Cisco
ASA Interim Release Notes
The
software images listed below are Interim releases. They contain bug fixes which address specific
issues found since the last Feature or Maintenance release. The images are fully supported by Cisco TAC
and will remain on the download site only until the next Maintenance release is
available. If you do not have a specific problem which is resolved by an
Interim release, we recommend that you use the Feature or Maintenance release
images.
Important: Each individual fix in the release was unit
tested and verified, and the image Ser0tta3
had a
limited amount of automated regression testing to confirm a baseline of
functionality. Keep this testing status
in mind if you decide to run them in a production environment. We strongly encourage you to upgrade to a
fully tested Maintenance or Feature release when it becomes available.
Revision: Version 9.2(4)33 – 05/04/2018
Files: asa924-33-smp-k8.bin
Defects resolved since 9.2(4)28:
|
ASA: Traceback by Thread Name idfw_proc |
|
|
SSL handshake fails with large certificate chain size |
|
|
ASA Traceback in Thread Name: Unicorn Proxy Thread |
|
|
upgrade of ASA5500 series firewalls results in boot loop (not
able to get past ROMMON) |
|
|
Standby ASA traceback during replication from mate 9.2(4)27 |
|
|
Memory leak on webvpn |
|
|
Crashes on back-to-back 'clear config all' when IKEv1 SA
established |
Revision: Version 9.2(4)28 – 03/20/2018
Files: asa924-28-smp-k8.bin
Defects resolved since 9.2(4)27:
|
9.7.1 traceback in snp_fp_qos |
|
|
ASA traceback with Thread Name: fover_parse |
Revision: Version 9.2(4)27 – 02/03/2018
Files: asa924-27-smp-k8.bin
Defects resolved since 9.2(4)26:
|
Cisco
Adaptive Security Appliance Flow Creation Denial of Service Vulnerability |
|
|
Cisco Adaptive Security
Appliance Denial of Service Vulnerability |
|
|
Memory leak in IKE for aggregate-auth |
Revision: Version 9.2(4)26 – 01/05/2018
Files: asa924-26-smp-k8.bin
Defects resolved since 9.2(4)25:
|
Resolve any vulnerabilities in ASA/Firepower Threat Defense
Heimdal code |
|
|
ASA 9.1(7)9 Traceback with %ASA-1-199010 and %ASA-1-716528
syslog messages |
|
|
VTI - Some sessions do not get cleared from vpn-sessiondb |
|
|
ASA Traceback when saving/viewing the configuration due to
time-range ACLs |
|
|
ASA Portal Java plug-ins fail with the latest Java updates |
|
|
All 1700 "4 byte blocks" were depleted after a weekend
VPN load test. |
|
|
ASA Memory depletion due to scansafe inspection |
|
|
Ports not getting reserved on ASA after adding snmp
configuration. |
|
|
ASA not sending register stop when mroute is configured |
|
|
Traceback in thread DATAPATH due to NAT |
|
|
ASA drops the IGMP Report packet which has Source IP address
0.0.0.0 |
|
|
OpenSSL CVE-2017-3735 "incorrect text display of the
certificate" |
|
|
ASA cluster intermittently drop IP fragments when NAT is
involved |
|
|
ASA : After upgrading from 9.2(4) to 9.2(4)18 serial connection
hangs |
|
|
Traceback with Show OSPF Database Commands |
|
|
ASA getting stuck in hung state because of STATIC NAT
configuration for SNMP ports |
|
|
High CPU in IKE Daemon causing slow convergence of VPN tunnels
in a scaled environment |
|
|
dir /recursive cache:/stc and "dir cache:stc/2/" list
AnyConnect.xsd differently on ASA9.8.2 |
|
|
Modifying service object-groups (add and remove objects) removes
ACE |
|
|
ASA reports incorrectly double input packets traffic on
PPPoe/VPDN interface |
|
|
Split brain after recovery from interface failure when fover and
then data ifc goes down in order. |
|
|
SSPs with ASA in multiple context moves in active-active
situation while failover is occurring |
|
|
Memory leak in idfw component on ASA |
|
|
add "show resource usage summary count all 1" to show
tech |
|
|
FTP data conn scaling fails with dynamic PAT |
