Cisco
ASA Interim Release Notes
The software
images listed below are Interim releases.
They contain bug fixes which address specific
issues found since the last Feature or Maintenance release. The images are fully supported by Cisco TAC and
will remain on the download site only until the next Maintenance release is
available. If you do not have a specific problem which
is resolved by an Interim release, we recommend that you use the Feature or
Maintenance release images.
Important: These images were not fully regression
tested. Each individual fix was unit
tested, and the image has had a limited amount of automated regression testing
to confirm a baseline of functionality.
Keep this testing status in mind if you decide to run them in a
production environment. We strongly
encourage you to upgrade to a fully tested Maintenance or Feature release when
it becomes available.
Revision: Version 9.0(4)42 – 10/19/2016
Files: asa904-42-smp-k8.bin,
asa904-42-k8.bin
Defects resolved since 9.0(4)40:
|
Evaluation of pix-asa for OpenSSL March 2016 |
|
|
ENH: ASAv should have a different
pre-loaded cert |
|
|
Cisco ASA Software Local Certificate Authority Denial of Service
Vulnerability |
|
|
Buffer Overflow in ASA Leads to Remote Code Execution |
Revision: Version 9.0(4)40 – 08/24/2016
Files: asa904-40-smp-k8.bin,
asa904-40-k8.bin
Defects resolved since 9.0(4)39:
|
IPv6 neighbor discovery packet processing behavior |
|
|
Cisco ASA SNMP Remote Code Execution Vulnerability |
Revision: Version 9.0(4)39 – 04/08/2016
Files: asa904-39-smp-k8.bin,
asa904-39-k8.bin
Defects resolved since 9.0(4)38:
|
Evaluation of pix-asa for OpenSSL December 2015 Vulnerabilities |
Revision: Version 9.0(4)38 – 01/14/2016
Files: asa904-38-smp-k8.bin,
asa904-38-k8.bin
Defects resolved since 9.0(4)37:
|
Cisco ASA IKEv1 and IKEv2 Buffer Overflow Vulnerability |
|
|
|
Cisco ASA IKEv1 and IKEv2 Buffer Overflow Vulnerability |
||
Revision: Version 9.0(4)37 – 10/21/2015
Files: asa904-37-smp-k8.bin,
asa904-37-k8.bin
Defects resolved since 9.0(4)35:
|
ASA crashes in DHCPV6 Relay agent feature Functionality |
|
|
WebVPN Rewriter: "parse" method returns curly
brace instead of semicolon |
|
|
ASA traceback in threadname
Checkheaps when it hits dhcpv6 packet |
|
|
ISAKMP SERVER traffic from codenomicon
crashes ASA |
|
|
ASA traceback in ThreadName:ci/console,while pinging
DNS Server name |
|
|
Traceback: mem_get_owner+104 at slib/../finesse/snap_api.h:163 |
|
|
Evaluation of OpenSSL June 2015 |
Revision: Version 9.0(4)35 – 06/16/2015
Files: asa904-35-smp-k8.bin,
asa904-35-k8.bin
Defects resolved since 9.0(4)33:
|
ASA: DHCP relay does not validate the Server Identifier of a
reply |
|
|
Cisco ASA Challenge-Response Tunnel Group Selection Bypass
Vulnerability |
|
|
Add cli to control masked username in syslog |
|
|
Usernames obscured with asterisks in logs after upgrade to ASA
9.1(5.16) |
|
|
ASA traceback in DATAPATH-1-2414 after
software upgrade |
|
|
ASA: Traceback when removing manual
NAT rule |
|
|
HTTP redirect to the VPNLB address using HTTPS fails in 9.1.5 |
|
|
ASA WEBVPN: Usernames shown as '*' in logs for failed
authentication |
|
|
MARCH 2015 OpenSSL Vulnerabilities |
Revision: Version 9.0(4)33 – 04/08/2015
Files: asa904-33-smp-k8.bin,
asa904-33-k8.bin
Defects resolved since 9.0(4)29:
|
Multiple problems with output of show processes memory |
|
|
ASA Crash in checkheaps due to snmp component |
|
|
ASA 8.4 Memory leak due to duplicate entries in ASP table |
