Cisco
ASA Interim Release Notes
The
software images listed below are Interim releases. They contain bug fixes which address specific
issues found since the last Feature or Maintenance release. The images are fully supported by Cisco TAC
and will remain on the download site only until the next Maintenance release is
available. If you do not have a specific problem which is resolved by an
Interim release, we recommend that you use the Feature or Maintenance release
images.
Important: These images were not fully regression
tested. Each individual fix was unit
tested, and the image has had a limited amount of automated regression testing
to confirm a baseline of functionality.
Keep this testing status in mind if you decide to run them in a
production environment. We strongly
encourage you to upgrade to a fully tested Maintenance or Feature release when
it becomes available.
Revision: Version 9.10(1)44 – 09/21/2020
Files: asa9101-44-smp-k8.bin, cisco-asa-fp2k.9.10.1.44.SPA, cisco-asa.9.10.1.44.SPA.csp
Defects resolved since 9.10(1)42:
|
Lina Traceback due to invalid
TSC values |
|
|
[SXP] Issue with establishing
SXP connection between ASA on FPR-2110 and switches |
|
|
ASA: cluster exec show commands not show all output |
|
|
ASA traceback and reload on
Thread Name SSH |
|
|
FTD/ASA - Cluster/HA - Master/Active
unit does not update all the route changes to Slaves/Standby |
|
|
slib memory manager : mempool mutex vs spinlock selection |
|
|
Cisco Firepower Threat Defense Software
Hidden Commands Vulnerability |
|
|
We need to have default route
with AD and tunneled at the same time for the same next hub. |
|
|
ASA traceback and reload related
to crypto PKI operation |
|
|
Cisco Firepower Threat Defense
Software TCP Flood Denial of Service Vulnerability |
|
|
9.12.2.151 snp_cluster_ingress
traceback on FPR9300 3-node cluster nested VLAN traffic |
|
|
Cisco Firepower Threat Defense Software
Inline Pair/Passive Mode DoS Vulnerability |
|
|
Cisco Firepower 4110 ICMP Flood
Denial of Service Vulnerability |
|
|
Cisco ASA and FTD Software FTP
Inspection Bypass Vulnerability |
|
|
Cisco ASA and FTD WebVPN CRLF Injection Vulnerability |
|
|
sctp-state-bypass is not getting invoked for inline FTD |
|
|
Cisco ASA and FTD Web Services
File Upload Denial of Service Vulnerability |
|
|
Cisco Adaptive Security
Appliance Software and Firepower Threat Defense Software Web DoS |
|
|
Cisco Adaptive Security
Appliance Software and Firepower Threat Defense OSPFv2 DoS |
|
|
Cisco ASA and FTD Software SIP
Denial of Service Vulnerability |
|
|
Cisco ASA Software and FTD
Software Web Services Cross-Site Scripting Vulnerability |
|
|
Cisco ASA and FTD Software
SSL/TLS Session Denial of Service Vulnerability |
|
|
Cisco Adaptive Security
Appliance Software and Firepower Threat Defense SSL VPN DoS |
|
|
Cisco ASA and FTD Web Services
Interface Cross-Site Scripting Vulnerabilities |
|
|
Cisco ASA Software and FTD
Software WebVPN Portal Access Rule Bypass
Vulnerability |
|
|
Cisco ASA and FTD Web Services
Interface Cross-Site Scripting Vulnerabilities |
|
|
Cisco ASA and FTD Web Services Interface
Cross-Site Scripting Vulnerabilities |
|
|
Cisco ASA Software Web-Based
Management Interface Reflected Cross-Site Scripting Vulnerabi |
Revision: Version 9.10(1)42 – 07/22/2020
Files: asa9101-42-smp-k8.bin, cisco-asa-fp2k.9.10.1.42.SPA, cisco-asa.9.10.1.42.SPA.csp
Defects resolved since 9.10(1)40:
|
Cisco ASA Local File Reading Vulnerability |
Revision: Version 9.10(1)40 – 05/06/2020
Files: asa9101-40-smp-k8.bin, cisco-asa-fp2k.9.10.1.40.SPA, cisco-asa.9.10.1.40.SPA.csp
Defects resolved since 9.10(1)37:
|
Cisco ASA and FTD Software Web Services Information Disclosure Vulnerability |
Revision: Version 9.10(1)37 – 02/21/2020
Files: asa9101-37-smp-k8.bin, cisco-asa-fp2k.9.10.1.37.SPA, cisco-asa.9.10.1.37.SPA.csp
Defects resolved since 9.10(1)32:
|
UDP flood causes Lina to run out of memory if blocked |
|||
|
Cisco ASA Software and Cisco FTD Software SSL VPN Denial of Service Vulnerability |
|||
|
Need to add inactivity timer for aware server sockets |
|||
|
FPR2100 FTD Standby unit leaking
9K blocks |
|
||
|
Cisco ASA Software Kerberos Authentication Bypass Vulnerability |
|
||
|
Cisco ASA and FTD Software IPv6 DNS Denial of Service Vulnerability |
|||
|
Cisco ASA and FTD Software Path Traversal Vulnerability |
|||
|
ASA/FTD may traceback and reload
in Thread Name 'PTHREAD-1533' |
|||
|
Cisco Adaptive Security Appliance Software and Firepower
Threat Defense Software Web DoS |
|||
|
Cisco ASA and Cisco FTD Malformed OSPF Packets Processing Denial of Service Vulnerability |
|||
Revision: Version 9.10(1)32 – 12/17/2019
Files: asa9101-32-smp-k8.bin, cisco-asa-fp2k.9.10.1.32.SPA, cisco-asa.9.10.1.32.SPA.csp
Defects resolved since 9.10(1)30:
|
SNMP polling of FTD on Firepower
2100 Series firewalls shows "octeon" for
the "sysName" OID |
|
|
HA FTD on FPR2110 traceback
after deploy ACP from FMC |
|
|
Block double-free when combining
ServerKeyExchange and ClientKeyExchange
fails causes lina traceback |
|
|
Cisco Adaptive Security
Appliance Software and Firepower Threat Defense Software Remote Code
Execution Vulnerability |
Revision: Version 9.10(1)30 – 09/17/2019
Files: asa9101-30-smp-k8.bin, cisco-asa-fp2k.9.10.1.30.SPA, cisco-asa.9.10.1.30.SPA.csp
Defects resolved since 9.10(1)27:
|
ASA may traceback due to SCTP
traffic |
|
|||||
|
Port-Channel issues on HA link |
|
|||||
|
SDI - SUSPENDED servers cause
15sec delay in the completion of a authentication
with a good server |
|
|||||
|
ASA Enhancement: Generate syslog
message once member of the SDI cluster changes state |
|
|||||
|
ASA may traceback and reload
while waiting for "dns_cache_timer"
process to finish. |
|
|||||
|
Traceback in VPN Clustering HA
timer thread when member tries to join the cluster |
|
|||||
|
OSPF Process ID doesnot change even after clearing OSPF process |
|
|||||
|
ENH: ACE details for warning
"found duplicate element" |
|
|||||
|
ENH: Add process information to
"Command Ignored, configuration in progress..." |
|
|||||
|
Cisco ASA Software and FTD Software FTP Inspection Denial of Service Vulnerability |
|
|||||
|
Simultaneous FINs on
flow-offloaded flows lead to stale conns |
|
|||||
|
LACPDUs should not be sent to
snort for inline-set interfaces |
|
|||||
|
cts import-pac tftp:
syntax does not work |
|
|||||
|
Option to display port number on
access-list instead of well known
port name on ASA |
|
|||||
|
Unable to process gtpv1
identification req message for header TEID : 0 |
|
|||||
|
ASA drops GTPV1 SGSN Context Req
message with header TEID:0 |
|
|||||
|
Cisco ASA and Firepower Threat Defense Software WebVPN Cross-Site Scripting Vulnerability |
|
|||||
|
FTD Cluster traceback
experienced when other unit leaves the Cluster |
|
|||||
|
LINA traceback on ASA in HA
Active Unit repeatedly |
