Cisco ASA Interim Release Notes

The software images listed below are Interim releases. They contain bug fixes which address specific issues found since the last Feature or Maintenance release. The images are fully supported by Cisco TAC and will remain on the download site only until the next Maintenance release is available.

Note: ASA 9.16(4) and later requires ASDM 7.18(1)152 or later. The ASA now validates whether the ASDM image is a Cisco digitally signed image. If you try to run an older ASDM image than 7.18(1.152) with an ASA version with this fix, ASDM will be blocked and the message “%ERROR: Signature not valid for file disk0:/<filename>” will be displayed at the ASA CLI. (CSCwb05291, CSCwb05264)

Version 9.16.4.85 – September 10, 2025

Defects resolved since 9.16.4.84:

CSCwn38761 DNS FQDN obj doesn't go unresolved upon FQDN obj deleted on server/intf to reach sever is down in 7.7
CSCwo31094 Virtual ASA Traceback and Reload Caused by Disk Access Issues with NFS Enabled
CSCwo97439 ACL: ASA may show false "OOB Access-list config change detected" warning after AAA authorization command is applied
CSCwp37284 "CSRF Token Mismatch" error seen when users click logout from Clientless VPN page
CSCwq78991 Firewall joins a cluster although gets incomplete ACL policy rules during replication
CSCwq79815 Cisco Secure Firewall Adaptive Security Appliance Software and Secure Firewall Threat Defense Software VPN Web Server Unauthorized Access Vulnerability
CSCwq79831 Cisco Secure Firewall Adaptive Security Appliance Software and Secure Firewall Threat Defense Software VPN Web Server Remote Code Execution Vulnerability


Version 9.16.4.84 – April 10, 2025

Defects resolved since 9.16.4.82:

CSCwk46737 ASA on HA: alloc_ch() alloc from chunk mem Failed message on one context in Standby device
CSCwn90900 High ASA/FTD memory usage due to polling of RA VPN related SNMP OIDs
CSCwn90958 Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Authenticated Command Injection Vulnerability
CSCwo00141 Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software VPN Web Server Denial of Service Vulnerability
CSCwo00880 Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software VPN Web Server Denial of Service Vulnerability
CSCwo08017 Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Remote Access VPN Web Server Denial of Service Vulnerability
CSCwo08042 ASAv reloaded unexpectedly with traceback on Unicorn Proxy Thread
CSCwo09060 SSL trustpoint with 4096 bit RSA keys not allowed by ASA if renewed via CLI
CSCwo15021 Cisco Secure Firewall Adaptive Security Appliance, and Secure Firewall Threat Defense Software IKEv2 Denial of Service Vulnerability
CSCwo15022 Cisco Secure Firewall Adaptive Security Appliance, and Secure Firewall Threat Defense Software IKEv2 Denial of Service Vulnerability
CSCwo15023 Cisco Secure Firewall Adaptive Security Appliance, and Secure Firewall Threat Defense Software IKEv2 Denial of Service Vulnerability
CSCwo15024 Cisco Secure Firewall Adaptive Security Appliance, and Secure Firewall Threat Defense Software IKEv2 Denial of Service Vulnerability
CSCwo15026 Cisco Secure Firewall Adaptive Security Appliance, and Secure Firewall Threat Defense Software IKEv2 Denial of Service Vulnerability
CSCwo15027 Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Remote Access SSL VPN Denial of Service Vulnerability
CSCwo18850 Cisco Secure Firewall Adaptive Security Appliance, Secure Firewall Threat Defense Software HTTP Server Remote Code Execution Vulnerability
CSCwo41250 Traceback & Reload in thread named: DATAPATH-1-23988 during low memory condition
CSCwo49928 Cisco Secure Firewall Adaptive Security Appliance, and Secure Firewall Threat Defense Software IKEv2 Denial of Service Vulnerability


Version 9.16.4.82 – March 12, 2025

Defects resolved since 9.16.4.76:

CSCwf25454 Stale anyconnect entries causing issues with routing
CSCwh17965 [Display]FXOS: PC member interface is shown as down & unassociated/unassigned after reload
CSCwk28058 FTD memory depletion resulting in traceback and reload
CSCwk63586 App instance stuck in STOP_FAILED with error message
CSCwm28007 Browser redirects to blank page when the user clicks the WebVPN bookmark
CSCwm35730 LINA may traceback in Thread Name: Datapath with NAT config
CSCwm36631 FTD Secondary Unit got stuck in Bulk sync state.
CSCwm37455 ASA/FTD will allow local IP pool with invalid netmask
CSCwm44412 FTD inline-set ignore reverse flag for inject/rewrite
CSCwm49721 ASA Traceback and Reload due to MEMORY CORRUPTION WAS DETECTED
CSCwm52931 ASA/FTD may traceback and reload in Thread Name "fover_parse"
CSCwm56864 show run access-list command returns warning
CSCwm63868 FTD - Missing routes on BGP advertised-routes after FTD HA failover event
CSCwm68211 ASA traceback and reload on thread snmp_inspect
CSCwm70835 ASA traceback and reload due to stack overflow while using APCF file
CSCwm71265 ASA traceback and reload on thread DATAPATH when processing gtpv1 end marker msg for PDP
CSCwm85228 ASA/FTD may traceback and reload in Thread Name "IKEv2 Daemon" while joining failover
CSCwm90905 GTP inspection drops packet with error ERROR-DROP:MsgType:32
CSCwm95070 Cisco Secure Firewall ASA and Secure FTD Software for FP 2100 Series IPv6 over IPsec DoS Vulnerability
CSCwm97054 ASA/FTD traceback and reload with high rate of SIP connections
CSCwm98278 TCP Conn not being flagged as Half-Closed after receiving the ACK for the FIN.
CSCwn00475 Memory Blocks 80 and 9344 leak due to priority-queue
CSCwn01281 GTP inspection not allowing GTP data packets if session create response has cause type 18
CSCwn14447 ASA/FTD may traceback and reload in Thread Name 'ldap_client_thread'
CSCwn15104 FTD reload with traceback on swapcontext function
CSCwn17121 ASA/FTD may traceback and reload in Thread Name 'cli_xml_request_process'.
CSCwn20024 ASA may traceback and reload in Thread Name 'ssh'
CSCwn21584 Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Web Services Denial of Service Vulnerability
CSCwn22456 GTPv2 IE-type 157 (Signaling Priority Indication) is dropped with reason as unknown IE type
CSCwn24577 ASA booting process may freeze when including 'no pim' or 'no igmp' config
CSCwn26165 FTD/ASA May Traceback and Reload - During Deployment / Radius changes - Due to Radius Packets
CSCwn27819 Jumbo frame packets are being fragmented
CSCwn34259 Monitored interfaces may go in waiting state after upgrade to 9.20.3.7
CSCwn34659 Firewall not initiating TCP request even after receiving the TC bit set in DNS response
CSCwn34707 Multiple Unicorn Admin Handler processes consume all the control plane CPU.
CSCwn35470 Serviceability : FQDN Packet based debug and capture trace support
CSCwn36120 Enhanced Debug Image with Lina and PDTS Capabilities for FQDN Issue Resolution
CSCwn39780 FTD Deployment Resilience: Skip non-critical / non-existing commands to avoid deployment failures.
CSCwn42949 Implementing forwarder flow on non-owner units handling distributed secondary flow connections
CSCwn65415 ASA: floating-conn not closing UDP conns if conn was created without ARP entry for next hop
CSCwn73351 Asia/Bangkok timezone option not listed in ASA running on firepower1k
CSCwn73399 Cisco Secure Firewall Adaptive Security Appliance, and Secure Firewall Threat Defense Software IKEv2 Denial of Service Vulnerability
CSCwn84557 Lina traceback and reload due to "spin_lock_fair_mode_enqueue"
CSCwn92894 Occasionally, 'show chunkstat top-usage' output does not show all entries
CSCwn93319 ASA/FTD may traceback and reload in Thread Name "DATAPATH"
CSCwo01557 ASA traceback and reload on DATAPATH thread due to memory corruption


