXOS and supported applications from one of the following URLs:

For information about the applications that are supported on a specific version of FXOS, see the Cisco FXOS Compatibility guide at this URL:

https://www.cisco.com/c/en/us/td/docs/security/firepower/fxos/compatibility/fxos-compatibility.html

Important Notes

  • In FXOS 2.4(1) or later, if you are using an IPSec secure channel in FIPS mode, the IPSec peer entity must support RFC 7427.

  • When you configure Radware DefensePro (vDP) in a service chain on a currently running Firepower Threat Defense application on a Firepower 4110 or 4120 device, the installation fails with a fault alarm. As a workaround, stop the Firepower Threat Defense application instance before installing the Radware DefensePro application.


    Note

    This issue and workaround apply to all supported releases of Radware DefensePro service chaining with Firepower Threat Defense on Firepower 4110 and 4120 devices.


  • Firmware Upgrade—We recommend upgrading your Firepower 4100/9300 security appliance with the latest firmware. For information about how to install a firmware update and the fixes included in each update, see https://www.cisco.com/c/en/us/td/docs/security/firepower/fxos/firmware-upgrade/fxos-firmware-upgrade.html.


    Note

    If you upgrade FXOS to 2.10 firmware from a firmware version lower than 1.0.18, you will receive a warning message saying FPGA version lower than 2.00 is detected. A critical upgrade from the firmware bundle version 1.0.18 or above is required.


  • When you upgrade a network or security module, certain faults are generated and then cleared automatically. These include a “hot swap not supported” fault or a “module removed when in online state” fault. If you have followed the appropriate procedures, as described in the Cisco Firepower 9300 Hardware Installation Guide or Cisco Firepower 4100 Series Hardware Installation Guide, the fault(s) are cleared automatically and no additional action is required.

System Requirements

  • You can access the Firepower Chassis Manager using the following browsers:

    • Mozilla Firefox—Version 42 and later

    • Google Chrome—Version 47 and later

    • Microsoft Internet Explorer—Version 11 and later

    We tested FXOS 2.10(1) using Mozilla Firefox version 42, Google Chrome version 47, and Internet Explorer version 11. Other versions of these browsers are expected to work. However, if you experience any browser-related issues, we suggest you use one of the tested versions.

Upgrade Instructions

You can upgrade your Firepower 9300 or Firepower 4100 series security appliance directly to FXOS 2.10(1) if it is currently running FXOS version 2.2(2) or later. Before you upgrade your Firepower 9300 or Firepower 4100 series security appliance to FXOS 2.10(1), first upgrade to FXOS 2.2(2), or verify that you are currently running FXOS 2.2(2).

For upgrade instructions, see the Cisco Firepower 4100/9300 Upgrade Guide.

Installation Notes

  • An upgrade to FXOS 2.10(1) can take up to 45 minutes. Plan your upgrade activity accordingly.

  • If you are upgrading a Firepower 9300 or Firepower 4100 series security appliance that is running a standalone logical device or if you are upgrading a Firepower 9300 security appliance that is running an intra-chassis cluster, traffic does not traverse through the device while it is upgrading.

  • If you are upgrading a Firepower 9300 or a Firepower 4100 series security appliance that is part of an inter-chassis cluster, traffic does not traverse through the device being upgraded while it is upgrading. However, the other devices in the cluster continue to pass traffic.

  • Downgrade of FXOS images is not officially supported. The only Cisco-supported method of downgrading an image version of FXOS is to perform a complete re-image of the device.

Resolved and Open Bugs

The resolved and open bugs for this release are accessible through the Cisco Bug Search Tool. This web-based tool provides you with access to the Cisco bug tracking system, which maintains information about bugs and vulnerabilities in this product and other Cisco hardware and software products.


Note

You must have a Cisco.com account to log in and access the Cisco Bug Search Tool. If you do not have one, you can register for an account.


For more information about the Cisco Bug Search Tool, see the Bug Search Tool Help & FAQ.

Open Bugs in FXOS 2.10.1.159

There are no disclosed open defects at this time.