|
|||||
|
Deploy fails on FTD HA due to
exception when parsing big xml response |
|
|||||
|
Cisco ASA and FTD Software WebVPN CPU Denial of Service Vulnerability |
|
|||||
|
ASA 9.9.2 Clientless WebVPN -
HTML entities are incorrectly decoded when processing HTML |
||||||
|
Firepower 4100 connection counts
mismatch between active and standby ASA |
||||||
|
LINA Traceback after upgrade to
9.12.2.1 |
||||||
|
ASA failover LANTEST messages
are sent on first 10 interfaces in the configuration. |
||||||
|
Traceback: "saml identity-provider" command will crash
multi-context ASAs |
||||||
|
ASA may traceback due to SCTP traffic
despite fix CSCvj98964 |
||||||
|
When deleting context
the ssh key-exchange goes to Default GLOBALLY! |
||||||
|
FTD LINA traceback at
DATAPATH-8-15821 |
||||||
|
ssl trust-point command will be removed when restoring
backup via CLI |
||||||
|
ASA IKEv2 - ASA sends additional
delete message after initiating a phase 2 rekey |
||||||
|
Watchdog on ASAv
when logging to buffer |
||||||
|
GTP response messages with non existent cause are getting
dropped with error message TID is 0 |
||||||
|
Memory leak observed when
ASA-SFR dataplane communication flaps |
||||||
|
ENH: ASA Cluster debug for syn
cookie issues |
||||||
|
ASA is unable to verify the file integrity |
||||||
|
FTD/ASA : Traceback in Datapath
with assert snp_tcp_intercept_assert_disabled |
||||||
|
SSL VPN may not be able to
establish due to SSL negotiation issue |
||||||
|
ASA traceback observed when
moving EZVPN spokes to the device. |
||||||
|
Dual stacked ASAv
manual failover issues |
||||||
|
ASA5515-K9 standby traceback in
Thread Name ssh |
||||||
|
ASA Traceback on Saleen in Thread Name: IPv6 IDB |
||||||
|
Traceback: Cluster unit lina assertion in thread name:Cluster
controller |
||||||
|
ASA cluster does not flush OSPF
routes |
||||||
|
ASA:BGP recursive route lookup
for destination 3 hop away is failing. |
||||||
|
Connections fail to replicate in
failover due to failover descriptor mis-match on port-channels |
||||||
|
Cisco Firepower Threat Defense Software Generic Routing Encapsulation Tunnel IPv6 DoS |
||||||
|
ASA generates incorrect error
message about PCI cfg space when enumerating
Internal-Data0/1 |
||||||
|
Cannot add neighbor in BGP when
the neighbor is on the same subnet as one interface |
||||||
|
Flow Offload Hashing Change of
Behavior |
||||||
Revision: Version 9.10(1)27 – 07/24/2019
Files: asa9101-27-smp-k8.bin, cisco-asa-fp2k.9.10.1.27.SPA, cisco-asa.9.10.1.27.SPA.csp
Defects resolved since 9.10(1)22:
|
ASA IKEv2 unable to open aaa session: session limit [2048] reached |
|
|||||
|
ASA traceback with Thread: DATAPATH-8-2035 |
|
|||||
|
ASA Traceback (watchdog timeout)
when syncing config from active unit (inc. cachefs_umount) |
|
|||||
|
Traceback in DATAPATH on ASA |
|
|||||
|
IKEv2: IKEv2-PROTO-2: Failed to
allocate PSH from platform |
|
|||||
|
Invalid RA VPN session's
assigned IPv6 address in ADI sessions are received in FTD |
|
|||||
|
Not able to ssh,
ssh_exec: open(pager) error on console |
|
|||||
|
Deployment on FTD with low
memory results on interface nameif to be removed |
|
|||||
|
FMC shows connection events with
packet count as 0 |
|
|||||
|
ASA SCP transfer to box stall
mid-transfer |
|
|||||
|
ASA traceback in thread SSH |
|
|||||
|
ASA: BGP routes is cleared on
routing table after failover occur and bgp routes
are changed |
|
|||||
|