|
|
ASA Traceback in thread SSH when ran "show service set conn
detail" |
Revision: Version 9.2(4)25 – 01/05/2018
Files: asa924-25-smp-k8.bin
Defects resolved since 9.2(4)24:
|
Legacy Cisco ASA 5500 may be vulnerable to a Bleichenbacher
attack on TLS |
|
|
Cisco Adaptive Security
Appliance Remote Code Execution and Denial of Service Vulnerability |
Revision: Version 9.2(4)24 – 09/14/2017
Files: asa924-24-smp-k8.bin
Defects resolved since 9.2(4)22:
|
WEBVPN Rewriter: Stops mangling after hex code of Period on
Bookmark URL |
||
|
ASA traceback in Thread Name:ci/console while running show ospf
commands |
||
|
ASA dropping packets with "novalid adjacency" though
valid ARP entry avail |
||
|
Implement detection and auto-fix capability for scheduler
corruption problems |
||
|
print the thread name for non-crashing threads in crash info |
||
|
ASA 1550 block gradual depletion |
||
|
ASA TCP SIP inspection translation not working when IP phone is
behind VPN tunnel |
||
|
ASA traceback in Thread name: idfw_proc on running "show
access-list", while displaying remark |
||
|
Cisco Adaptive Security Appliance Authentication Denial of
Service Vulnerability |
|
|
|
ASA: slow memory leak when using many DNS queries |
||
|
ASA local dns resolution fails when dns server is reachable
through a site to site ipsec tunnel |
||
|
ASA Issue with bgp route summarization(auto-summary)and route
advertisement |
||
|
Slave should have use CCL to forward traffic instead of
blackholing when egress interface is down |
||
|
Standby ASA not learning routes via RIP |
||
|
ASA may traceback on displaying access-list config or saving
running config |
||
|
ASA: IPv6 protocol X rule for passing through FW is dropping
packets with Invalid IP length message |
||
|
OSPF Rogue LSA with maximum sequence number vulnerability |
||
|
vpn vlan mapping issue |
||
|
ASA Cluster : Potential UDP loop on cluster link with PAT pool |
||
|
ASASM: Interface vlans going to admin down after reload. |
||
|
ASA/ 9.6.3 // WebVPN Smart tunnel works but floods windows with
event viewer |
||
|
Regex is not matching for HTTP argument field |
||
|
ASA-5-720012:(VPN-Secondary)Failed to update IPSec failover
runtime data in ASA cluster environment |
||
|
Ikev2 Remote Access client sessions stuck in Delete state |
||
|
traceback in watchdog process |
||
|
ASA - 80 Byte memory block depletion |
||
Revision: Version 9.2(4)22 – 05/30/2017
Files: asa924-22-smp-k8.bin
Defects resolved since 9.2(4)20:
|
ASA - TO the box traffic break due to int. missing in asp table
routing |
|
|
incorrect failover status for contexts via SNMP |
|
|
TP Auth fails when sub CA using RSA keys is signed by root using
ECDSA |
|
|
CWS redirection on ASA may corrupt sequence numbers with https
traffic |
|
|
ASA unable to add policy NAT which is overlapping with ip local
pool |
|
|
Re-adding context creates context without configs on some slaves |
|
|
L2TP over IPSec can not be connected after disconnection from
client. |
|
|
Unicorn Proxy Thread causing CP contention |
|
|
ASA failed to allow tcp traffic from inside to outside |
|
|
Ikev1 tunnel drops with reason
Peer Address Changed |
|
|
ASA: SIP Call Drops with PAT when same media port used in
multiple calls |
|
|
ASA treaceback at Thread Name: rtcli async executor process |
|
|
Cisco ASA Input Validation File Injection Vulnerability |
|
|
ASA 5585-60 dropping out of cluster with traceback |
|
|
SIP: Address from Route: header not translated correctly |
|
|
ASA stops processing DHCP Offers in a based RAVPN |
|
|
Stale VPN Context entries cause ASA to stop encrypting traffic
despite fix for CSCup37416 |
|
|
ASA PKI OCSP failing - CRYPTO_PKI: failed to decode OCSP
response data. |
|
|
ASA traceback at Thread Name: rtcli |
|
|