Resolved bugs in FXOS 2.10.1.234

The following table lists the previously release-noted and customer-found bugs that were resolved in FXOS 2.10.1.234:

Caveat ID Number

Description

CSCwa52215

Uploading firmware triggers data port-channel to flap

CSCwa70299

CIAM: expat multiple Vulnerabilities

CSCwa81112

CIAM: expat - CVE-2022-23852

CSCwa90735

FTD/FXOS - ASAconsole.log files fail to rotate causing excessive disk space used in /ngfw

CSCwa99171

Chassis and application sets the time to Jan 1, 2010 after reboot

CSCwb24367

Evaluation of Cisco Firepower 4100/9300 FXOS for Dirty Pipe vulnerability

CSCwb57988

The smConLogger traceback is caused by memory leak.

CSCwb70030

MIO: No blade reboot during CATERR if fault severity is non-Severe or CATERR sensor is different

CSCwb74498

Cisco FXOS and NX-OS Software CDP DoS and Arbitrary Code Execution Vulnerability

CSCwb84967

Firepower 9300 chassis troubleshoot file caused outage

CSCwc03510

Kilburn Park freezes / crashes on netboot system load

CSCwc08094

Update CiscoSSL to 1.1.1o.7.3sp.143

CSCwc25207

WR6, WR8, LTS18 and LTS21 commit id update in CCM layer (Seq 33)

CSCwc37695

In addition to the c_rehash shell command injection identified in CVE-2022-1292

CSCwc46569

WR8, LTS18 and LTS21 commit id update in CCM layer (Seq 34)

CSCwc60907

WR6, WR8, LTS18 and LTS21 commit id update in CCM layer (Seq 35)

CSCwc76195

Fail-To-Wire interfaces flaps intermittently due to watchdog timeout in KP platform

CSCwc82169

FPR4100/9300 Blade discovery may hang due to internal communication failure with blade adapter

CSCwc83037

WR6, WR8, LTS18 and LTS21 commit id update in CCM layer (Seq 36)

CSCwc96136

CCM layer (Seq 38) WR8, LTS18, LTS21

CSCwd08626

FTW: port pairs unexpectedly going to bypass due to failure

CSCvy46342

"power down soft-shut-down" option is restarting the blade while testing 92.11 release

CSCvz13564

Firepower 2100 FTD: ssh-access-list configuration are lost after upgrading

CSCvz46420

BootCLI commands user messages to be more clear

CSCvz61456

Software upgrade on ASA application may failure without obvious reasons

CSCvz89930

CIAM: openssh - CVE-2021-41617

CSCwa16626

Syslog over TLS accepting wildcard in middle of FQDN

CSCwa33686

CIAM: bind 9.11.4

CSCwa33688

CIAM: cpio 2.12

CSCwa53271

CIAM: mod-security - CVE-2021-42717

CSCwa61418

4100/9300: GET/PATCH sys/mgmt-ipv6 returned 404 error

CSCwb02689

FXOS should check reference clock stratum instead of NTP server local clock stratum

CSCwb05051

CIAM: python 3.9.2

CSCwb27099

FXOS: Third-party interop between Ciena Waveserver with firepower chassis.

CSCwb44662

CIAM: zlib - CVE-2018-25032

CSCwb57524

FTD upgrade fails - not enough disk space from old FXOS bundles in distributables partition

CSCwb62105

CIAM: glibc 2.33 CVE-2022-23219 and others

CSCwb71554

CIAM: libxml - CVE-2022-23308

CSCwb71582

CIAM: strongswan - CVE-2021-45079

CSCwb73678

/var/tmp partition fullness warning on FXOS

CSCwb91812

FXOS Arbitrary File Write with FTP Copy

CSCwc03393

Lina traceback and core file size is beyond 40G and compression fails on FTD

CSCwc30239

CIAM: apache-http-server - CVE-2022-31813 and Others

CSCwc34082

CIAM: curl - CVE-2022-22576 and others

CSCwc41293

Firepower module show-tech file generation may fail with error "Failed to create archive!"

CSCwc45759

NTP logs will eventually overwrite all useful octeon kernel logs

CSCwc46847

FXOS partition opt_cisco_platform_logs on FP1K/FPR2K may go Full due to ucssh_*.log

CSCwc65508

CIAM: libtirpc - CVE-2021-46828

CSCwc76849

link state propagation stops working when performing full chassis reboot

CSCwd05772

Evaluation of ssp for CSCwb91812

CSCwd24072

rsc_5_min.log store location should move to a different partition

CSCvy45907

CIAM: expat - multiple versions

CSCwa14133

ENH: Save output of 'top -H' to topout.log* files in FPRM

CSCwa88148

ENH: Fail-to-Wire feature switching standby/bypass from CLI

CSCwc26489

ENH - Setting the zmqio sched policy and priority for MIO heartbeat channel

Resolved bugs in FXOS 2.10.1.207

The following table lists the previously release-noted and customer-found bugs that were resolved in FXOS 2.10.1.207:

Caveat ID Number

Description

CSCvx76651

ENH: Prevent CCL IP addressing on the 169.254.x.x subnet on cluster creation

CSCvy99348

Shutdown command reboots instead of shutting the FP1k device down.