easyVPN got broke on lina_dev
[201.4.1.106] |
|
|||||
|
management-only of diagnostic
I/F on secondary FTD get disappeared |
|
|||||
|
ASA sends password in plain text
for "copy" command |
|
|||||
|
FTD inline/transparent sends
packets back through the ingress interface |
|
|||||
|
The delay command in interface
configuration is modified after rebooted |
|
|||||
|
Traceback in HTTP CLI Exec when
upgrading to 9.12.1 |
|
|||||
|
AnyConnect connections fail with
TCP connection limit exceeded error |
|
|||||
|
ASAv Azure: Route table BGP propagation setting reset when ASAv fails over |
|
|||||
|
ASA reloads when establishing
simultaneous ASDM sessions |
|
|||||
|
ASA traceback and reload
observed in Datapath due to SIP inspection. |
|
|||||
|
Cisco ASA Software and FTD Software
MGCP Denial of Service Vulnerabilities |
||||||
|
Cisco ASA Software and FTD Software MGCP Denial of Service Vulnerabilities |
||||||
|
FTD lina
cored with Thread name: cli_xml_server |
|
|||||
|
Random SGT tags added by FTD |
|
|||||
|
FIPS mode gets disabled after
rollback from a failed policy deploy |
|
|||||
|
ASA sends invalid redirect response
for POST request |
|
|||||
|
IKEv2 RA Generic client - stuck outgoing
asp table entry - traffic encrypted with stale SPI |
|
|||||
|
DHCP NACK silently dropped by
ASA sent from DHCP server if configured as DHCP relay |
|
|||||
|
Cisco ASA Software and FTD Software SIP Inspection Denial of Service Vulnerability |
|
|||||
|
Cisco ASA Software and FTD Software OSPF LSA Processing Denial of Service Vulnerability |
|
|||||
|
Fail-Closed FTD passes packets
through on Snort processes down |
|
|||||
|
IP Address stuck in local pool
and showing as "In Use" even when the AnyConnect client disconnects |
|
|||||
|
Thread Name: CP DP SFR Event
Processing traceback |
|
|||||
|
ASA/FTD HA Data Interface
Heartbeat dropped due to Reverse Path Check |
|
|||||
|
ASA Failover split brain (both
units active) after rebooting a Firepower chassis |
|
|||||
|
MCA+AAA+OTP with RADIUS
challenge fails to send aggauth handle in challenge |
|
|||||
|
Time zone in syslogs messages |
|
|||||
|
Unsupported runtime JavaScript
exception handling in the client side WebVPN rewriter |
|
|||||
|
Executing 'failover' twice on
active unit, clears interface configuration on standby unit |
|
|||||
|
Not able to establish more than
2 simultaneous ASDM sessions |
|
|||||
Revision: Version 9.10(1)22 – 05/10/2019
Files: asa9101-22-smp-k8.bin, cisco-asa-fp2k.9.10.1.22.SPA, cisco-asa.9.10.1.22.SPA.csp
Defects resolved since 9.10(1)17:
|
Traceback on Thread Name:
DATAPATH-2-1785 |
|
|
SSP-NTP: ssp-ntp
script monitoring script enhancements for XRU, KP |
|
|
FTD Lina traceback while
removing OSPF configuration. |
|
|
Route tracking failure |
|
|
ASA traceback on slave/standby
during sync config due to OSPF/EIGRP and IPv6 used together in ACE |
|
|
tcp proxy: ASA traceback on DATAPATH |
|
|
Traceback in Firepower 4120 |
|
|
overloading of the lina msglyr infra due to the
sending of VPN status messages |
|
|
Configuring "boot
config" has no effect if file was modified off-box and copied back on |
|
|
Graceful Restart BGP does not
work intermittently |
|
|
ASA may traceback in thread
logger when cluster is enabled on slave unit |
|
|
DHCPRelay does not consume DHCP Offer packet with Unicast flag |
|
|
EIGRP breaks when new
sub-interface is added and "mac-address auto" is enabled |
|
|
Traceback in threadname