|
|
Cisco ASA DNS Memory Exhaustion Vulnerability |
|
|
Cisco ASA Failover Command Injection Vulnerability |
|
|
Mac version smart-tunnel uses SSLv3 which is a vulnerability |
|
|
RPC error in request config after
replicated a large configuration |
|
|
ASA SMTP inspection should not disable TLS by default |
|
|
ASA traceback in Thread Name:
ci/console, assertion "snp_sp_action.c" |
|
|
ASA prefers Suite-B algorithms w/ AC Essentials enabled for AC
IKEv2 |
|
|
NetFlow incorrect reporting for PPTP VPN over GRE |
|
|
ASA teardown connection after receiving same direction fins |
|
|
ASA traceback in Thread Name: fover_parse |
|
|
ASA 9.1.5 does not always drop connections after receiving
RST+ACK flag |
|
|
ASA fails to sync objects with name ANY after upgrade from 8.4
to 9.x |
|
|
ASA clears the TOS value of ICMP echo reply packet from ASA's
interface |
|
|
More than 255 messages in multicast packet with jumbo frames |
|
|
Radius Acct-Terminate-Cause for L2TP over IPSec is incorrect. |
|
|
Network Object NAT is not working when config-register
== 0x41 |
|
|
Cisco ASA VPN XML Parser Denial of Service Vulnerability |
|
|
Duplicate IPv6 address is configurable in 1 ASA or context |
|
|
ASA: XFRAME support for .JS and .JNLP
URL's |
|
|
BG:EUI-64 configuration not to be
enforced for MGMT interface |
|
|
[ASA] CTP not working if proxyACL port_argument is gt |
|
|
2048-byte block leak if DNS server replies with "No such
name" |
Revision: Version 9.0(4)29 – 02/03/2015
Files: asa904-29-smp-k8.bin,
asa904-29-k8.bin
Defects resolved since 9.0(4)26:
|
ASA SIP Inspection Memory Leak Vulnerability |
|
|
ASA Page Fault Traceback in 'vpnfol_thread_msg' Thread |
|
|
ASA traceback in cluster with DATAPATH
thread |
|
|
nested custom write functions causing blank page through rewriter |
|
|
HTTP and FTP Copy operations exposes sensitive information in syslogs |
|
|
ASA: Traceback in idfw_proc |
|
|
ASA Traceback in Thread Name:
DATAPATH-3-1274 |
|
|
ASA SMTP inspection should not disable TLS by default |
|
|
scansafe feature is
missing from registered module features |
|
|
Potential ICMP error storm in cluster CCL link |
|
|
ASA IPSEC client PKI username from certificate authorization
failure |
|
|
ASA - Additional empty fields in RADIUS Access-Request packet |
|
|
ipsec-datapath:TFW management
connection via VPN takes a few minutes |
|
|
ASA5580-20 8.4.7.23: Traceback in
Thread Name: ssh |
|
|
ASA: evaluation of Poodle Bites in TLSv1 |
|
|
ASA WebVPN Citrix SSO: Chrome does not skip to login on external
page |
|
|
JANUARY 2015 OpenSSL Vulnerabilities |
Revision: Version 9.0(4)26 – 12/09/2014
Files: asa904-26-smp-k8.bin,
asa904-26-k8.bin
Defects resolved since 9.0(4)24:
|
Syslog 106100 not generated on second context when cascading
contexts. |
|
|
SNMP MIB: Equivalent of "show xlate
count" command |
|
|
Observed Traceback in SNMP while
querying GET BULK for 'xlate count' |
|
|
Add a CLI to configure SSL FCADB timeout |
|
|
Hostscan ASA token times out on slow connections |
|
|
Arsenal:twice NAT with service
type ftp not working. |
|
|
Linux Kernel Invalid fs and gs Registry KVM Denial of Service Vulnerab |
|
|
Linux Kernel GUID Partition Tables Handling Arbitrary Code
Execution V |
|
|
ASA SSL: Continues to accept SSLv3 during TLSv1 only mode |
|
|
Idle timer and half-closed idle timer reset by out of sequence
SYN |
|
|
ASA TCP Proxy can corrupt data, cause ACK storms and session