CSCvz94217

App-instance startup version is ignored and set to running-version after copy config

CSCwa14133

ENH: Save output of 'top -H' to topout.log* files in FPRM

CSCwa16251

USB kernel modules required for FMC

CSCwa24265

FXOS changes to provide dmidecode access to container

CSCwa52215

Uploading firmware triggers data port-channel to flap

CSCwb49416

ASA snmpd Traceback & cores on an active unit

CSCwb12119

CIAM: expat - CVE-2022-25235 and others

CSCvy72841

Firepower 1K FTD sends LLDP packets with internal MAC address of eth2 interface

CSCwb20072

Update LTS18 to RCPL 24

CSCwb70030

MIO: No blade reboot during CATERR if fault severity is non-Severe or CATERR sensor is different

CSCvz61689

Port-channel member interfaces are lost and status is down after software upgrade

CSCwa20758

WR6, WR8 and LTS18 commit id update in CCM layer(sprint 124, seq 20)

CSCwa49417

WR8 and LTS18 commit id update in CCM layer (sprint 126, seq 22)

CSCwb13294

WR8, LTS18 and LTS21 commit id update in CCM layer (Seq 25)

CSCwb32772

Evaluation of ssp for vulnerabilities resolved in Apache httpd 2.4.53

CSCwb57988

The smConLogger traceback is caused by memory leak.

CSCwc32584

WM 1150: Upgrade to asa image "99.16.4.24-198" fails on Wm1150 platform

CSCvx59252

FXOS is not rotating log files for management interface

CSCwa48169

ASA/FTD traceback and reload on netsnmp_handler_check_cache function

CSCwa76822

Tune throttling flow control on syslog-ng destinations

CSCwa26960

IPv6 support for ftdv in azure platform

CSCwa16705

Need to upgrade or patch syslog-ng in WR os for FMC to support the ecdh-curve-list() setting

CSCwa20610

Implementation of CLI for ipv6 logo certification

CSCwa32286

WR6, WR8 and LTS18 commit id update in CCM layer (sprint 125, seq 21)

CSCwb25246

ASAv SSH session getting terminated with ospf network command using Azure / Azure Stack hub

CSCwb74973

FXOS: WARNING: Configuration file format is too old, syslog-ng is running in compatibility mode.

CSCwa43475

ASA SNMPd traceback in netsnmp_subtree_split

CSCwa71071

Update certificate bundle for 7.2 release

CSCwa90615

WR8 and LTS18 commit id update in CCM layer (seq 24)

CSCwb15170

RM 1120 Port state going down, speed is 100/10 and duplex full/Half, speed and duplexmismatchpresent

CSCwb41361

WR8, LTS18 and LTS21 commit id update in CCM layer (seq 26)

CSCwb73356

nvram logs consistently written every 2 seconds causing high disk utilization

CSCvz11409

TPK keep rebooting with /bin/echo: write error: No space left on device

CSCwa46905

WM 1010 10/100Mbps full duplex setting is not getting effect

CSCwa51241

Switch detected unknown MAC address from FPR1140 Management Interface

CSCwa79676

FPR1010 in HA Printing Broadcast Storm Alerts for Multiple Interfaces

CSCwb06543

Increase logging level to diagnose LACP process unexpected restart events

CSCwb27099

FXOS: Third-party interop between Ciena Waveserver with firepower chassis.

CSCwb84638

Portmanager/LACP improvement to capture logging events on external event restarts

CSCwb01633

FXOS misses logs to diagnose root cause of module show-tech file generation failure

CSCwb12465

FIPS self-tests must be run when CC mode is enabled - files are missing

CSCwb74357

FXOS is not rotating log files for partition opt_cisco_platform_logs

CSCwa62167

CIAM: Apache-http-server CVE-2021-44790 and CVE-2021-44224

CSCvq29993

FPR2100 ONLY - PERMANENT block leak of size 80, 256, and 1550 memory blocks & blackholes traffic

CSCwb10884

WM11xx: Getting "ERROR: waiting for fxos_log_shutdown" during shutdown.