DATAPATH-0-1668 while freeing memory block |
|
|
segfault in ctm_ipsec_pfkey_parse_msg
at ctm_ipsec_pfkey.c:602 |
|
|
FTD Lina traceback, due to
packet looping in the system by normaliser |
|
|
VPN sessions failing due to PKI
handles not freed during rekeys |
|
|
Lina does not properly report
the error for configuration line that is too long |
|
|
Cisco Adaptive Security Appliance Software Secure Copy
Denial of Service Vulnerability |
|
|
Enhancement to address high IKE
CPU seen due to tunnel replace scenario |
|
|
ASA traceback and reloads when issuing
"show inventory" command |
|
|
ASA Traceback and reload while
running IKE Debug |
|
|
Cisco Firepower Threat Defense Software VPN System Logging Denial of Service Vulnerability |
|
|
Traceback and reload citing
Datapath as affected thread |
|
|
Enhancement: add counter for
Duplicate remote proxy |
|
|
Do not decrypt rule causes
traffic interruptions. |
|
|
ASA may traceback and reload.
Potentially related to WebVPN traffic |
|
|
Standby Firewall reloads with a
traceback upon doing a manual failover |
|
|
HTTP with ipv6 using w3m is
failing |
|
|
ASA unable to authenticate users
with special characters via https |
|
|
Memory leak while inspecting GTP
traffic |
|
|
DTLS 1.2 and AnyConnect oMTU |
|
|
ASA may traceback and reload.
suspecting webvpn related |
|
|
ASA: Watchdog traceback in
Datapath |
|
|
established tcp
does not work post 9.6.2 |
|
|
ASA 5506/5508/5516 traceback in
Thread Name octnic_hm_thread |
Revision: Version 9.10(1)17 – 04/08/2019
Files: asa9101-17-smp-k8.bin, cisco-asa-fp2k.9.10.1.17.SPA, cisco-asa.9.10.1.17.SPA.csp
Defects resolved since 9.10(1)11:
|
Support for more than 255
characters for Split DNS value |
|
|
ASA is getting traceback with
reboot only on Spyker aftr
shutdown SFR module |
|
|
ASA HA with NSF: NSF is not
triggered properly when there is an Interface failure in ASA HA |
|
|
Deployment changes are not
pushed to the device due to disk0 mounted on read-only |
|
|
ASA is stuck on "reading
from flash" for several hours |
|
|
FXOS ASA/FTD needs means to poll
Internal-data interface counters |
|
|
Traceback and reload when
displaying CPU profiling results |
|
|
Digitial Signature Verification Failed during upload of Rest-Api image to ASA |
|
|
The 'show memory' CLI output is
incorrect on ASAv |
|
|
ACL Unable to configure an ACL
after access-group configuration error |
|
|
ASA: Not able to load Quovadis Root Certificate as trustpoint
when FIPS is enabled |
|
|
ASA5506 may slowly leak memory
when using NetFlow |
|
|
KP:AnyConnect used IP from pool shows as available |
|
|
FTD Address not mapped traceback
on 6.3.0.x release |
|
|
FPR platform IPsec VPN goes down
intermittently |
|
|
Control-plane ACL doesn't work
correctly on FTD |
|
|
ASA Multicontext
traceback and reload due to allocate-interface out of range command |
|
|
Traceback on Thread Name:
Unicorn Admin Handler after adding protocol to IKEV2 ipsec-proposal |
|
|
Memory Leak in DMA_Pool in binsize 1024 with
SCP download |
|
|
Upgrading ASA cluster to 9.10.1.7
cause traceback |
|
|
Deploy from FMC fails due to OOM
with no indication of why |
|
|
Ikev2 tunnel creation fails |
|
|
Support more than 255 chars for
Split DNS-commit issue in hanover for CSCuz22961 |
|
|
Upgrading ASA cluster to
9.10.1.7 cause low memory |
|
|
Cisco ASA Software and FTD Software IKEv1 Denial of Service
Vulnerability |
|
|
Unable to remove access-list