hangs |
|
|
Invalid user names are logged in syslogs |
|
|
ASA5585-SSP60 Traceback in Thread Name
SSH on Capture Command |
|
|
ASA does not recognise "packet
too big" for assembled ICMPv6 echo reply |
|
|
ASA: Traceback in Thread Name:
Dispatch Unit when enable debug ppp int |
|
|
ASA allows IKEv1 clients to bypass address assignment, causing
conflict |
|
|
accounting not per rfc in dual factor auth case |
|
|
ASA providing inaccurate Tunnel count to ASDM |
|
|
Local pool address not released -> Duplicate local pool
address found |
|
|
Traceback caused by WCCP |
|
|
Traceback in Thread Name qos_metric_daemon
caused by asdm history enable |
|
|
Incorrect content-length when maddr
present with URI in SIP message body |
|
|
ASA: standby traceback during
replication of specific privilege command |
|
|
ASA Local CA generates unexpected renewal reminder message |
|
|
Cisco ASA Software Version Information Disclosure Vulnerability |
|
|
Traceback in clacp_enforce_load_balance with
ASA Clustering |
|
|
ASA Cluster slave unit loses default route due to sla monitor |
|
|
Cisco ASA SSL VPN Memory Blocks Exhaustion Vulnerability |
|
|
ASA traceback in DATAPATH-0-2078
thread |
|
|
ASA Cluster: IDFW traceback inThread Name: DATAPATH-3-132 |
|
|
Inspect rule defaults in standby transparent context on write
standby |
|
|
ASA5580 speed nonegotiate settings
kept link down after shut/no shut |
|
|
User membership not updated in parent group |
|
|
ASA: RST packet forwarded with non-zero ACK number (and ACK flag
clear) |
|
|
Object Group Search causing legitimate traffic to be dropped by
ACL |
|
|
ASA ACL hitcount not correct for ACLs
with service object groups |
|
|
DHCP Relay reloads after changing server interface |
|
|
xlate per-session
commands are not synchronized |
|
|
SDI authentication doesn't work in more than one contexts. |
|
|
ASA : evaluation of
SSLv3 POODLE vulnerability |
|
|
Control Plane ACL Not Working for Redirected HTTP Traffic |
|
|
ASA assert traceback on Standby Unit
in c_idfw.c |
|
|
Traceback: pki-crl: Thread Name: Crypto CA with
traffic through VPN L2L |
|
|
ASA Client login timeout issue due to proxy match inconsistency |
|
|
Hex code associated with syslog is referenced from the old
ACE/ACL |
|
|
ASA5585 traceback on Thread name: idfw_proc |
|
|
Webvpn: Support for XFRAME for non-critical URL's |
|
|
DATAPATH Traceback in snp_mp_svc_udp_upstream_data function |
|
|
ASA Traceback in Thread Name:
DATAPATH-6-2544 |
Revision: Version 9.0(4)24 – 10/02/2014
Files: asa904-24-smp-k8.bin,
asa904-24-k8.bin
Defects resolved since 9.0(4)20:
|
vpn-sessiondb detail missing
Filter Name after IKEv1 rekey |
||
|
Asa 5580-20: object-group-search access-control causes failover
problem |
||
|
Mem leak in ikev2 tk: ikev2_dupe_id |
||
|
ASA has inefficient memory use when cumulative AnyConnect
session grows |
||
|
ASA: Last packet in PCAP capture file not readable |
||
|
WebVPN portal page misses large title after portal redesign |
||
|
ASA Webvpn CIFS vnode_create:
VNODE ALLOCATION LIMIT 100000 REACHED! |
||
|
ASA 8.4.6 MAC Address flapping with Port-Channels and IPv6 |
||
|
traffic does not match time-rang access-list configured with
policy-maps |
||
|
ASA Transparent mode doesn't pass DHCP discover message |
||
|
ASA Traceback in DATAPATH-1-1400 with
error message shrlock_join_domain |
||
|
XenDeskTop7:cannot relogin
to StoreFront ineterface
after logoff |
||
|
ASA Tears Down Connections With Reason of 'snp_drop_none' |