CSCwb22359

Portmanager/LACP improvement to avoid false restarts and increase of logging events

CSCwb46949

LTS18 commit id update in CCM layer (seq 27)

CSCwb83166

Upgrade to CiscoSSL FOM 7.3sp and CiscoSSL 1.1.1o.7.3sp.143-fips in SSP MIO

CSCvx05297

FPR1010: Add support for ATU, VTU and other switch faults to be read through CLI

CSCwc41590

Upgrade fail & App Instance fail to start with err "CSP_OP_ERROR. CSP signature verification error."

CSCvz57592

CIAM: glibc - CVE-2021-33574 CVE-2021-35942 CVE-2021-38604

CSCvy71252

Physical interface is not coming up on SSP side even though adminState enabled

CSCwa42350

ASA installation/upgrade fails due to internal error "Available resources not updated by module"

CSCwa69303

ASA running on SSP platform generate critical error "[FSM:FAILED]: sam:dme:MgmtIfSwMgmtOobIfConfig"

CSCwc08676

WR6, WR8, LTS18 and LTS21 commit id update in CCM layer (Seq 32)

CSCwc46055

2.10.1 build breakage

Resolved bugs in FXOS 2.10.1.179

The following table lists the previously release-noted and customer-found bugs that were resolved in FXOS 2.10.1.179:

Caveat ID Number

Description

CSCvu36664

FXOS Operational State:Thermal-problem intermittently

CSCvz12494

In FPR2100,after power off/on,the fxos version is mismatched with asa version.

CSCvz38489

ENH: Add failure reason in Fault messages

CSCvz01271

Need show command to see the details of transceiver of FXOS mgmt port via CLI

CSCwa03285

Upgrade to 2.10.1.166 causes degraded SM - Unrecognized Firmware format

CSCvy56137

Enhance asa_cmd_server to execute a command at requested interval

CSCvz02390

BCM SDK (SDK-258005) and SDK - Field Alert - - SDK-233993

CSCvy23328

Send PnuOS logs from blade to MIO

CSCvu76180

Serviceability Request - Add error message that FXOS firmware is not fully activated

CSCvz14640

FXOS System temporary directory usage is unexpectedly high

CSCvz50201

FXOS may display fault F1256 about missing local disk 0

CSCvz94740

FXOS traceback and reload due Service "ascii-cfg" sent SIGABRT for not setting heartbeat.

CSCvz01285

Need show command to see the details of FPGA version on Firepower devices

CSCwa25995

NBN: New PSU PID support in MIO

CSCvz72467

Evaluation of ssp for CDPD crash Nexus devices from CDP table corruption

CSCvy81369

ENH: Include dmesg -T command output in FXOS show-tech files

CSCvz70686

RDNSSD: "Packet too big" error in IPv6 path MTU

CSCvy90746

ENH: Include output of 'show cc-mode' and 'show fips-mode' in chassis show-tech

CSCvz91266

FXOS A crafted request uri-path can cause mod_proxy to forward the request to an origin server...

CSCvz71282

FXOS | high Align-Err counter on port-channel48

Resolved bugs in FXOS 2.10.1.166

The following table lists the previously release-noted and customer-found bugs that were resolved in FXOS 2.10.1.166:

Caveat ID Number

Description

CSCvr94911

FXOS: some interface transition logs have no reason

CSCvy72185

FXOS Apache HTTP Server Multiple Vulnerabilities (CVE-2020-11993) and (CVE-2020-9490)

CSCvw81976

ENH: Rename status BYPASS-FAIL for fail-to-wire inline pairs

CSCvx04995

Fault F0736 should not be generated due to unreacheable default gateway

CSCvx14602

Firepower memory leak in svc_sam_dcosAG

CSCvx66494

Handle CIMC Watchdog reset in MIO

CSCvy04959

FXOS : 'Memory leak' may casue appAG process traceback and reload

CSCvy34333

When ASA upgrade fails, version status is desynched between platform and application

CSCvy39791

Lina traceback and core file size is beyond 40G and compression fails.