Object-group-search redundant service group objects are
incorrectly removed |
|
|
ASA dropping traffic with TCP syslog configured in multicontext
mode |
|
|
EZVPN NEM client can't reconnect after no vpnclient enable is
entered |
|
|
ASA drops DNS PTR Reply with reason Label length exceeded during
rewrite |
|
|
ASA matches incorrect ACL with object-group-search enabled |
|
|
ASA SIP inspection may delay transmission of 200 OK when
embedded with NOTIFY |
|
|
ASA cluster TCP/SSL ports are not displayed on LISTEN state |
|
|
ASA unable to add multiple attribute entries in a certificate
map |
|
|
ASA multicontext disallowing new conns with TCP syslog
unreachable and logging permit-hostdown set |
|
|
ASA traceback at Thread Name: sch_syslog |
|
|
Cisco ASA Heap Overflow in Webvpn CIFS |
|
|
Traceback on thread name IKE Daemon at mqc_enable_qos_for_tunnel |
|
|
MIB object cempMemPoolHCUsed disappeared |
|
|
ASA memory leak in CloneOctetString when using SNMP polling |
|
|
ASA traceback in Thread Name: ssh, rip igb_disable_rx_queues
after no shutdown of interface |
|
|
ASA with FirePOWER module generates traceback and reloads or
causes process not running |
|
|
Webvpn portal not displayed corrrectly for connections landing
on default webvpn group. |
|
|
ikev2 handles get leaked in a L2L setup |
|
|
ASA incorrectly processing negative numbers in wrappers,
resulting in graphical webvpn issue |
|
|
SIP: 200 OK messages with multiple seqments not reassembled
correctly |
|
|
CTP after failed attempt sends the domain along with the
username |
|
|
Traceback in ASA Cluster Thread Name: qos_metric_daemon |
|
|
ASA nat pool not getting updated correctly. |
|
|
gzip compression not working via Webvpn |
|
|
ASA traceback and Reload on Config Sync Failure |
|
|
1550-byte block depletion seen due to Radius Accounting packets |
|
|
ASA(9.1.7.12):Connection entries created for multicast streams
through standby ASA. |
|
|
L2TP connects only sometimes when DHCP used |
|
|
Insufficient TCP options validation at 2nd normalizer in
tcp_norm_parse_ts |
|
|
Cannot delete port-object once created under the Service object
group in ASA 944 |
|
|
ASA may traceback while loading a large context config during
bootup |
|
|
ASA drops web traffic when IM inspection is enabled. |
|
|
Cluster C-Hash table is updated with one more unit despite the
new unit didn't join the setup |
|
|
RT#687120: Bookmark Issue with clientless VPN - SAML |
|
|
ASA FirePOWER module data plane down after reload of module |
|
|
DCERPC inspection drops packets and breaks communication |
|
|
ASA traceback in Thread Name: accept/http when ASDM is
displaying Access Rules |
|
|
ASA All contexts use the same EIGRP router-ID upon a reload |
|
|
ASA May crash when changing a NAT related object to fqdn |
|
|
Traceback in Thread Name: Unicorn Admin Handler |
|
|
ASA may generate an assert traceback while modifying
access-group |
|
|
ASA may drop DNS reply containing only additional RR of type TXT |
|
|
ASA reloaded while joining cluster and active as slave |
|
|
In multi-context ASA drops traffic sourced from certain ports
when interface PAT is used |
|
|
ASA 5585 failover secondary traceback on Thread name: idfw_proc |
|
|
Auto-RP packet is dropped due to no-route - No route to host |
|
|
Cisco Adaptive Security Appliance HREF Cross Site Scripting
Vulnerability |
Revision: Version 9.2(4)20 – 04/03/2017
Files: asa924-20-smp-k8.bin
Defects resolved since 9.2(4)18:
|
Evaluation
of pix-asa for Openssl September 2016 |
|
|||
|
Cisco
Adaptive Security Appliance Authentication Denial of Service Vulnerability |
||||
|
ARP
functions fail after 213 days of uptime, drop with error 'punt-rate-limit-exceeded' |
|
|||
Revision: Version 9.2(4)18 – 11/18/2016
Files: asa924-18-smp-k8.bin
Defects resolved since 9.2(4)17:
|