||
|
ASA 5505 u-turned/hairpinned conn
counts toward license local-host limit |
||
|
ASA WebVPN Memory leak leading to Blank Portal Page/AnyConnect failure |
||
|
ENH: Add "speed nonegotiate"
command for fiber interfaces on ASA5585 |
||
|
Traceback on DATAPATH-7-1524 Generating Botnet Filter Syslog |
||
|
ASA with SFP+4GE-SSM sends flow-control packets at line rate |
||
|
CWS: Large downloads on HTTPS fail when server side seq number wraps |
||
|
ASA: HTTP searchPendingOrders.do function failing over WebVPN |
||
|
ASA NAT: Some NAT removed after upgrade from 8.6.1.5 to 9.x |
||
|
ASA allows to empty an access-list referenced elsewhere |
||
|
ASA AnyConnect failure or crash in SSL
Client compression with low mem |
||
|
show vpn load-balancing shows Public addr as Cluster IP addr for
Master |
||
|
Failover Standby unit has higher memory utilization |
||
|
ASA WebVPN: Script error when using port-forwarding |
||
|
ASA SSLVPN Java plugins fail through proxy with Connection
Exception |
||
|
ASA WebVPN Rewriter: Custom HTTP Headers Not Properly Rewritten |
||
|
ASA - Traceback in thread name: sch_prompt anonymous reporting |
||
|
TCP intercept does not work after embryonic connection ends |
||
|
ASA Panic: CP Processing - ERROR: shrlock_join_domain |
||
|
When ACL optimization is enabled, wrong rules get deleted |
||
|
ASA tmatch_summary_alloc block leak in
binsize 1024 |
||
|
Cisco ASA SSL VPN Portal
Customization Integrity Vulnerability |
|
|
|
SNMP: Unable to verify presence of second power supply in ASA
5545 |
||
|
ASA Traceback in Thread name:
ci/console while modifying an object-group |
||
|
"no speed nonegotiate"
command in ASA 5580 running 9.1.5 in show run |
||
|
ASA - Wrong object-group migration during upgrade from 8.2 |
||
|
ASA - Permitting/blocking traffic based on wrong IPs in ACL |
||
|
ASA traceback in thread name idfw_adagent |
||
|
ASA Overwrite any file on WebVPN RAMFS |
||
|
ASA: Traceback Page Fault in vpnfol_thread_msg on Standby ASA |
||
|
ASA with ACL optimization crashing in "fover_parse"
thread |
||
|
No syslogs for ASDM or clientless
access with blank username/password |
||
|
Personal bookmarks get deleted with ASA in Active/Standby
failover |
||
|
WebVPN: uploading customized portal.css breaks the portal login
page |
||
|
ASA crashes with Page Fault with multiple configuration sessions |
||
|
ASA failover standby device reboots due to delays in config replication |
||
|
ASA rewrites incorrect content-length in SIP message |
||
|
ASA Smart Call does not hide IPv6 addresses for ND |
||
|
IPv4 ACLs not working after merging IPv4 and IPv6 ACLs by
upgrading |
||
|
ASA : Failover descriptor does not change after reconfiguring VLAN |
||
|
WebVPN: sharepoint
2007/2010 and Office2007 can't download/edit pictures |
||
|
IPsecOverNatT tunnel disappears after ASA failovers |
||
|
Smart Tunnels Spawn "UNKNOWN Publisher" Warning w/Java
7 Update 60 |
||
|
Using "?" to list files in directory with thousands of
files causing hog |
||
|
Show memory app-cache command shows incorrect bytes if more than
2^32 |
||
|
vbscript getting caught in
loop when passing thru ASA WebVPN Rewriter |
||
|
traceback in thread name: netfs_thread_init |
||
|
ASA - Traceback in thread name SSH while
changing NAT configuration |
||
|
Cisco ASA Privilege Escalation |
||
|
WebVPN: Rewriter issue with PATHIX Inspection Database |
||
|
ASA: Entering Query String on /+CSCOE+/logon.html disclose