Version 9.16.4.76 – November 13, 2024

Defects resolved since 9.16.4.71:

CSCwa82791 ENH: Support for snapshots of RX queues on InternalData interfaces when "Blocks free curr" goes low
CSCwc57500 Remove bootlogd package from FXOS to avoid ASA boot log problems
CSCwc87387 Valid DNS requests are being dropped by Lina DNS inspection when Umbrella DNS is configured
CSCwh51872 Message asa_log_client exited 1 time(s) seen multiple times
CSCwi98274 unzip 5.52 is from 2005 is contains multiple vulnerabilities
CSCwj31918 Segmentation fault with "logger_msg_dispatch" while HA sync
CSCwj53725 Traceback observed while applying 'no failover' and 'failover' in the ASA standby
CSCwj72013 PAT communication via using PAT pool fails for about 40 seconds when a device joins a cluster
CSCwk08241 FTD is not resolving FQDN for ACLs intermittently
CSCwk08476 FTD/ASA traceback and reload due to 'show bgp summary' memory leak
CSCwk10884 Connectivity failure due to mismatch between l2_table and subinterface mac address
CSCwk16332 ASA/FTD traceback and reload with high rate of SIP connections
CSCwk35710 FTD/LINA may traceback and reload when "show capture" command is executed in EEM script
CSCwk61157 FTD LINA Traceback and Reload dhcp_daemon Thread
CSCwk63733 HA-monitored interfaces are going into "waiting" state and subsequently to "Failed"
CSCwk67859 FTD and FXOS: RADIUS Protocol Spoofing Vulnerability (Blast-RADIUS): July 2024
CSCwk71992 BlastRADIUS vulnerability phase-1 fix for pix-asa - Message Authenticator
CSCwk75956 ASA/FTD may traceback and reload in Thread Name SSH
CSCwk87457 ASA/FTD may traceback and reload in Process Name "lina" after device was reloaded
CSCwk88182 FTDv50 traceback during normal operation at PTHREAD-8141 spin_lock_fair_mode_enqueue
CSCwk89836 ASA/FTD may traceback and reload in Thread Name 'strlen'
CSCwk94382 FTD: Lina might fail to respond to CONFIG_XML_REQUEST leading to stuck deployments
CSCwm01544 Lina traceback and reload in data-path thread
CSCwm04650 Increase memory usage leading to tracebacks in Lina.
CSCwm05520 Disable cluster syn cookie decoding when FTD cluster is deployed with inline-set
CSCwm08231 Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Network Address Translation DNS Inspection Denial of Service Vulnerability
CSCwm08232 Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Network Address Translation DNS Inspection Denial of Service Vulnerability
CSCwm08235 Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software DHCP Denial of Service Vulnerability
CSCwm13141 FTD CLISH/CLI gets locked up when trying to run any show command
CSCwm14509 Wrong drops seen with Invalid length for 23, 24 and 25 IE-Types during GTP inspection
CSCwm30731 The ASA's OSPF routing table is not properly synchronized with the neighbors
CSCwm33613 Default Group Policy is applied when receiving multiple Group Policies in SAML assertion attributes
CSCwm41847 Serviceability to capture PDTS writing/reading block to help root cause CSCwm36314
CSCwm49410 Misconfigured Cross-Origin-Opener-Policy
CSCwm60536 SQLNet traffic getting dropped intermittently in Clustering data unit.
CSCwm61282 ASA/FTD: RA VPN tunnel causing memory leak leading to traceback & Reload
CSCwm78351 Potential High CPU usage in Multi-Context Cluster setup with unconditional execution of capture code
CSCwm92397 LINA core observed pointing to "IP RIB Update" thread


Version 9.16.4.71 – September 24, 2024

Defects resolved since 9.16.4.70:

CSCwm13199 SIP traffic is affected due to unexpected behavior with NAT untranslations.
CSCwm49153 Cisco Adaptive Security Appliance Software SSH Server Resource DoS Vulnerability


Version 9.16.4.70 – August 29, 2024

Defects resolved since 9.16.4.67:

CSCwi44912 ISA3000 Traceback and reload boot loop
CSCwk13132 FTD/ASA 1550 blocks may get exhausted while sending logs to TCP syslog server


Version 9.16.4.67 – August 7, 2024

Defects resolved since 9.16.4.62:

CSCwf34069 Cisco ASA and FTD Remote Access SSL VPN Authentication Targeted Denial of Service Vulnerability
CSCwh10931 ASA/FTD traceback and reload when invoking "show webvpn saml idp" CLI command
CSCwh70874 FTD: Policy Deployment failure due to abort as no progress
CSCwi79037 IKEv2 client services is not getting enabled - XML profile is not downloaded
CSCwi90751 FTD/ASA - SNMP queries using snmpwalk are not displaying all "nameif" interfaces
CSCwj63974 Memory manager improvements for webvpn internal lua library
CSCwj74323 ASAv Memory leak involving PKI/Crypto for VPN
CSCwj83185 FTD/ASA : Standby FTD traceback and reload after enabling memory tracking
CSCwj83634 Seeing message "reg_fover_nlp_sessions: failover ioctl C_FOREG failed"
CSCwj87501 ASA/FTD may traceback and reload in Thread Name 'fover_FSM_thread'
CSCwk06564 Add New Syslog for Routes for NP add/delete
CSCwk11983 High LINA CPU observed due to NetFlow due to 'flow-export delay flow-create' configuration
CSCwk12497 Traceback and reload on active unit due to HA break operation.
CSCwk14909 Traffic drop with 'rule-transaction-in-progress' after failover with TCM cfgd in multi-ctx mode
CSCwk21561 Add warning message when configuring CCL MTU
CSCwk22034 Snmpwalk displays incorrect interface speeds for values greater or equal than 10G
CSCwk24176 FTD/ASA - VPN traffic flowing through the device may trigger tracebacks and reloads.
CSCwk25117 ENH: Add application support for blocking consecutive AAA failures on LINA
CSCwk26968 Backup feature does not save/restore DAP configuration in multiple context mode.
CSCwk32501 256/1550 block depletion process fover_thread
CSCwk36312 High cpu on "update block depletion" with secondary effects (Bgp flaps, traffic drops)
CSCwk44165 Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Remote Access SSL VPN Denial of Service Vulnerability
CSCwk48975 Packet-tracer output incorrectly appends 'control-plane' to drops for data-plane access-group
CSCwk53369 Cisco ASA and FTD Software Remote Access VPN Denial of Service Vulnerability
CSCwk62381 ASA might traceback and reload due to ssh/client hitting a null pointer while using SCP.
CSCwk69742 FTD: Policy deployment failed due to mismatch of checksum.