ASA classifies TCP packets as PAWS failure incorrectly |
|
|
After some time flash operations fail and configuration can not
be saved |
|
|
ASA Traceback Assert in Thread Name: ssh_init with component ssh |
|
|
http config missing in multicontext after reload of stdby 916.9
or later |
|
|
AnyConnect DTLS on-demand DPDs are not sent intermittently |
|
|
ASA 9.4.2.6 High CPU due to CTM message handler due to chip
resets |
|
|
WebVPN caches incomplete downloads |
|
|
ASA stuck in boot loop due to FIPS Self-Test failure |
|
|
ipsecvpn-ikev2_oth: 5525 9.4.2.11 traceback in Thread Name:
IKEv2 Daemon |
|
|
ASA memory leak for CTS SGT mappings |
|
|
issuer-name falsely detecting duplicates in certificate map
using attr |
|
|
ASA Traceback when issue 'show asp table classify domain permit' |
|
|
Enqueue failures on DP-CP queue may stall inspected TCP
connection |
|
|
Traceback in IKE_DBG |
|
|
H.323 inspection causes Traceback in Thread Name: CP Processing |
|
|
ASA traceback in ipsecvpn-crypto |
|
|
ASA DHCP Relay rewrites netmask and gw received as part of DHCP
Offer |
|
|
ASA as DHCP relay drops DHCP 150 Inform message |
|
|
Remove ACL warning messages in show access-list when FQDN is
unresolved |
|
|
ASA Traceback in thread name CP Processing due to DCERPC
inspection |
|
|
Traceback : ASA with Threadname: DATAPATH-0-1790 |
|
|
WebVPN:VNC plugin:Java:Connection reset by peer: socket write
error |
|
|
Thread Name: snmp ASA5585-SSP-2 running 9.6.2 traceback |
|
|
Lower NFS throughput rate on Cisco ASA platform |
|
|
IKEv2: It is NOT cleaning the sessions after disconnected from
the client. |
|
|
AAA session handle leak with IKEv2 when denied due to time range |
|
|
ASA fairly infrequently rewrites the dest MAC address of
multicast packet for client |
Revision: Version 9.2(4)17 – 10/12/2016
Files: asa924-17-smp-k8.bin
Defects resolved since 9.2(4)14:
|
L2 Clustering:OSPFv2, Eigrp and OSPFv3 RIB not replicated to
slave node |
|
|
Password change page can be displayed without authentication |
|
|
ASA traceback on standby when SNMP polling |
|
|
Stale VPN Context entries cause ASA to stop encrypting traffic |
|
|
ASA Traceback on 9.1.5.19 |
|
|
DHCP proxy overrites chosen DHCP server in multiple DHCP server
scenario |
|
|
ASA memory leak related to Botnet |
|
|
ASA reloads with traceback in thread name DATAPATH or CP
Processing |
|
|
Traceback in Thread: IPsec message handler |
|
|
Cisco ASA ACL ICMP Echo Request Code Filtering Vulnerability |
|
|
ASA 9.1.6.4 traceback with Thread Name: telnet/ci |
|
|
WebVPN: Webpage not fully rewritten when ASA has the same FQDN
as srv |
|
|
ASA does not respond to NS in Active/Active HA |
|
|
5585-10 traceback in Thread Name: idfw_proc |
|
|
Incorrect modification of NAT divert table. |
|
|
WebVPN rewrite fails for MSCA Cert enrollment page / VBScript |
|
|
ASA memory leak due to vpnfo |
|
|
ASA Stateful failover for DRP works intermittently |
|
|
Commands not installed on Standby due to parser switch |
|
|
Observing Memory corruption, assert for debug ospf |
|
|
ASA Cut-through Proxy inactivity timeout not working |
|
|
ASA: SSH being denied on the ASA device as the maximum limit is
reached |
|
|
ASA cant delete ACL lines and remarks - Specified remark does
not exist |
|
|
ASA with PAT fails to untranslate SIP Via field that doesnt
contain port |
|
|
IKEv2: Data rekey collisions can cause inactive IPsec SAs to get
stuck |
|
|
ASA traceback with Thread Name: Dispatch Unit |
|
|
Remove ACL warning messages in show access-list when FQDN is
resolved |
|
|
Unexpected end of file logon.html in WebVPN |
|
|
ASA not rate limiting with DSCP bit set from the Server |
|
|
show service-policy output reporting incorrect values |
|
|
IPv6 OSPF routes do not update when a lower metric route is
advertised |
|
|