information |
||
|
Double Free when processing DTLS packets |
||
|
OpenSSL Zero-Length Fragments DTLS Memory Leak Denial of Service Vuln |
||
|
ASA Radius Access-Request contains both User-Password and
CHAP-Password |
||
|
ASA returns wrong content-length for cut-thru proxy
authentication page |
||
Revision: Version 9.0(4)20 – 07/22/2014
Files: asa904-20-smp-k8.bin,
asa904-20-k8.bin
Defects resolved since 9.0(4)17:
|
9.0(4)5 - Unable to access internal
site via clientless SSLVPN |
|
|
ASA: Page fault traceback in DATAPATH
when DNS inspection is enabled |
Revision: Version 9.0(4)17 – 07/07/2014
Files: asa904-17-smp-k8.bin,
asa904-17-k8.bin
Defects resolved since 9.0(4)7:
|
ENH - Add device serial number and platform string to show run
output |
|
|
Double auth not triggered if using
secondary-aaa-server per interface |
|
|
Implement a syslog to indicate the version of the anyConnect client |
|
|
ESP packet drop due to failed anti-replay checking after HA failovered |
|
|
WebVPN: Rich Edit dropdowns doesn't work in SharePoint 2010 |
|
|
ASA allows SSL trustpoint with 4096
bit keys - SSL fails to work |
|
|
wr mem all produces traceback on
console |
|
|
Mem Leak: ikev2_fo_parse_sa_message_id_data_v1 |
|
|
ICMP destination unreachable for L2TP PMTU error not sent to
server |
|
|
Improve ScanSafe handling of Segment
HTTP requests |
|
|
ASA 9.1.2 DHCP - Wireless Apple devices are not getting an IP
via DHCPD |
|
|
ASA traceback with 'debug menu webvpn 160' command |
|
|
AAA: Authentication fails with Double Auth+Password
Management on LDAP |
|
|
IDFW: user-group is not deactivated even if IDFW ACL is removed |
|
|
Traceback when using IDFW ACL's with VPN crypto maps |
|
|
ASA may drop all traffic with Hierarchical priority queuing |
|
|
ASA 5505 SIP packets may have extra padding one egress of 5505 |
|
|
ASA Unicorn rewriter memory corruption |
|
|
traffic does not match time-rang access-list configured with
policy-maps |
|
|
VPNLB syslogs to console missing
newline |
|
|
ASA with ICMP insp. drops replies with 'seq
num not matched' code |
|
|
Case sensitivity check missing for Web Type ACL and Access-group |
|
|
Capture Isakmp w/ match statement
cause Standby to reload at replication |
|
|
ASA - DHCP Discover Sent out during boot process |
|
|
secondary standby looses his cluster license after upgrade to 8.4.(7.3) |
|
|
webvpn issue,part of the http request not sent by the client to
ASA |
|
|
Smart-tunnel for windows-Liveconnect
exception-JRE 1.7u51 |
|
|
ASA should not allow interface MTU config
greater than 9202/9198 |
|
|
Traffic does not hit Twice NAT configured after Static PAT |
|
|
ASA5585-SSP60 Teardown process is delayed under heavy traffic
condition |
|
|
ASA Backup scansafe tower is never
polled |
|
|
ASA: Watchdog traceback in Unicorn
Admin Handler with TopN host stats |
|
|
Traceback in Thread: IPsec message handler with
rip-tlog_event_allocate |
|
|
SunRPC GETPORT Reply dropped when two active sessions use same xid |
|
|
Sourcefire Defense Center not able to be rendered via Clientless SSL VPN |
|
|
ASA WebVPN memory leak - blank portal page |
|
|
Java rewriting takes too much time |
|
|
ASA traceback in Thread Name: IKE
Daemon: with CX redirect in place. |
|
|
Regex modification within context causes ASA traceback |
|
|
ASA WebVPN login page XSS vulnerability |
|
|
AnyConnect Password Management Fails with SMS Passcode |
|
|
ASA using IKEv2 rejects multiple NAT_DETECTION_SOURCE_IP