CSCvy48764

SSH access with public key authentication requires user password

CSCvy59868

ENH: Include output of 'show card detail expand' and 'show card-config' in chassis show-tech

CSCvy60574

Port dcosAG leak fix CSCvx14602 to KP/WM

CSCvy65802

AppAgent Heartbeat enhancement

CSCvy66942

FPR4100/9300 IPv6 config cannot be applied using Rest API LTP on 9300/4100 Supervisor

CSCvy80380

Disk utilization increasing /var/tmp in FPR4150-ASA chassis

CSCvy83657

FXOS process core pruned/deleted from system files (no validation)

CSCvy83696

ENH: FPR 4100/9300 bcm_usd process logs to support possible RCA

CSCvy95497

Chassis SSD firmware upgrade may be prevented improperly

CSCvz10469

IPv6 allowed networks cannot be provisioned via the bootstrap JSON config file for LTP

CSCvx76826

Add version number in service-mgr logs

CSCvy10846

correct heartbeat log level

CSCvy89766

7.0.0.1-14 9300 FTD node failed to join the cluster after the upgrade

CSCvy88832

ping6 command under connect local-mgmt not working

CSCvp79990

decommission blade should be blocked when disk format in progress

CSCvs29015

Enhancement to make link down/flap reasons from CSCvo90987 user readable

CSCvv89821

"show hardware internal bcm-usd info driver-info" returns error

CSCvx13548

BCM SDK patch - Parity error in TDM Calendar memories causes traffic drop after SER correction

CSCvx13557

Need more bcm-usd output in tech-support

CSCvx17543

FPR-NM-4X40G EPM card aggregate interfaces are down after non-graceful OIR

CSCvx67876

port CSCvt54456's changes to SDK 6.5.16

CSCvy13341

CLI to enable/disable SDK logs

CSCvy23328

Send PnuOS logs from blade to MIO

CSCvy29668

Add Server environment detail to techsupport

CSCvy32270

Display message ???nothing to update??? if the SSD installed is not applicable for the firmware update

CSCvy35746

svc_sam_statsAG_log core file found while setting the admin state to offline in card 3

CSCvy51624

Chassis Reset reason shows different dates

CSCvy59639

Drop counter statistics for BCM

CSCvy67487

9300/4100 Enable Blade Console logs for Release images

CSCvy74913

Upgrade FOM from 7.0a to 7.0b

CSCvx88935

VDP installation failed with error "CSP reached max-app-limit. Install Rejected"

CSCvy25035

Enable log rotation of rsc* logfiles that can grow large due to bug CSCvy13543

CSCvy68403

NTP script generates "binary operator expected" syntax error

CSCvy89648

ma_ctx files with '.backup' extension seen after applying the workaround for CSCvx29429

Resolved bugs in FXOS 2.10.1.159

The following table lists the previously release-noted and customer-found bugs that were resolved in FXOS 2.10.1.159:

Caveat ID Number

Description

CSCvj51919

httpd leaves a zombie process (rotatelogs) behind

CSCvk72915

Backplane Eth1/9 link keeps DOWN until reboot the chassis

CSCvm99989

SNMP OID for SystemUpTime show incorrect value

CSCvo60166

KP: Can't login to fxos due to disk full error

CSCvp57772

FPR1010 / FPR2110 is booting to ROMMON mode

CSCvq56657

ENH: Need to log reset-reason for FP2100 hardware

CSCvr08375

ASA telemetry: Auto registration of device for telemetry failed

CSCvr33586

FPR1010 - Add temperature/warnings for SSD when thresholds are exceeded

CSCvr39217

Fxos Snmp-user is not persistent after reboot

CSCvr70895

LCMB: Dynamic medium page allocation can lead to memory depletion

CSCvs37955

Confusing message about 'without removing the physical hardware' during Acknowledge Security Module

CSCvs71908

Add stack support for FTD/NGIPS to improve the troubleshoot of processes in D state

CSCvs73924

FCM should say is not possible to change AAA server when same protocol is configured for Auth

CSCvs90688

FTD or ASA Hangs After Reload Due to Internal Heartbeat Issue

CSCvs94061

NTP script error leading to clock drift and traffic interruption

CSCvs95188

FXOS FTD Multi Instance CPU cores shared between different instances

CSCvt13730

FP1010 / 2100 - FTD: Management port down/down after FTD upgrade to release 6.6.0

CSCvt15062

FTD 2100: Packet drops during the transition of BYPASS to NON-BYPASS when device is rebooted