ASA DATAPATH traceback (Cluster) |
|
|
Cisco ASA Cross Site Scripting SSLVPN Vulnerability |
|
|
ASA drops ICMP request packets when ICMP inspection is disabled |
|
|
OSPF generates Type-5 LSA with incorrect mask, which gets stuck
in LSDB |
|
|
ASA Memory leak due to VPN connection |
|
|
ASA: CHILD_SA collision brings down IKEv2 SA |
|
|
OTP authentication is not working for clientless ssl vpn |
Revision: Version 9.2(4)14 – 08/24/2016
Files: asa924-14-smp-k8.bin
Defects resolved since 9.2(4)13:
|
IPv6 neighbor discovery packet processing behavior |
|
|
Cisco ASA SNMP Remote Code Execution Vulnerability |
Revision: Version 9.2(4)13 – 06/27/2016
Files: asa924-13-smp-k8.bin
Defects resolved since 9.2(4)10:
|
ASA allows removing address pool conf even if it is in use in
grp-policy |
|
|
Packet captures cause CPU spike on Multi-Core platforms due to
spin_lock |
|
|
ASA doesn't set ACE inactive when time-range expires |
|
|
Cisco ASA Information Disclosure Vulnerability |
|
|
ASA DNS lookups always prefer IPv6 response |
|
|
Error when same-security-traffic is deleted and added |
|
|
Inspect-DNS: PTR Query failed when DNS-Doctoring enabled |
|
|
Traceback in Thread Name qos_metric_daemon caused by asdm
history enable |
|
|
ASA not sending RST packet for connections dropped by Botnet
filter |
|
|
ASA Local CA generates unexpected renewal reminder message |
|
|
Webvpn Logon Form Title alignment issue w/ strings {>20
character} |
|
|
Inspect rule defaults in standby transparent context on write
standby |
|
|
User membership not updated in parent group |
|
|
There are two certificates related to one trustpoint on standby
unit. |
|
|
ASA ACL hitcount not correct for ACLs with service object groups |
|
|
scansafe feature is missing from registered module features |
|
|
inspect esmtp replace the packet data to 'X' |
|
|
L2TP/IPSec Optimal MSS is not what it's supposed to be |
|
|
Corrupted host name may occur with DHCP |
|
|
ASA :Top 10 Users status is not getting enabled from ASDM. |
|
|
ASA Traceback in PPP |
|
|
Remove demo and eval warning for sfr monitor-only |
|
|
Drop reasons missing from asp-drop capture |
|
|
ASA: failover logging messages appear in user context |
|
|
ASA inspection-MPF ACL changes not inserted into ASP table
properly |
|
|
IPv6 local host route fail when setting link-local/Global
simultaneously |
|
|
ASA Remote Access - Phase 1 terminated after xauth |
|
|
DHCP-DHCP Proxy thread traceback shortly after failover and
reload |
|
|
ASA sets non-zero FA in OSPF for anyconnect redistrubuted
network |
|
|
Standby ipv6 address setting is not replicated to standby |
|
|
ASA stacktrace in vpn client disconnect that had dACL applied |
|
|
ASA IPSEC crypto map set df-bit copy-df/clear-df does not take
effect |
|
|
WebVPN: Unable to play certain online videos |
|
|
DAP: debug dap trace not fully shown after +1600 lines |
|
|
Traffic drop due to constant amount of arp on ASASM |
|
|
ASA traceback while viewing large ACL |
|
|
Add Asynchronous support for DHCP proxy |
|
|
DNS Reply Modification for Dual-Stack does not work as expected |
|
|
ASA WebVPN: Java Exception with Kronos application |
|
|
Evaluation of pix-asa for OpenSSL March 2016 |
|
|
ASA 9.1(6) traceback in webvpn-datapath : thread name
"DATAPATH-2-1524" |
|
|
SIP call transfer fail due to differences b/w fixing CallId and
Refer-To |
|
|
ASA AnyConnect IKEv2 scripts help customisations not served
after reload |
|
|
ASA - Traceback in CP Processing Thread During Private Key
Decryption |
|
|
AAA: RSA/SDI unable to set new PIN |
|
|
Slow ASA OSPF interface transition from DOWN to WAITING after
failover |
|
|
ENH: ASAv should have a different pre-loaded cert |
|
|
Active and Standby ASA use same MAC addr with only active MAC
configured |
|
|
ASA traceback in SSH thread |