payloads |
|
|
ASA Cluster ICMP with PAT not functional on reload |
|
|
Data path: ASA traceback in CTM
message handler |
|
|
L2TP/IPSec connection is failed when there is PAT router. |
|
|
Hash calculated for multiple ACEs on ASA are same |
|
|
Cisco ASA DHCPv6 Denial of Service Vulnerability |
|
|
ASA-SM not sending SNMP traps with 9.0.4 |
|
|
terminal width command is deleted when removing other context |
|
|
5585-20 8.4.7.11 traceback in Thread
Name Datapath w/ DCERPC inspection |
|
|
IDM/IME/File Transfer Slow For Certain Source and Destination IP
Pairs |
|
|
Posture assement failing after HS
upgrade to 3.1.05152 |
|
|
MEMLEAK: 128 byte leaks when requesting IPv6 address for AnyConnect |
|
|
Name for IPv6 address causes objects to became empty after
reload |
|
|
Cisco ASA Information Disclosure Vulnerability |
|
|
Nameif command not allowed on TFW multimode ASA with clustering |
|
|
'ASA modifies Request Host Part under 'ACK' packet for SIP
connection' |
|
|
ASA drops DNS PTR Reply w/ reason Label length exceeded during
rewrite |
|
|
High CPU with IKE daemon Process |
|
|
ASA drops packet due to nat-no-xlate-to-pat-pool after removing NAT rule |
|
|
ASA 8.4.6: Traceback with fover_FSM_thread |
|
|
Saleen copper module port speed/duplex changes ineffective |
|
|
ASA Page Fault: Invalid Permission in thread name DATAPATH |
|
|
To the box traffic dropped due to vpn
load-balancing (mis)configuration |
|
|
SNMP: cpmCPUTotal5sec/1min/5min return "0" |
|
|
VPN client firewall and split-tunneling mishandle "inactive"
acl rules |
|
|
ASA WebVPN Memory leak leading to Blank Portal Page/AnyConnect failure |
|
|
VPN-filter ACL drops all traffic after upgrade for pre 8.3 to
9.x |
|
|
IPsec transform sets mode changes from transport to tunnel after
editing |
|
|
CSCub92315 fix is incomplete |
|
|
Interop: relax PrintableString encoding
enforcement in PKI |
|
|
ASA - Cut Through Proxy sends empty redirect w/ Virtual HTTP and
Telnet |
|
|
Traceback with
thread DATAPATH-2-1181 |
|
|
ASA does not relay BOOTP packets |
|
|
Multicast - ASA doesn't populate mroutes
after failover |
|
|
ASA: Webvpn using incorrect password
for auto-signon with Radius/OTP |
|
|
ASA doesn't send invalid SPI notify for non-existent NAT-T IPSec
SA |
|
|
ASA 9.1.(3)4 Memory Leak in KCD |
|
|
ASA Rewriter does not support encoded values for characters like
" ' " |
|
|
ASA: Traceback in DATAPATH thread
related to DNS inspection |
|
|
ASA: Page fault traceback in Dispatch
Unit |
|
|
WebVPN: Javascript rewrite issue with
Secret Server Application |
|
|
ASA 9.x Management Port-Channel Cannot configure management-only
in TFW |
|
|
Traceback when using IDFW ACL's with VPN VPN
Filters |
|
|
Standby ASA traceback on Fover_Parse with Botnet Filter |
|
|
Multiple Vulnerabilities in OpenSSL -
June 2014 |
Revision: Version 9.0(4)7 – 04/18/2014
Files: asa904-7-smp-k8.bin,
asa904-7-k8.bin
Defects resolved since 9.0(4)5:
|
Datapath:Observing Deadlock in different DATAPATH threads |
|
|
Traceback on standby ASASM when executing the failover active command |
|
|
ASA Page Fault: Invalid Permission in thread name DATAPATH |
|
|
ASA 9.0.4.1 traceback in webvpn datapath |
|
|
Failed to show "extended permit" in show access-list
test |
Revision: Version 9.0(4)5 – 04/09/2014
Files: asa904-5-smp-k8.bin,
asa904-5-k8.bin
Defects resolved since 9.0(4)1:
|
DHCP Relay needs to handle DHCPREQUEST differently |
|||
|