CSCvt31457

FP1010 poemgr crashes

CSCvt49308

ASA Traceback in thread name: CERT API memory leak while processing CRLs

CSCvt66186

ASA on FP2100 keeps generating ASA-4-199016 (9.13.1, appliance mode)

CSCvt68486

FXOS: svc_sam_dcosAG process crash on FirePower 4100/9300

CSCvt75741

Get netsnmp-5.8 compiled with AES 192/256 support

CSCvt79984

connector log exhausted disk space

CSCvt85766

FPR2k: FCM Syslog Remote Destinations tab disappeared after upgrading

CSCvt91258

FDM: None of the NTP Servers can be reached - Using Data interfaces as Management Gateway

CSCvt93521

2100 series ASA: Internal 1/1 link Flapping logs

CSCvu03887

bad allowed_cpus in /etc/sf/arc.conf probably from cspCfg.xml

CSCvu07797

FPR-1010 incorrectly classifies 9120AXI AP as Class 1 instead of Class 4

CSCvu13126

Eval of FXOS for Apache vulnerabilities CVE-2020-1927 and CVE-2020-1934

CSCvu16583

[ciam] "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0 passing HTML containing

CSCvu20257

WR6, WR8 and LTS18 commit id update in CCM layer (sprint 85)

CSCvu22377

An extra whitespace in cluster group name of FTD causing data unit to be kicked out.

CSCvu27487

FXOS ASA race condition leading to cluster join failure and network outage

CSCvu40531

FXOS LACP packet logging to pktmgr.out and lacp.out fills up /opt/cisco/platform/logs to 100%

CSCvu44697

Firepower 4100/9300 - Fail-to-wire (FTW) EPM ports link flap during show tech collection

CSCvu47035

Reject the NTP server on the MIO side when the stratum value is higher than device can handle

CSCvu53810

TD2 does not load balance MPLS across backplane interfaces and sends it all to first interface

CSCvu55125

CIAM: nfs-utils 1.3.0

CSCvu59687

Many core.snmpd under the FXOS cores location

CSCvu70493

FXOS - AAA/RADIUS - NAS-IP Field set to 127.0.01

CSCvu75930

Service module not returning error to supervisor when SMA resources are depleted

CSCvu76107

ASA app-instance restart without audit log or trigger

CSCvu76539

FXOS: FPR2100 may go into fail-safe mode after configuring SNMP followed by reload

CSCvu78537

FXOS Multi-Instance fault F0479 Virtual Interface link state is down

CSCvu80370

Cisco Firepower Threat Defense Software SNMP Denial of Service Vulnerability

CSCvu84127

Firepower may reboot for no apparent reason

CSCvu85589

Firepower 9300 FPR-NM-4X100G or FPR-NM-2X100G interface may blackhole port-channel member traffic

CSCvu94706

FXOS dynamically learning mac-address of external machine causing outage

CSCvu97112

SNMP polling stopped working on active device in HA

CSCvv03805

Multi-instance Portchannel VLANs not programmed correctly causing internal traffic loss

CSCvv06794

WR6, WR8 and LTS18 commit id update in CCM layer(sprint 90)

CSCvv09180

NTP "Server Status" is blank in Firepower Chassis Manager when more than one NTP server configured

CSCvv09373

ASA module fails to upgrade (GracefulStopApp FSM failure)

CSCvv10396

Some VIF interfaces may be reported as down in FXOS faults after software upgrade

CSCvv15013

FXOS sending additional internal VLAN TAG leading to ARP update failure on devices.

CSCvv24647

FP2100 - SNMP: incorrect values returned for Ethernet statistics polling

CSCvv24712

2.9.1.84 - 4 node QP longevity setup with SNMPD core on Primary

CSCvv25978

Duplicate ARP replies for IPv4 management address on FTD

CSCvv34888

WR6, WR8 and LTS18 commit id update in CCM layer(sprint 92)

CSCvv36393

statsAG memory leak

CSCvv52349

No utility to handle XFS corruption on 2100/1000 series Firepower devices

CSCvv52715

chassis manager code comments appears post authentication FPR2130

CSCvv54829

FPR device does not recognize USB/pendrive that exeeds 8GB

CSCvv55066

FPR1010: Internal-Data0/0 and data interfaces are flapping during SMB file transfer

CSCvv58480

FXOS: Voltage on DC PSU displayed with wrong values from the 'show stats'