|
|
infinite loop in JS rewriter state machine when return followed
by var |
|
|
Intranet page does not load via WebVPN with JavaScript errors |
|
|
Network command disappears from BGP after reload with name |
|
|
Traceback on editing a network object on exceeding the max snmp
hosts |
|
|
ASA Tback when large ACL applied to interface with
object-group-search |
|
|
ASA: Page Fault traceback in DATAPATH on standby ASA after
booting up |
|
|
ASA capture type isakmp saving malformed ISAKMP packets |
|
|
dynamic crypto map fails if named the same as static crypto map |
|
|
Evaluation of pix-asa for OpenSSL May 2016 |
|
|
ASA AnyConnect CSTP Copyright message changed improperly |
|
|
ASA Clientless SSLVPN HTTP URL Self Sanitizer Function Issues |
|
|
ASA Access-list missing and losing elements Warning Message
enhancement |
|
|
ASA Cluster fragments reassembled before transmission with no
inspection |
|
|
ASA may Traceback with Thread Name: Unicorn Admin Handler |
Revision: Version 9.2(4)10 – 04/20/2016
Files: asa924-10-smp-k8.bin
Defects resolved since 9.2(4)8:
|
FIPS self test power on fails - fipsPostDrbgKat |
|
|
OSPFv2 neighborship flaps from Exstart to Down |
|
|
Windows 8 with new JRE, IE is not gaining access to smart tunnel |
|
|
ASA 5545x Upgrade to 9.2(2)4 causes Traceback in Thread Name SSL |
|
|
ASA WebVPN clientless cookie authentication bypass |
|
|
Watchdog traceback in ldap_client_thread with large number of
ldap grps |
|
|
SSH connections are not timed out on Standby ASA (stuck in
rtcli) |
|
|
Rewriter errors when access IEEE website search feature through
portal |
|
|
CWS: ASA does not append XSS headers |
|
|
ASA: Traceback in Checkheaps |
|
|
ASA traceback in Unicorn Proxy Thread |
|
|
Primary and Secondary ASA in HA is traceback in Thread
Name:DataPath |
|
|
ASA 9.4.2 traceback in DATAPATH |
|
|
ASA TCP normalizer checksum verification cannot be disabled |
|
|
"set connection timeout idle" is not applied. |
|
|
Reload in Thread Name: IKE Daemon |
|
|
"show resource usage" gives wrong number of routes
after shut/no sh |
|
|
Nat pool exhausted observed when enabling asp
transactional-commit nat |
|
|
ASA using a huge dynamic ACL may cause Anyconnect connectivity
failures |
|
|
ASA: MAC address changes on active context when WRITE STANDBY is
issued |
|
|
Smart tunnel does not work since Firefox 32bit version 43 |
|
|
ASA 5585 traceback when the User name is mentioned in the Access
list |
|
|
ASA Watchdog traceback in CP Processing thread during TLS
processing |
|
|
STBY ASA does't pass traffic via ASA-IC-6GE-SFP-B ifc after
reload |
|
|
Traceback in ldap_client_thread with ldap attr mapping and
pw-mgmt |
|
|
ASA Access-list missing and losing elements after configuration
change |
|
|
ASA reloads in thread name: DATAPATH while encrypting L2L packet |
|
|
inspect ip-option is not allowing "NOP" even when
allowed |
|
|
Buffer overflow in RAMFS dirent structure causing traceback |
|
|
Traceback in thread name idfw when modifying object-group having
FQDN |
|
|
Assert Traceback in Thread Name: DATAPATH on clustered packet
reassembly |
|
|
orignial master not defending all GARP packets after cluster
split brain |
|
|
ASA traceback when receive Radius attribute with improper
variable type |
|
|
ASA clientless rewriter failure at 'CSCOPut_hash' function |
|
|
ASA Traceback and reload by strncpy_sx.c |
|
|
CSCOPut_hash can
initiate unexepected requests |
Revision: Version 9.2(4)8 – 02/26/2016
Files: asa924-8-smp-k8.bin
Defects resolved since 9.2(4)5:
|
Cisco ASA Failover Command Injection Vulnerability |
|
|
LU allocate connection failed on the Standby ASA unit |
|
|
Transactional ACL commit will bypass security policy during
compilation |
|
|
ASA traffic not sent properly using 'traffic-forward sfr
monitor-only' |