Editing NAT object/objgrp cfg causes 305006 translation creation failure |
|||
|
Slow throughput of AnyConnect client
w/DTLS compared to IPSec IKEv1 |
|||
|
IKEv2 : L2L tunnel fails with error "Duplicate entry in Tunnel
Manager" |
|||
|
SVC_UDP Module is in flow control with a SINGLE DTLS tunnel |
|||
|
AC 3.1:ASA incorrectly handles alternate DTLS port,causes reconnect |
|
||
|
PP: VoIP interface fails replication on standby due to address
overlap |
|||
|
ASA may reload with traceback in
Thread Name: vpnfol_thread_msg |
|||
|
ASA 9.1.2 - Traceback in Thread Name: fover_parse during configuration |
|||
|
CSCul37888Traceback in DATAPATH caused by HTTP Inspection |
|||
|
traceback ABORT(-87): strcpy_s: source string too long for dest |
|||
|
ASA OSPF route stuck in database and routing table |
|||
|
ASA: Page fault traceback with 'show
dynamic-filter dns-snoop detail' |
|||
|
SSL connectivity to ASA stops working on failover |
|||
|
ASA SMR: Multicast traffic for some groups stops flowing after
failover |
|||
|
ST not injected in mstsc.exe on 64-bit Win 8 IE 10 when started TSWebApp |
|||
|
ASA KCD traceback during domain leave
or join |
|||
|
ASA traceback in Thread name - netfs_thread_init |
|||
|
ASA: ARP Fails for Subinterface
Allocated to Multiple Contexts on Gi0/6 |
|||
|
ASA fails to set forward address in OSPF route redistrubution |
|||
|
Webvpn rewriter some links from steal.js are mangled incorrectly |
|||
|
CWS: ASA forwards HTTPS packets to CWS tower in wrong sequence |
|||
|
ASA Webvpn: Rewriter issue with
dynamic iframes |
|||
|
OpenSSH vulnerability CVE-2012-0814: Debug messages with key info |
|||
|
ASA rejects certificates with NULL param
in ECDSA/SHA signature alg |
|||
|
NPE: Querying unsupported IKEv2 MIB causes traceback |
|||
|
INSPECT ICMP ERROR ICMP HEADER AFTER UN_NAT DOES NOT
MATCH IP DST ADDR |
|||
|
ASA traceback in Thread Name: DATAPATH
due to double block free |
|||
|
ASA: Hitless upgrade fails with port-channels |
|||
|
ENH: Need to optimize messages printed on upgrade from 8.2- to
8.3+ |
|||
|
ASA traceback when uploading an image
using FTP |
|||
|
traffic does not match time-rang access-list configured with
policy-maps |
|||
|
ASA 5585 High Memory due to dACLs
installed from cut-through-proxy |
|||
|
ASA: Memory leak with WebVPN and HTTP server enabled
simultaneously |
|||
|
ASA WebVPN Login portal returns to login page after successful
login |
|||
|
ASA Tranparent A/A - Replicated MAC
addresses not deleted after timeout |
|||
|
Case sensitivity check missing for Web Type ACL and Access-group |
|||
|
IPSEC VPN - One crypto ACE mismatch terminates all Phase2 with
that peer |
|||
|
Webvpn: ASA
fails to rewrite javascript tag
correctly |
|||
|
ASA fails to perform KCD SSO when web server listens on
non-default port |
|||
|
Acct-stop for VPN session doesn't send out when failover
occurred |
|||
|
ASA: ACL CLI not converting 0.0.0.0 0.0.0.0
to any4 |
|||
|
WEBVPN multiple issues with LMS application |
|||
|
ASA: Phy setting change on member
interfaces not seen on port-channel |
|||
|
BPDUs on egress from ASA-SM dropped on backplane |
|||
|
Redundant IFC not Switching Back |
|||
|
ASA - Remote access VPN sessions are not replicated to Standby unit |
|||
|
ASA EIGRP redistribute static shows up as internal route |
|||
|
Copying configuration to running-config
fails |
|||
|
ASA tears down SIP signaling conn w/ reason Connection timeout |
|||
|
ASA translates the source address of OSPF hello packets |