Version 9.16.4.62 – June 26, 2024

Defects resolved since 9.16.4.61:

CSCwh29276 ASA: Traceback and reload when switching from single to multiple mode
CSCwi05240 ASA - Traceback the standby device while HA sync ACL-DAP
CSCwi94356 Lina traceback and reload in Thread Name: cli_xml_request_process
CSCwj17447 ASA/FTD may traceback and reload in Thread Name 'DATAPATH-6-26174'
CSCwj19125 Cisco ASA and FTD NSG Access Control List Bypass Vulnerability
CSCwj20804 Cisco ASA and FTD Software VPN Web Server Limited Information Disclosure Vulnerability
CSCwj24828 Issue when two FQDN objects with same IP are added in source or destination (FTD/ASA)
CSCwj30980 Addition of debugs & a show command to capture the ID usage in the CTS SXP flow.
CSCwj43345 SNMP poll for some OIDs may cause CPU hogs and high latency can be observed for ICMP packets
CSCwj44398 when set the route-map in route RIP on FTD, routes update is not working after FTD reload
CSCwj49745 Cisco ASA and FTD VPN Web Client Services Cross-Site Scripting Vulnerabilities
CSCwj68783 FTD/ASA-HA configs not in sync as the command sync process is sending configs with special chars
CSCwj72683 ASA - Bookmarks on the WebVPN portal are unreachable after successful login.
CSCwj73061 SNMP OID for CPUTotal1min omits snort cpu cores entries when polled
CSCwj76503 Syslogs continue to be sent after disabling logging class on ASA
CSCwj82247 Cisco ASA and FTD SSL VPN Memory Management Denial of Service Vulnerability
CSCwj82736 TLS Handshake Fails if Segmented or Fragmented Client Hello Packet is Received Out of Order
CSCwj86116 High LINA CPU observed due to NetFlow configuration
CSCwj88400 FTD may traceback and reload in process name lina while processing appAgent msg reply
CSCwj89264 FTD HA: Traceback and reload in netsnmp_oid_compare_ll
CSCwj91570 Cisco ASA and FTD Software Remote Access VPN Brute Force Denial of Service Vulnerability
CSCwj95590 Browser redirects to logon page when the user clicks the WebVPN bookmark
CSCwj99043 Cisco ASA & FTD Software IKEv2 Denial of Service Vulnerability
CSCwk02804 WebVPN connections stuck in CLOSEWAIT state
CSCwk02928 ASA/FTD may traceback and reload in Thread Name PTHREAD
CSCwk04492 ASA CLI hangs with 'show run' with multiple ssh sessions
CSCwk05851 "set ip next-hop" line deleted from config at reload if IP address is matched to a NAME
CSCwk07934 Clock skew between FXOS and Lina causes SAML assertion processing failure
CSCwk08576 command to print the debug menu setting of service worker
CSCwk12698 SNMP polling of admin context mgmt interface fails to show all interfaces across all contexts
CSCwk12738 Cisco Adaptive Security Virtual Appliance and Secure FTD Virtual SSL VPN DoS Vulnerability
CSCwk13812 ASA/FTD incorrectly forwards extended community attribute after upgrade.
CSCwk17637 State Link Stops Sending Hello Messages Post-Failover Triggered by Snort traceback in FTD HA
CSCwk17854 FTD doesn't send Type A query after receiving a refuse error from one DNS server in AAAA query.
CSCwk21561 Add warning message when configuring CCL MTU
CSCwk22759 Issue with Setting Certain Timezones (e.g. GMT+1) on Cisco ASA Firepower in Appliance Mode
CSCwk27830 ASA/FTD may traceback and reload in Thread Name 'lina'


Version 9.16.4.61 – May 21, 2024

Defects resolved since 9.16.4.57:

CSCvy51481 [ENH] FTD should show error/warning when attaching a not valid certificate to the interface for VPN
CSCwb03293 IKEv2 debugs: Received Policies and Expected Policies are empty
CSCwe11754 Nodes randomly fail to join cluster due to internal clustering error
CSCwe12645 Secondary state flips between Ready & Failed when node is rebooted and mgmt interface is shutdown
CSCwe18462 ASA/FTD: Improve GTP Inspection Logging
CSCwe18467 ASA/FTD: GTP Inspection engine serviceability
CSCwf63256 Firepower reloads unexpectedly with a traceback
CSCwf75694 ASA - The GTP inspection dropped the message 'Delete PDP Context Response' due to an invalid TEID=0
CSCwf84318 ASA/FTD traceback and reload on thread DATAPATH
CSCwh43945 FTD/ASA traceback and reload may occur when ssl packet debugs are enabled
CSCwh60971 NAT pool is not working properly despite is not reaching the 32k object ID limit.
CSCwh68068 Firepower WCCP router-id changes randomly when VRFs are configured
CSCwh83021 ASA/FTD HA pair EIGRP routes getting flushed after failover
CSCwh95443 Datapath hogs causing clustering units to get kicked out of the cluster
CSCwi06797 ASA/FTD traceback and reload on thread DATAPATH
CSCwi42291 Cisco Firepower Threat Defense Software TCP Snort 3 Detection Engine Bypass Vulnerability
CSCwi43492 ASA traceback and reload on Thread Name: DATAPATH
CSCwi49770 ASA|FTD Traceback & reload in thread name Datapath
CSCwi56499 Cut-Through Proxy feature spikes CP CPU with a flood of un-authenticated traffic
CSCwi60430 CVE-2023-51385 (Medium Sev) In ssh in OpenSSH before 9.6, OS command injection might occur if a us
CSCwi68625 Continuous snmpd restarts observed if SNMP host is configured before the IP is configured
CSCwi84314 ASA CLI hangs with 'show run' on multiple SSH
CSCwi95796 FTD SNMP OID 1.3.6.1.4.1.9.9.109.1.1.1.1.7 always returns 0% for SysProc Average
CSCwi97836 ASA traceback and reload after configuring capture on nlp_int_tap and deleting context
CSCwi97948 EIGRP bandwidth is changing after upgrade or after "shutdown"/"no shutdown" commands
CSCwi99429 Policy deployment failure rollback didnt reconfigure the FTD devices
CSCwj05151 ASA/FTD may traceback and reload in Thread Name DATAPATH due to GTP Spin Lock Assertion
CSCwj06675 Cisco ASA and FTD Software Persistent Local Code Execution Vulnerability
CSCwj10451 The secondary device reloaded while rebooting the primary device.
CSCwj15792 Cisco ASA and FTD Software Dynamic Access Policies Denial of Service Vulnerability
CSCwj16125 Traceback and Reload when testing or loading an invalid hostscan image
CSCwj17447 ASA/FTD may traceback and reload in Thread Name 'DATAPATH-6-26174'
CSCwj22235 Lina traceback and reload due to mps_hash_memory pointing to null hash table
CSCwj22990 After upgrading the ASA, \u201cSlot 1: ATA Compact Flash memory\u201d shows a ditterent value
CSCwj25975 FTD/ASA : CSR generation with comma between \u201cCompany Name\u201d attribute does not work expected
CSCwj32035 Clientless VPN users are unable to reach pages with HTTP Basic Authentication
CSCwj33487 ASA/FTD may traceback and reload while handling DTLS traffic
CSCwj33580 IKEv2 tunnels flap due to fragmentation and throttling caused by multiple ciphers/proposal
CSCwj48704 ASA traceback and reload when accessing file system from ASDM
CSCwj49958 Crypto IPSEC Negotiation Failing At "Failed to compute a hash value"
CSCwj55036 ASA/FTD: A delay in an async crypto command induces a traceback and subsequently a reload.
CSCwj59861 ASA/FTD may traceback and reload in Thread Name 'lina' due to SCP/SSH process
CSCwj60265 ASA/FTD may traceback and reload in Thread Name 'DATAPATH-1-16803'
CSCwj68783 FTD/ASA-HA configs not in sync as the command sync process is sending configs with special chars
CSCwj82285 ASA/FTD may traceback and reload in Thread Name 'sdi_work'


Version 9.16.4.57 – April 1, 2024

Defects resolved since 9.16.4.55:

CSCvz70310 ASA may fail to create NAT rule for SNMP with: "error NAT unable to reserve ports."
CSCwd16850 More information is required on Syslog 202010 messages for troubleshooting
CSCwd67100 ASA traceback and reload on Datapath process
CSCwe02012 ASA/FTD may traceback and reload in Thread Name 'lina'
CSCwe11902 FTD: HA traceback and reload
CSCwe47485 FTD: CLISH slowness due to command execution locking LINA prompt
CSCwe93736 ASA not updating Timezone despite taking commands
CSCwf17389 ASA accepts replayed SAML assertions for RA VPN authentication
CSCwf23262 Cisco ASA and FTD AnyConnect Access Control List Bypass Vulnerability
CSCwf39108 Firewall rings may get stuck and cause packet loss when asp load-balance per-packet auto is used
CSCwf44621 Traceback and reload on Thread DATAPATH-6-21369 and linked to generation of syslog message ID 202010
CSCwf69880 Firewall Traceback and reload due to SNMP thread
CSCwh19352 comm alarm is raised and unit switches over even if one ack is dropped.
CSCwh40294 ASA traceback due to panic event during SNMP configuration
CSCwh45450 2100: Interfaces missing from FTD after removing interfaces as members of a port-channel
CSCwh69156 FTD-HA does not fail over sometimes when snort3 traceback
CSCwh71161 ASA|FTD: Traceback & reload in thread Name: update_mem_reference
CSCwh84376 In FPR4200/FPR3100-HA/cluster observed crashinfo/corefile.lina observed on device reboot.
CSCwh91065 Lina Traceback : Thread Name: DATAPATH during session terminate
CSCwh92345 crypto_archive file generated after the software upgrade.
CSCwh95025 GTP connections, under certain circumstances do not get cleared on issuing clear conn.
CSCwh95277 FTD traceback due to system memory exhaustion
CSCwh96055 Management DNS Servers may be unreacheable if data interface is used as the gateway
CSCwi01381 ASA/FTD may traceback and reload in Thread Name 'lina'
CSCwi02754 FTD 1120 Traceback and reload on standby unit with SNMP enabled.
CSCwi03407 Traceback on FP2140 without any trigger point.
CSCwi04351 FTD upgrade failling on script 999_finish/999_zz_install_bundle.sh
CSCwi20045 ASA/FTD may traceback and reload in Thread Name 'lina' due to a watchdog (watchdog_time = 0)
CSCwi31966 FTD ADI debugs may show incorrect server_group and/or realm_id for SAML-authenticated sessions
CSCwi40193 Hairpinning of DCE/RPC/FTP traffic during the suboptimal lookup
CSCwi44208 low memory/stress causing traceback in SNMP
CSCwi46010 ASA/FTD: Cluster incorrectly generating syslog 202010 for invalid packets destined to PAT IP
CSCwi48699 ASA traceback and reload on Thread Name: pix_flash_config_thread
CSCwi49884 TCP MSS is changed back to the default value when a VTI or loopback interface is created
CSCwi50343 Their standalone FTD running 7.2.2 on FPR-4112 experienced a traceback on the SNMP module
CSCwi55938 The "show asp drop" command usage requires better updates for cluster-related drops
CSCwi59525 Multiple lina cores on 7.2.6 KP2110 managed by cdFMC
CSCwi59831 ASA/FTD may traceback and reload in Thread Name 'lina'
CSCwi60285 ASA/FTD may traceback and reload in Thread Name 'lina'
CSCwi63113 Null pointer dereference in SNMP that results in traceback and reload
CSCwi63743 ASA/FTD may traceback and reload in Thread Name "appAgent_monitor_nd_thread" & Rip: _lina_assert.
CSCwi64829 traceback and reload around function HA
CSCwi65116 DHCPv6:ASA traceback on Thread Name: DHCPv6 CLIENT.
CSCwi66676 ASA/FTD may traceback and reload in Thread Name 'webvpn_task'
CSCwi74214 ASA/FTD traceback and reload in Thread Name: IKEv2 Daemon when moving from active to standby HA
CSCwi75198 Standby FTD experiencing periodic traceback and reload
CSCwi76002 Memory exhaustion due to absence of freeing up mechanism for tmatch
CSCwi76361 Transparent firewall MAC filter does not capture frames with STP-UplinkFast dst MAC consistently
CSCwi76630 FP2100/FP1000: ASA Smart licenses lost after reload
CSCwi79042 FTD/Lina traceback and reload of HA pairs, in data path, after adding NAT policy
CSCwi79703 Incorrect Timezone Format on FTD When Configured via FXOS
CSCwi80465 CCM ID 63 - LTS18
CSCwi87382 Traceback and reload on Primary unit while running debugs over the SSH session
CSCwi90040 Cisco ASA and FTD Software Command Injection Vulnerability
CSCwi90399 FTD/ASA system clock resets to year 2023
CSCwi90571 Access to website via Clientless SSL VPN Fails
CSCwi95228 "crypto ikev2 limit queue sa_init" resets after reboot
CSCwi95708 FTD: Hostname Missing from Syslog Message
CSCwi95994 Chromium-based browsers have SSL connection conflicts when FIPS CC is enabled on the firewall.
CSCwi97839 FTD traceback assert in vni_idb_get_mode and reloaded
CSCwi98284 Cisco ASA and FTD Software Persistent Local Code Execution Vulnerability
CSCwj02505 ASA Checkheaps traceback while entering same engineID twice
CSCwj09110 Upload files through Clientless portal is not working as expected after the ASA upgrade
CSCwj10955 Cisco ASA and FTD Software Web Services Denial of Service Vulnerability
CSCwj14028 CCM ID 67 - LTS18