|
|
ASA Connector - Provide Higher Layer Health Checks for CWS Tower |
|
|
ASA SSLVPN Client cert validation failure - SSL Lib error: Bad
RSA Sig |
|
|
Interface TLV to SFR is corrupt when frame is longer than 2048
bytes |
|
|
ASA: Stuck uauth entry rejects AnyConnect user connections |
|
|
ASA: CLI commands not showing help(?) options for local
authorization |
|
|
Traceback in Thread Name: ssh when using capture or continuous
ping |
|
|
SSL : Unable to Join nodes in Cluster |
|
|
FO: ASAv traceback while syncing during upgrade from 9.4.1 to
9.5.1 |
|
|
ASA traceback while restoring backup configuration from ASDM |
|
|
ASA:Traceback in Thread Name:- netfs_thread_init |
|
|
Watchdog traceback in ldap_client_thread with large number of
ldap grps |
|
|
ASA: Traceback in Thread name DATAPATH-7-1918 |
|
|
Thread Name: DATAPATH-17-3095: Unit reboots when joining cluster |
|
|
ASA: assertion "pp->pd == pd" failed: file
"main.c", line 192 |
|
|
OSPF neighbor goes down after "reload in xx" commnad
in 9.2 and later |
|
|
ASA 9.1.6.10 traceback after remove compact flash and execute
dir cmd |
|
|
DAP URL-List Command Says It Supports 491 Characters; Only
Supports 245 |
|
|
Port-Channel Config on Gi 0/0 causes Boot Loop - FIPS related |
|
|
Cisco signed certificate expired for WebVpn Port Forward Binary
on ASA |
|
|
Evaluation of pix-asa for OpenSSL December 2015 Vulnerabilities |
|
|
SSL sessions stop processing -"Unable to create session
directory" error |
|
|
"no ipv6-vpn-addr-assign" CLI not working |
|
|
AnyConnect sessions fail due to IPv6 address assignment failure. |
|
|
ASA L7 policy-map comes into affect only if the inspection is
re-applied |
|
|
ASA: Traceback in Thread IP Address Assign |
|
|
ASA TACACS+: process tacplus_snd uses large percentage of CPU |
|
|
ASA Traceback on Thread Name: Unicorn Admin Handler |
|
|
ASA WebVPN: Java RDP Plugin does not launch |
|
|
ASA traceback in Thread
Name: https_proxy |
|
|
ASA traceback in DATAPATH thread |
|
|
ASA traceback in Thread Name: Unicorn Proxy Thread. |
|
|
ASA traceback and reload citing Thread Name: idfw_proc |
|
|
ARP source IP sanity check against proxy-arp list |
|
|
Traceback in ldap_client_thread with ldap attr mapping and
pw-mgmt |
|
|
OCSP validation fails when multiple certs in chain are verified |
Revision: Version 9.2(4)5 – 01/14/2016
Files: asa924-5-smp-k8.bin
Defects resolved since 9.2(4)4:
|
Cisco ASA IKEv1 and IKEv2 Buffer Overflow Vulnerability |
|
|
|
Cisco ASA IKEv1 and IKEv2 Buffer Overflow Vulnerability |
||
Revision: Version 9.2(4)4 – 12/14/2015
Files: asa924-4-smp-k8.bin
Defects resolved since 9.2(4)2:
|
CPU hog due to snmp polling of ASA memory pool information |
|
|
5585 interface counters show 0 for working interfaces and
console errors |
|
|
Traceback in Thread Name: DATAPATH-1-1382 while processing nat-t
packet |
|
|
SXP Version Mismatch Between ASA & N7K with clustering |
|
|
Share licenses are not activated on failover pair after power
cycle |
|
|
ASA fails to pass ipv6 address to anyconnect client when using
RADIUS |
|
|
Interface TLV to SFR is corrupt when frame is longer than 2048
bytes |
|
|
Investigate impact of jumbo-frame reservation on low-end ASA
platforms |
|
|
ASA WebVPN clientless cookie authentication bypass |
|
|
When > 510 characters entered in CLI, context switches to
admin/system |
|
|
Immediate FIN from client after GET breaks scansafe connection |
|
|
rewriter returns 302 for a file download |
|
|
ASA traceback on Standby device during config sync in thread
DATAPATH |
|
|
Standby ASA inside IP not reachable after Anyconnect disconnect |
|
|
ASA picks incorrect trustpoint to verify OCSP Response |
|
|
ASA traceback in Thread Name: fover_parse (ak47/ramfs) |
|
|
ASA traceback: SSH Thread: many users logged in and dACLs being