CSCvv66837

FXOS portAG memory leak during periodical interface polls

CSCvv74658

FTD/ASA creates coredump file with "!" character in filename (zmq changes (fxos) for CSCvv40406 )

CSCvv79459

WR6, WR8 and LTS18 commit id update in CCM layer (sprint 94, seq 1)

CSCvv84358

VIC adapter kernel crash at boot

CSCvv85742

Upgrade : FSM status can show incorrect value after upgrade

CSCvv95277

FPR2100 High disk usage in partition /opt/cisco/platform/logs due to growth of httpd log files

CSCvw05392

Message appearing constantly on diagnostic-cli

CSCvw13348

WR6, WR8 and LTS18 commit id update in CCM layer (sprint 98, seq 2)

CSCvw16165

Firepower 1000 Series stops passing traffic when a member of the port-channel is down

CSCvw19401

Memory leak : DME process may traceback generating core on Firepower 4100/9300 (M5 series only)

CSCvw22435

Error "No such file or directory" happended when using "copy ftp: wrokspace:" in FXOS 2.8.1

CSCvw30887

MIO crashed due to HA policy of Reset with Service: bcm_usd hap reset

CSCvw33536

4100/9300: Cannot associate port channel / interface to App

CSCvw38614

AZURE ASA/FTD NIC MAC address might get re-ordered upon a reboot

CSCvw48829

Timezone in "show clock" is different from which in "show run clock"

CSCvw52083

The FXOS logrotate does not rotate properly all the log files

CSCvw53494

CRUZ paloview is not accessible on release build

CSCvw62255

"Link not connected" error when using WSP-Q40GLR4L transceiver and Arista switch

CSCvw67974

SSH access with public key authentication fails after FXOS upgrade

CSCvw72260

ASA upgrade failed with: "CSP directory does not exist - STOP_FAILED Application_Not_Found"

CSCvw77924

Radius Key with the ASCII character " configured on FXOS does not work after chassis reload.

CSCvw79465

FXOS upgrade does not do proper compatibility check for FTD image

CSCvw90634

FP2100 ASA - 1 Gbps SFP in network module down/down after upgrade to 9.15.1.1

CSCvw93159

FPR2100: ASA/FTD generates message "Local disk 2 missing on server 1/1"

CSCvw95181

FXOS upgrade fails with error "does not support application instances of deployment type container"

CSCvw97256

Need handling of rmu read failure to ignore link state update when link state API read fails

CSCvw98315

FXOS reporting old FTD version after FTD upgrade to 6.7.0

CSCvx01786

Pre-login-banner not showing on FCM WebUI

CSCvx16700

FXOS clock sync issue during blade boot up due to "MIO DID NOT RESPOND TO FORCED TIME SYNC"

CSCvx21208

Evaluation of ssp for Sudo privilege escalation Jan 21 vulnerability

CSCvx25336

ENH: add a way to disable the FQDN check

CSCvx29429

ma_ctx*.log consuming high diskspace on FPR4100/FPR9300 despite the fix for CSCvx07389

CSCvx33904

Sudo before 1.9.5p2 has a Heap-based Buffer Overflow, allowing privile

CSCvx38047

FXOS show fault warning code F4526902

CSCvx48862

Unable to save new cluster node configs on FCM due to java error

CSCvx82705

Evaluation of ssp for OpenSSL March 2021 vulnerabilities

CSCvy03045

Failure accessing FXOS with connect fxos admin from Multi-Context ASA if admin context is changed

CSCvy08798

WR6, WR8 and LTS18 commit id update in CCM layer(sprint 110, seq 10)

Online Resources

Cisco provides online resources to download documentation, software, and tools, to query bugs, and to open service requests. Use these resources to install and configure FXOS software and to troubleshoot and resolve technical issues.

Access to most tools on the Cisco Support & Download site requires a Cisco.com user ID and password.

Contact Cisco

If you cannot resolve an issue using the online resources listed above, contact Cisco TAC:

Communications, Services, and Additional Information

  • To receive timely, relevant information from Cisco, sign up at Cisco Profile Manager.

  • To get the business impact you’re looking for with the technologies that matter, visit Cisco Services.

  • To submit a service request, visit Cisco Support.

  • To discover and browse secure, validated enterprise-class apps, products, solutions and services, visit Cisco Marketplace.

  • To obtain general networking, training, and certification titles, visit Cisco Press.

  • To find warranty information for a specific product or product family, access Cisco Warranty Finder.