with 'log default' keyword |
|
|
Traceback while processing an
outbound SSL packet |
|
|
PDTS has incorrect numa node info resulting in incorrect load balancing |
|
|
AnyConnect session rejected due
to resource issue in multi context deployments |
|
|
Standby may enter reboot loop upon
upgrading to 9.6(4)20 from 9.6(4)6 |
|
|
ASA IPSec VPN EAP Fails to Load
Valid Certificate in PKI |
|
|
crypto ipsec
inner-routing-lookup should not be allowed to be configured with VTI present |
|
|
ASA traceback and reload when
trying to switch from ACTIVE to STANDBY. Thread Name: fover_FSM_thread |
|
|
Smart Tunnel bookmarks don't
work after upgrade giving certificate error |
Revision: Version 9.10(1)11 – 02/25/2019
Files: asa9101-11-smp-k8.bin, cisco-asa-fp2k.9.10.1.11.SPA, cisco-asa.9.10.1.11.SPA.csp
Defects resolved since 9.10(1)10:
ENH: Add Syslog Support for DCD |
Revision: Version 9.10(1)10 – 02/19/2019
Files: asa9101-10-smp-k8.bin,
cisco-asa-fp2k.9.10.1.10.SPA, cisco-asa.9.10.1.10.SPA.csp
Defects resolved since 9.10(1)7:
|
Traceback in DATAPATH on standby
FTD |
|
|||
|
ASA may traceback and reload
with combination of packet-tracer and captures |
|
|||
|
ASA is getting traceback with
reboot only on Spyker aftr
shutdown SFR module |
|
|||
|
Cisco
Adaptive Security Appliance Software Cross-site Request Forgery Vulnerability |
|
|||
|
Active FTP Data transfers fail
with FTP inspection and NAT |
||||
|
SSH session stuck after
committing changes within a Configure Session. |
||||
|
Qos applied on interfaces doesn't work. |
||||
|
Standby unit sending BFD packets
with active unit IP, causing BGP neighborship to fail. |
||||
|
ASA not inspecting H323 H225 |
||||
|
ASA core blocks depleted when
host unreachable in IRB configuration |
||||
|
Prevent administrators from
installing CXSC module on ASA 5500-X |
||||
|
ASA/FTD Connection Idle Timers
Not Increasing For Inactive Offloaded Sessions |
||||
|
ADI process fails to start on
ASA on Firepower 4100 |
||||
|
SNMPv2 pulls empty ifHCInOctets value if Nameif is
configured on the interface |
||||
|
ASA Traceback in emweb/https during Anyconnect
Auth/DAP assessment |
||||
|
ASA traceback when removing
interface configuration used in call-home |
||||
|
ASA discards OSPF hello packets with
LLS TLVs sent from a neighbor running on IOS XE 16.5.1 or later |
||||
|
RA VPN + SAML authentication
causes 2 authorization requests against the RADIUS server |
||||
|
ASA stops authenticating new
AnyConnect connections due to fiber exhaustion |
||||
|
DTLS fails after rekey |
||||
|
selective acking
not happening with SSL crypto hardware offload |
||||
|
ASA 5500-X may reload without crashinfo written due to CXSC module continuously
reloading |
||||
|
To support multiple
retry on devcmd failure to CRUZ during flow table
configuration update. |
||||
|
ISA300 interop issue with Nokia
7705 router |
||||
|
ASA traceback and reload due to
multiple threads waiting for the same lock -
watchdog |
||||
|
ASA 5585 9.8.3.14 traceback in
Datapath with ipsec |
||||
|
ASA as an SSL Client Memory Leak
in Handshake Error path |
||||
|
ASA/webvpn:
FF and Chrome: Bookmark is not rendered with Grammar Based Parser |
||||
|
Process Name: lina | ASA traceback caused by Netflow |
||||
|
Packet Tracer fails with
"ERROR: TRACER: NP failed tracing packet", with circular asp drop
captures |
||||
Revision: Version 9.10(1)7 – 12/19/2018