modified |
|
|
ASA TCP Normalizer sends PUSH ACK for invalid ACK for half-open
CONNS |
|
|
ASA traceback in
Thread Name: CP Crypto Result
Processing. |
|
|
ASA - SSH sessions stuck in CLOSE_WAIT causing ASA to send RST |
|
|
Trace back with Thread Name: IP Address Assign |
|
|
ASA EIGRP does not send poison reverse for neighbors to remove
route |
|
|
Improper S2S IPSec Datapath Selection for Remote Overlapping
Networks |
|
|
ASA traceback when removing dynamic PAT statement from cluster |
|
|
Cisco ASA Software Version Information Disclosure Vulnerability |
|
|
ASA: ICMP error loop on cluster CCL with Interface PAT |
|
|
DNS Traceback in channel_put() |
|
|
DHCP Server Process stuck if dhcpd auto_config already enabled
from CLI |
|
|
PCP 10.6 Clientless VPN Access is Denied when accessing Pages |
|
|
ASA traceback when using an ECDSA certificate |
Revision: Version 9.2(4)2 – 10/09/2015
Files: asa924-2-smp-k8.bin
Defects resolved since 9.2(4):
|
Possible to add multiple identical lines under certificate maps |
|
|
WEBVPN: Citrix 5/6 application doesn't launch with IE10/Windows
7 |
|
|
RRI static routing changes not updated in routing table |
|
|
HTTP redirect to the VPNLB address using HTTPS fails in 9.1.5 |
|
|
ASA: High CPU on standby due to RDP conn to AC client from CL
SSL portal |
|
|
L2TP/IPsec traffic dropped due to
"vpn-overlap-conflict" |
|
|
ASA: Anyconnect IPv6 Traceroute does not work as expected |
|
|
ASA %ASA-3-201011: Connection limit exceeded when not hitting
max limit |
|
|
Object nat rule is not matched |
|
|
ASA not checking the MAC of the TLS records |
|
|
ASA does not set forward address or p-bit in OSPF redistrubution
in NSSA |
|
|
9.5.2 Gold Setup - Traceback in DATAPATH-6-2596
snp_fp_get_frag_chain |
|
|
ASA not generating PIM register packet for directly connected
sources |
|
|
Auth-prompt configured in one context appears in another context |
|
|
ASA failover due to issue show local-host command make CPU-hog |
|
|
Webvpn rewrite issues for Confluence - by atlassian on latest
v6.4.5 |
|
|
Evaluation of OpenSSL June 2015 |
|
|
ASA Traceback in Thread
Name ssh/client |
|
|
conn-max counter is not decreased accordingly |
|
|
ASAv traceback in DATAPATH when used for WebVPN |
|
|
ASA: Traceback while copying file using SCP on ASA |
|
|
ASA:OSPF over L2L tunnels is not working with multiple cry map
entries |
|
|
ASA: traceback in IDFW AD agent |
|
|
Clientless webvpn on ASA does not display asmx files |
|
|
ASATraceback in ssh whilst adding new line to extended ACL |
|
|
ASA5505 permanent base license, temp secplus, failover, vlan
count issue |
|
|
'redistribute' cmds under 'router eigrp' removed on deleting any
context |
|
|
Memory leak @regcomp_unicorn with APCF configured |
|
|
Unable to authenticate with remove aaa-server from different
context |
|
|
AddThis widget is not shown causing Traceback in Unicorn Proxy
Thread |
|
|
ASA: LDAP over SSL Authentication failure |
|
|
ASA cluster-Incorrect "current conns" counter in
service-policy |
|
|
Dynamic Route Not Installed After Failover |
|
|
ASA may tracebeck when displaying packet capture with trace
option |
|
|
ASA PKI: cert auth fails after upgrade to 9.1(6.4) / 9.1(6.6) /
9.1(6.8) |
|
|
Traceback in Thread Name: DATAPATH on modifying "set
connection" in MPF |
|
|
ASA: 1550 block depletion to due to L2L VPN traffic |
|
|
Standby traceback during config replication with customization
export |
|
|
Unicorn proxy thread traceback with RAMFS processing |
|
|
Request allow packets to pass when snort is down for ASA
configurations |
|
|
OSPF over IKEv2 L2L tunnel is broken on ASA with 9.2.1 onwards |
|
|
ASA truncates url-redirect at 160 chars for ra vpn clients (ISE
1.3+) |
|
|
ASA 9.3.3.224 traceback in ak47_platform.c with WebVPN
stress test |