Version 9.16.4.55 – February 6, 2024

Defects resolved since 9.16.4.48:

CSCvx37329 Remove Syslog Messages 852001 and 852002 in Firewall Threat Defense
CSCwc31953 Prevention of RSA private key leaks regardless of root cause.
CSCwc40352 Lina Netflow sending permited events to Stealthwatch but they are block by snort afterwards
CSCwd10822 Failover trigger due to Inspection engine in other unit has failed due to disk failure
CSCwd31806 ASAv show crashinfo printing in loop continuously
CSCwe06562 FPR1K/FPR2K: Increase in failover time in Transparent Mode with high number of Sub-Interfaces
CSCwe21884 Write wrapper around "kill" command to log who is calling it
CSCwe72330 FTD LINA traceback and reload in Datapath thread after adding Static Routing
CSCwe97939 ASA/FTD Cluster: Change "cluster replication delay" with max value increase from 15 to 50 sec
CSCwf08387 LSP version not updated to latest in LINA Prompt in SSP_CLUSTER with 7.2.4 build.
CSCwf34070 Cisco ASA and FTD Remote Access SSL VPN Authentication Targeted Denial of Service Vulnerability
CSCwf36419 ASA/FTD: Traceback and reload with Thread Name 'PTHREAD'
CSCwf59571 FTD/Lina - ZMQ issue OUT OF MEMORY. due to less Msglyr pool memory on certain platforms
CSCwf63589 FTD snmpd process traceback and restart
CSCwf89959 ASA: ISA3000 does not respond to entPhySensorValue OID SNMP polls
CSCwf99303 Management UI presents self-signed cert rather than custom CA signed one after upgrade
CSCwh09113 FPR1010 in HA failed to send or receive to GARP/ARP with error "edsa_rcv: out_drop"
CSCwh14863 FTD 7.0.4 cluster drops Oracle's sqlnet packets due to tcp-not-syn
CSCwh16759 SNMP is not working on the primary active ASA unit in multi-context environment
CSCwh30346 ASA/FTD: 1 Second failover delay for each NLP NAT rule
CSCwh47053 ASA/FTD may traceback and reload in Thread Name 'dns_cache_timer'
CSCwh58467 ASA does not sent 'warmstart' snmp trap
CSCwh65128 LINA show tech-support fails to generate as part of sf_troubleshoot.pl (Troubleshoot file)
CSCwh68482 Cisco Firepower Threat Defense Software for Firepower 2100 Series TLS Denial of Service Vu
CSCwh69346 ASA: Traceback and reload when restore configuration using CLI
CSCwh71665 ASA traceback under match_partial_keyword during CPU profiling
CSCwh77348 ASA: Traceback and reload when executing the command "show nat pool detail" on a cluster setup
CSCwh83254 ASA/FTD: Traceback and reload on thread name CP Crypto Result Processing
CSCwh91574 FTD: Traceback in threadname cli_xml_request_process
CSCwh93710 'Last Hit' Timestamp fails to Update to latest value on ASA, ASDM, and FTD
CSCwh95010 Unexpected traceback on thread name Lina and device experienced reboot
CSCwi01085 FTD VMWare tracebacks at PTHREAD-3587
CSCwi02134 FTD sends multiple replicated NetFlow records for the same flow event
CSCwi11520 FTD OSPFV3 IPV6 Routing: FTD is sending unsupported extended LSA request to neighbor routers
CSCwi12284 Cisco ASA webvpn XSS Vulnerability
CSCwi15409 ASA/FTD - may traceback and reload in Thread Name 'Unicorn Proxy Thread'
CSCwi15595 ASA traceback and reload during ACL configuration modification
CSCwi18581 Firewall traceback and reload due to SSH thread
CSCwi19145 FTD/ASA may traceback and reload in PKI, syslog, during upgrade
CSCwi19849 VPN load-balancing cluster encryption using Phase 2 deprecated ciphers
CSCwi20114 Cisco ASA Software and FTD Software SNMP Denial of Service Vulnerability
CSCwi20848 ASA/FTD high memory usage due to SNMP caused by RAVPN OID polling
CSCwi20955 FTD with may traceback in data-path during deployment when enabling TAP mode
CSCwi21625 FailSafe admin password is not properly sync'd with system context enable pw
CSCwi26895 ASA SNMP OID cpmCPUTotalPhysicalIndex returning zero values instead of CPU index values
CSCwi27338 Stale asp entry for TCP 443 remains on standby after changing default port
CSCwi31091 OSPF Redistribution route-map with prefix-list not working after upgrade
CSCwi32063 ASA/FTD: SSL VPN Second Factor Fields Disappear
CSCwi32759 Username-from-certificate secondary attribute is not extracted if the first attribute is missing
CSCwi33817 ASA/FTD: 'IKEv2 Negotiation aborted due to ERROR: Platform errors' during a rekey
CSCwi34125 ASA: Snmpwalk shows "No Such Instance" for the OID ceSensorExtThresholdValue
CSCwi36311 use kill tree function in SMA instead of SIGTERM
CSCwi40536 ASA/FTD: Traceback and reload when running show tech and under High Memory utilization condition
CSCwi42992 ASA/FTD may traceback and reload in Thread Name IKEv2 Daemon
CSCwi43782 GTP inspection dropping packets with IE 152 due to header length being invalid for IE type 152
CSCwi46023 FTD drops double tagged BPDUs.
CSCwi53150 Service object-group protocol type mismatch error seen while access-list referencing already
CSCwi53431 Unable to Synch more then 100 environment-data with data unit
CSCwi56048 Interface fragment queue may get stuck at 2/3 of fragment database size
CSCwi62683 The SSH transport protocol with certain OpenSSH extensions, found in ... (CVE-2023-48795)