Files: asa9101-7-smp-k8.bin, cisco-asa-fp2k.9.10.1.7.SPA,
cisco-asa.9.10.1.7.SPA.csp
Defects resolved since 9.10(1)2:
|
GTP inspection may spike cpu usage |
||
|
IKEv2 MOBIKE session with Strongswan/3rd party client fails due to DPD with NAT
detection payload. |
||
|
Hanging downloads and slow
downloads on a FPR4120 due to http inspect |
||
|
ASA is getting traceback with
reboot only on Spyker aftr
shutdown SFR module |
||
|
Multicast dropped after deleting
a security context |
||
|
ASA IKEv2 capture type isakmp is saving corrupted packets or is missing packets |
||
|
SSH/Telnet Management sessions
may get stuck in pc ftpc_suspend |
||
|
Active FTP Data transfers fail
with FTP inspection and NAT |
||
|
ENH: Addition of 'show fragment'
to 'show tech' output |
||
|
ENH: Addition of 'show ipv6
interface' to 'show tech' output |
||
|
ENH: Addition of 'show aaa-server' to 'show tech' output |
||
|
KVM (FTD): Mapping web server
through outside not working consistent with other platforms |
||
|
FTD IPV6 traffic outage after
interface edit and deployment part 1/2 |
||
|
ASA IKEv2 traceback while
deleting SAs |
||
|
The CPU profiler stops running
without having hit the threshold and without collecting any samples. |
||
|
Initiating write net command
with management access for BVI interfaces does not succeed |
||
|
GTP delete bearer request is
being dropped |
||
|
Make Object Group Search
Threshold disabled by default, and configurable. Causes outages. |
||
|
PIX-ASA rest-api
unauthorized access. |
|
|
|
HA failed primary unit shows
active while "No Switchover" status on FP platforms |
||
|
ASA wrongly removes dACL for all Anyconnect clients
which has the same dACL attached |
||
|
Traceback high availability
standby unit Thread Name: vpnfol_thread_msg |
||
|
ASA kerberos
auth fails switch to TCP if server has response too big
(ERR_RESPONSE_TOO_BIG) |
||
|
ASA: Memory leak due to PC
alloc_fo_ipsec_info_buffer_ver_1+136 |
||
|
ASA: Add additional IKEv2/IPSec
debugging for CSCvm70848 |
||
|
ASA: IPSec SA installation
failure due to 'Failed to create session mgmt entry
for SPI <>' |
||
|
ASA: CLI: User should not be
allowed to create network object "ANY" |
||
|
Unable to modify access control
license entry with log default command |
||
|
FTD: SSH to ASA Data interface
fails if overlapping NAT statement is configured |
||
|
SSH Service on ASA echoes back
each typed/pasted character in its own packet |
||
|
Blocks exhaustion snapshot was
not captured on ASA |
||
|
FTD - When
"object-group-search" is pushed through flexconfig,
all ACLs get deleted causing outage. |
||
|
FTD device rebooted after taking
Active State for less than 5 minutes |
||
|
FTD: Need ability to trust ethertype ACLs from the parser. Need to allow BPDU to
pass through |
||
|
ASA may traceback due to SCTP
traffic inspection without NULL check |
||
|
ASA : Failed SSL connection not
getting deleted and depleting DMA memory |
||
|
ASA traceback when removing
interface configuration used in call-home |
||
|
Standby node traceback in wccp_int_statechange() with HA configuration sync |
||
|
ASA should allow GCM(SSL)
connections to use DMA_ALT1 when primary DMA pool is exhausted |
||
Revision: Version 9.10(1)2 – 11/08/2018
Files: asa9101-2-smp-k8.bin,
cisco-asa-fp2k.9.10.1.2.SPA, cisco-asa.9.10.1.2.SPA.csp
Defects resolved since 9.10(1):
|
Cisco Adaptive Security Appliance Software and FTD Software Denial of Service Vulnerability |