|||
|
'Route-Lookup' Behavior Assumed for Twice NAT with Identity
Destination |
|||
|
Page fault traceback in DATAPATH under
DoS, rip qos_topn_hosts_db_reset |
|||
|
ASA reloads on Thread name: idfw_proc |
|||
|
ASA drops DHCP Offer packet in ASP when nat
configured with "Any" |
|||
|
ASA not allowing AC IKEv2 Suite-B with default Premium Peer
license |
|||
|
IKEv1 - Send INVALID_ID_INFO when received P2 ID's not in crypto
map |
|||
|
WebVPN: ASA webVPN fails to rewrite
dynamic content of pubmed website |
|||
|
ASA:Traceback in Thread Name:
DATAPATH-23-2334 |
|||
|
Traceback in IKEv2 Daemon with AnyConnect
Failure |
|||
|
uauth session
considered inactive when inspect icmp is enabled |
|||
|
idle time field is missing in show uauth
output |
|||
|
WebVPN configs not synchronized when
configured in certain order-v3 |
|||
|
IKEv2 leaks embryonic SAs during child SA negotiation with PFS
mismatch |
|||
|
ASA traceback on NAT assert on file nat_conf.c |
|||
|
ASA 5500-X: Chassis Serial Number missing in entity MIB |
|||
|
Webvpn: connecting to oracle network SSO returns error |
|||
|
Webvpn: web applications that may refresh a page with "#"
fail |
|||
|
HTTP redirect to the VPNLB address using HTTPS fails in
9.1.4/9.0.4.x |
|||
|
ASA traceback in Unicorn Admin Handler |
|||
|
ASA: Traceback in pix_flash_config_thread
when upgrading with names |
|||
|
ASA - VPN session leak for IKEv2 if L2L sessions land on RA
tunnel group |
|||
|
ASA Cluster: Unable to stop captures on CCL in a context |
|||
|
ASA 9.1.3 SNMP Traceback in Thread
Name: SNMP |
|||
|
Traceback in Thread Name: ci/console |
|||
|
IKEv2 routes not installed if Dynamic and Static Crypto Map
Match |
|||
|
Assigned IP in show vpn-sessiondb anyconnect is missing. |
|||
|
capture option to be provided to collect pcap
frm node other than master |
|||
|
Ping doesn't work between peer IPs when answer-only is
configured |
|||
|
ASA:Tracebacks in thread
dispatch unit due to SunRPC inspection |
|||
|
ASA traceback when retrieving idfw topn user from slave |
|||
Revision: Version 9.0.(4)1 – 1/22/2014
Files: asa904-1-smp-k8.bin,
asa904-1-k8.bin
Defects resolved since 9.0(4):
|
ASA sip inspection memory leak |
|||
|
ASA 9.1: timer app id was
corrupted and causing Dispatch Unit traceback |
|
||
|
ACL Migration to 8.3+
Software Unnecessarily Expands Object Groups |
|
||
|
ASA traceback
in Thread Name: fover_parse during command
replication |
|
||
|
Privillage level 0 users getting full access |
|||
|
ASA in failover pair may
panic in shrlock_unjoin |
|
||
|
ASA drops inspected HTTP
when unrelated service-policy is removed |
|
||
|
ASA Physical Interface
Failure Does not Trigger Failover |
|
||
|
ASA 8.4.7 - Traceback with assertion in thread name Dispatch Unit |
|
||
|
watchdog at ci_delayed_acl_elem_addition when
object-group-search access |
|
||
|
Removing ports from service
object-group does not remove from the ACL |
|
||
|
Traceback after upgrade from pre-8.3 to 8.3 and above |
|
||
|
Object Group Search may
cause ACL to be matched incorrectly |
|
||
|
ASA: Page fault traceback after running show asp table socket |
|
||
|
ASA: Out of order Fin
packet leaves connection half closed |
|
||
|
ASA failover cluster traceback when replicating the configuration |
|
||
|
ASA Assert Traceback in Dispatch Unit during LU Xlate
replication |
|
||
|
ASA SSL VPN Privilege Escalation
Vulnerability |
|||
|
ASA reloads due to SSL
processing |
|
||