Version 9.16.4.48 – November 28, 2023

Defects resolved since 9.16.4.42:

CSCwb41189 LINA time-sync correction
CSCwd02864 logging/syslog is impacted by SNMP traps and logging history
CSCwd34079 FTD: Traceback & reload in process name lina
CSCwd87438 Enhance logging mechanism for syslogs
CSCwe03631 Need to provide rate-limit on "logging history "
CSCwe18472 [FTD Multi-Instance][SNMP] - CPU OIDs return incomplete list of associated CPUs
CSCwe25342 ASA/FTD - SNMP related memory leak behavior when snmp-server is not configured
CSCwe44099 Cisco Adaptive Security Virtual Appliance and Secure FTD Virtual SSL VPN DoS Vulnerability
CSCwe58207 Memory leak observed on ASA/FTD when logging history is enabled
CSCwe65516 show xlate does not display xlate entries for internal interfaces (nlp_int_tap) after enabling ssh.
CSCwe87134 ASA/FTD: Traceback and reload due to high rate of SCTP traffic
CSCwe93137 KP - multimode: ASA traceback observed during HA node break and rejoin.
CSCwf64590 Units get kicked out of the cluster randomly due to HB miss | ASA 9.16.3.220
CSCwf92661 ASA|FTD: Traceback & reload due to a free buffer corruption
CSCwf94450 FTD Lina traceback Thread Name: DATAPATH due to memory corruption
CSCwh14352 Lina CiscoSSL upgrade to 1.1.1v and FOM 7.3a
CSCwh19897 ASA/FTD Cluster: Reuse of TCP Randomized Sequence number on two different conns with same 5 tuple
CSCwh21474 ASA traceback when re-configuring access-list
CSCwh40106 FTD hosted on KP incorrectly dropping decoded ESP packets if pre-filter action is analyze
CSCwh42412 FTD Block 9344 leak due to fragmented GRE traffic over inline-set interface inner-flow processing
CSCwh47701 ASA allows same BGP Dynamic routing process for Physical Data and management-only interfaces
CSCwh49244 "show aaa-server" command always shows the Average round trip time 0ms.
CSCwh53745 ASA: unexpected logs for initiating inbound connection for DNS query response
CSCwh59199 ASA/FTD traceback and reload with IPSec VPN, possibly involving upgrade
CSCwh60604 ASA/FTD may traceback and reload in Thread Name 'lina' while processing DAP data
CSCwh60631 Fragmented UDP packet via MPLS tunnel reassemble fail
CSCwh66359 ASDM can not see log timestamp after enable logging timestamp on cli
CSCwh70323 Timestamp entry missing for some syslog messages sent to syslog server
CSCwh70481 Community string sent from router is not matching ASA
CSCwh95175 ASA/FTD may traceback and reload in Thread Name 'lina'


Version 9.16.4.42 – October 4, 2023

Defects resolved since 9.16.4.39:

CSCvy81493 traceback and reload with 'CHECKHEAPS HAS DETECTED A MEMORY CORRUPTION'
CSCwc78781 ASA/FTD may traceback and reload during ACL changes linked to PBR config
CSCwd28037 No nameif during traffic causes the device traceback, lina core is generated.
CSCwd38583 ASA/FTD: Command "no snmp-server enable oid mempool" enabled by default or enforced during upgrades
CSCwe28912 Primary Unit lost all HA config after FTD HA upgrade
CSCwe42061 Deleting a BVI in FTD interfaces is causing packet drops in other BVIs
CSCwe67816 ASA / FTD Traceback and reload when removing isakmp capture
CSCwe90609 Cisco ASA Software and FTD Software SNMP Denial of Service Vulnerability
CSCwe98319 ASAConfig multiple restarts are leaking 16K memory in every Restart leading to ZMQ Out Of Memory.
CSCwf35233 Cisco Adaptive Security Appliance Software and Firepower Threat Defense DoS
CSCwf35573 Traffic may be impacted if TLS Server Identity probe timeout is too long
CSCwf47227 Remove Priority-queue command from FTD|| Priority-queue command causes silent egress packet drops
CSCwf54510 ASA traceback and reload on Thread Name: DHCPRA Monitor
CSCwf60590 "show route all summary" executed on transparent mode FTD is causing CLISH to become Sluggish.
CSCwf62820 Failover: standby unit traceback and reload during modifying access-lists
CSCwf63872 FTD taking longer than expected to form OSPF adjacencies after a failover switchover
CSCwf69901 FTD: Traceback and reload during OSPF redistribution process execution
CSCwf95147 OSPFv3 Traffic is Centralized in Transparent Mode
CSCwh04395 ASDM application randomly exits/terminates with an alert message on multi-context setup
CSCwh08481 ASA traceback on Lina process with FREEB and VPN functions
CSCwh13821 ASA/FTD may traceback and reload in when changing capture buffer size
CSCwh15223 Lina Traceback and reload when DAQ/Snort sends malformed L3 header
CSCwh16301 Incorrect Hit count statistics on ASA Cluster only for Cluster-wide output
CSCwh23567 PAC Key file missing on standby on reload
CSCwh27230 Connections are not cleared after idle timeout when the interfaces are in inline mode.
CSCwh28144 Specific OID 1.3.6.1.2.1.25 should not be responding
CSCwh30891 ASA/FTD may traceback and reload in Thread Name 'ssh' when adding SNMPV3 config
CSCwh31495 FTD - Traceback and reload due to nat rule removed by CPU core
CSCwh32118 ASDM management-sessions quota reached due to HTTP sessions stuck in CLOSE_WAIT
CSCwh41127 ASA/FTD: NAT64 error "overlaps with inside standby interface address" for Standalone ASA
CSCwh49483 ASA/FTD may traceback and reload while running show inventory


Version 9.16.4.39 – September 20, 2023

Defects resolved since 9.16.4.38:

CSCwh45108 Cisco ASA and FTD Software Remote Access VPN Unauthorized Access Vulnerability


Version 9.16.4.38 – August 30, 2023

Defects resolved since 9.16.4.27:

CSCvt25221 FTD traceback in Thread Name cli_xml_server when deploying QoS policy
CSCvx04003 Lack of throttling of ARP miss indications to CP leads to oversubscription
CSCvx54562 High System Overhead memory on FTD
CSCwc82205 ASA/FTD may traceback and reload in Thread Name 'lina'
CSCwd89095 Stratix5950 and ISA3000 LACP channel member SFP port suspended after reload
CSCwd98316 Cisco ASA and FTD Software VPN Packet Validation Vulnerability
CSCwe12705 multimode-tmatch_df_hijack_walk traceback observed during shut/unshut on FO connected switch interfa
CSCwe28407 LINA traceback with icmp_thread
CSCwe51443 ASA Evaluation of OpenSSL vulnerability CVE-2022-4450
CSCwe65245 FP2100 series devices might use excessive memory if there is a very high SNMP polling rate
CSCwe74089 ASA/FTD may traceback and reload in Thread Name DATAPATH-1-1656
CSCwe82704 PortChannel sub-interfaces configured as data/data-sharing, in multi-instance HA go into "waiting"
CSCwe83255 ASA/FTD may traceback and reload in Thread Name 'lina'
CSCwe86225 ASA/FTD traceback and reload due citing thread name: cli_xml_server in tm_job_add
CSCwe93561 Cisco ASA and FTD VPN Web Client Services Client-Side Request Smuggling Vulnerability
CSCwe99550 Add knob to pause/resume file specific logging in asa log infra.
CSCwf05295 FTD running on FP1000 series might drop packets on TLS flows after the "Client Hello" message.
CSCwf10910 FTD : Traceback in ZMQ running 7.3.0
CSCwf14126 ASA Traceback and reload citing process name 'lina'
CSCwf15902 ASAv in Hyper-V drops packets on management interface
CSCwf17042 ASDM replaces custom policy-map with default map on class inspect options at backup restore.
CSCwf22005 ASA/FTD : Packet-tracer may displays incorrect ACL rule, though produces correct verdict.
CSCwf26407 FP2130- Unable to disassociate member from port channel, deployment fails, member is lost on FTD/FMC
CSCwf26534 ASA/FTD: Connection information in SIP-SDP header remains untranslated with destination static Any
CSCwf33904 [IMS_7_4_0] - Virtual FDM Upgrade fails: HA configStatus='OUT_OF_SYNC after UpgradeOnStandby
CSCwf34500 FTD: GRE traffic is not being load balanced between CPU cores
CSCwf35207 ASA: Traceback and reload while updating ACLs on ASA
CSCwf39163 ASAv - High latency is experienced on Azure environment for ICMP ping packets while running snmpwalk
CSCwf43537 traceback and reload in thread name: cli_xml_request_process during FTD cluster upgrade
CSCwf44537 Traceback and reload on nat_remove_policy_from_np
CSCwf47924 Cisco ASA and FTD VPN Web Client Services Client-Side Request Smuggling Vulnerability
CSCwf48599 VPN load-balancing cluster encryption using deprecated ciphers
CSCwf49573 ASA/FTD: Traceback and reload when issuing 'show memory webvpn all objects'
CSCwf50497 DNS cache entry exhaustion leads to traceback
CSCwf51933 FTD username with dot fails AAA-RADIUS external authentication login after upgrade
CSCwf52810 ASA SNMP polling not working and showing "Unable to honour this request now" on show commands
CSCwf54418 Reduce time taken to clear stale IKEv2 SAs formed after Duplicate Detection
CSCwf56386 vFTD runs out of memory and goes to failed state
CSCwf56811 ASA Traceback & reload on process name lina due to memory header validation
CSCwf58876 KP2140-HA, reloaded primary unit not able to detect the peer unit
CSCwf60311 ASA generating traceback with thread-name: DATAPATH-53-18309 after upgrade to 9.16.4.19
CSCwf62729 Cisco ASA/FTD Firepower 2100 SSL/TLS Denial of Service Vulnerability
CSCwf72434 Add meaningful logs when the maximums system limit rules are hit
CSCwf77191 ASA appliance mode - 'connect fxos [admin]' will get ERROR: failed to open connection.
CSCwf78321 ASA: Checkheaps traceback and reload due to Clientless WebVPN
CSCwf81058 FTD: Firepower 3100 Dynamic Flow Offload showing as Enabled
CSCwf82247 Policy deployment fails when a route same prefix/metric is configured in a separate VRF.
CSCwf82742 FTD: SNMP not working on management interface
CSCwf92135 ASA: Traceback and reload on Tread name "fover_FSM_thread" and ha_ntfy_prog_process_timer
CSCwf92646 ECDSA Self-signed certificate using SHA384 for EC521
CSCwf94677 "failover standby config-lock" config is lost after both HA units are reloaded simultaneously
CSCwh04365 ASA Traceback & reload on process name lina due to memory header validation - webvpn side fix
CSCwh05863 ASA omits port in host field of HTTP header of OCSP request if non-default port begins with 80
CSCwh06452 Interface speed mismatch in SNMP response using OID .1.3.6.1.2.1.2.2
CSCwh11764 ASA/FTD may traceback and reload in Thread Name "RAND_DRBG_bytes" and CTM function on n5 platforms
CSCwh23100 Cisco ASA and FTD Software Remote Access VPN Unauthorized Access Vulnerability
CSCwh30676 Ping to the configured systemIP on management interface getting failed in cluster setup.


Version 9.16.4.27 – June 15, 2023

Defects resolved since 9.16.4.19:

CSCwb88729 FTD - %FTD-3-199015: port-manager: Error: DOM Block Read failure, port X, st = X log false/positive
CSCwb95453 ASA: The timestamp for all logs generated by Admin context are the same
CSCwb95784 cache and dump last 20 rmu request response packets in case failures/delays while reading registers
CSCwd34288 FP1000 - During boot process in LINA mode, broadcasts leaked between interfaces resulting in storm
CSCwd67101 FPR1150 : Exec format error seen and the device hung until reload when erase secure all is executed
CSCwd74839 30+ seconds data loss when unit re-join cluster
CSCwd94183 Blade not coming up after FXOS update support on multi-instance due to ssp_ntp.log log rotation prob
CSCwd96493 Link Up seen for a few seconds on FPR1010 during bootup
CSCwe03529 FTD traceback and reload while deploying PAT POOL
CSCwe20714 Traffic drop when primary device is active
CSCwe20918 Cisco ASA and FTD Software Remote Access SSL VPN Multiple Certificate Auth Bypass
CSCwe22302 Partition "/opt/cisco/config" gets full due to wtmp file not getting logrotated
CSCwe26612 FTD taking longer than expected to form OSPF adjacencies after a failover switchover
CSCwe30867 Workaround to set hwclock from ntp logs on low end platforms
CSCwe38029 Multiple traceback seen on standby unit.
CSCwe39425 2100: Power switch toggle leads to ungraceful shutdowns and "PowerCycleRequest" reset
CSCwe40463 Stale IKEv2 SA formed during simultaneous IKE SA handling when missing delete from the peer
CSCwe44311 FP2100:Update LINA asa.log files to avoid recursive messages-.1.gz rotated filenames
CSCwe50993 SNMPD running on FXOS platform goes down and won't come back up
CSCwe52120 SSL decrypted conns fails when tx chksum-offload is enabled with the egress interface a pppoe.
CSCwe59737 ASA/FTD reboots due to traceback pointing to watchdog timeout on p3_tree_lookup
CSCwe59809 CCM seq 45 - WR6, WR8, LTS18 and LTS21.
CSCwe59919 FTD Traceback and reload on Thread Name "NetSnmp Event mib process"
CSCwe61928 PIM register packets are not sent to RP after a reload if FTD uses a default gateway to reach the RP
CSCwe63266 Need fault/error for invalid firmware MF-111-234949
CSCwe70202 Multiple times the failover may be disabled by wrongly seeing a different "Mate operational mode".
CSCwe74916 Interface remains DOWN in an Inline-set with propagate link state
CSCwe77123 ASA/FTD : Degradation for TCP tput on FPR2100 via IPSEC VPN when there is delay between VPN peers
CSCwe80063 Default DLY value of port-channel sub interface mismatch with parent Portchannel
CSCwe85432 ASA/FTD traceback and reload on thread DATAPATH-14-11344 when SIP inspection is enabled
CSCwe89731 Notification Daemon false alarm of Service Down
CSCwe90720 ASA Traceback and reload in parse thread due ha_msg corruption
CSCwe92905 ngfwManager process continuously restarting leading to ZMQ Out of Memory traceback
CSCwe93202 FXOS REST API: Unable to create a keyring with type "ecdsa"
CSCwe93489 Threat-detection does not recognize exception objects with a prefix in IPv6
CSCwe93561 Cisco ASA and FTD VPN Web Client Services Client-Side Request Smuggling Vulnerability
CSCwe95729 Cisco ASA & FTD SAML Authentication Bypass Vulnerability
CSCwe95757 ASA/FTD may traceback and reload in Thread Name 'lina'
CSCwe96023 ASa/FTD: SNMP related traceback and reload immediately after upgrade from 6.6.5 to 7.0.1
CSCwe97277 Observed ASA traceback and reload when performing hitless upgrade while VPN traffic running
CSCwe99040 traceback and reload thread datapath on process tcpmod_proxy_continue_bp
CSCwf03490 portmanager.sh outputing continuous bash warnings to log files
CSCwf04831 ASA/FTD may traceback and reload in Thread Name 'ci/console'
CSCwf06377 Setting heartbeat timeout to 6sec for Firepower 4100 and 9300
CSCwf07791 ASA running out of SNMP PDU and SNMP VAR chunks
CSCwf08043 Lina traceback and reload due to fragmented packets
CSCwf12005 ASA sends OCSP request without user-agent and host
CSCwf12408 ASA: After upgrade to 9.16.4 all type-8 passwords are lost on first reboot
CSCwf14735 traceback and reload in Process Name: lina related to Nat/Pat
CSCwf14811 TCP normalizer needs stats that show actions like packet drops
CSCwf15858 LDAP authentication over SSL not working for users that send large authorisation profiles
CSCwf17814 ASA/FTD may traceback and reload in Thread Name '19', free block checksum failure
CSCwf20338 ASA may traceback and reload in Thread Name 'DHCPv6 Relay'
CSCwf21106 ASA/FTD: Traceback on thread name: snmp_master_callback_thread during SNMP and interface changes
CSCwf23564 Unable to establish BGP when using MD5 authentication over GRE TUNNEL and FTD as passthrough device
CSCwf26939 FTD may fail to create a NAT rule with error: "IPv4 dst real obj address range is huge"
CSCwf28488 Inconsistent log messages seen when emblem is configured and buffer logging is set to debug
CSCwf30716 ASA in multi context shows standby device in failed stated even after MIO HB recovery.
CSCwf30727 ASA integration with umbrella does not work without validation-usage ssl-server.
CSCwf31701 ASA traceback and reload with the Thread name: **CP Crypto Result Processing**
CSCwf31820 Firewall may drop packets when routing between global or user VRFs
CSCwf33574 ASA access-list entries have the same hash after upgrade
CSCwf42144 ASA/FTD may traceback and reload citing process name "lina"
CSCwf43288 Traceback in Thread Name: ssh/client in a clustered setup
CSCwf57261 ASA: Traceback and reload due to clientless webvpn session closure


Version 9.16.4.19 – May 4, 2023

Defects resolved since 9.16.4.18:

CSCvx71936 FXOS: Fault "The password encryption key has not been set." displayed on FPR1000 and FPR2100 devices
CSCwa29934 Interfaces on standalone 2120 and 2110 FTD show as modified after upgrade to 7.0.1-84 from 6.6.5
CSCwa89116 Clean up session index handling in IKEv2/SNMP/Session-mgr for MIB usage
CSCwb19387 ASA SNMP Poll is failing & show display "Unable to honour this request now.Please try again later."
CSCwb24306 duplicate log entry for /mnt/disk0/log/asa_snmp.log
CSCwb97486 FPR3100: 25G optic may show link up on some 1/10G capable only fiber ports
CSCwd10880 critical health alerts 'user configuration(FSM.sam.dme.AaaUserEpUpdateUserEp)' on FPR 1100/2100/3100
CSCwd22413 ASA/FTD: Traceback and reload in Thread Name: EIGRP-IPv4
CSCwd42410 Expected snmp output is not found in 'show run | in fxos snmp'
CSCwd43666 Analyze why there is no logrotate for /opt/cisco/config/var/log/ASAconsole.log
CSCwd54360 FP2100: FXOS side changes for HA is not resilient to unexpected lacp process termination issue
CSCwd68088 ASA|FTD: Implement different TLS diffie-hellman prime based on RFC recommendation
CSCwd72680 FXOS: FP2100 FTW timeout triggered by high CPU usage during FTD Access Control Policy deploy.
CSCwd80343 MI FTD running 7.0.4 is on High disk utilization
CSCwd95415 The Standby Device going in failed state due to snort heartbeat failure
CSCwd96766 FPR41xx/9300: Blade does not capture or log a reboot signal
CSCwe07722 Cluster data unit drops non-VPN traffic with ASP reason "VPN reclassify failure
CSCwe08729 FPR1120:connections are getting teardown after switchover in HA
CSCwe11119 ASA: Traceback and reload while processing SNMP packets
CSCwe21187 ASA/FTD may drop multicast packets due to no-mcast-intrf ASP drop reason until UDP timeout expires
CSCwe21280 Multicast connection built or teardown syslog messages may not always be generated
CSCwe22176 WR6, WR8, LTS18 and LTS21 commit id update in CCM layer (Seq 43)
CSCwe26612 FTD taking longer than expected to form OSPF adjacencies after a failover switchover
CSCwe28094 ASA/FTD may traceback and reload after executing 'clear counters all' when VPN tunnels are created
CSCwe28726 The command "app-agent heartbeat" is getting removed when deleting any created context
CSCwe29529 FTD MI does not adjust PVID on vlans attached to BVI
CSCwe29850 ASA/FTD Show chunkstat top command implementation
CSCwe30228 ASA/FTD might traceback in funtion "snp_fp_l2_capture_internal" due to cf_reinject_hide flag
CSCwe36176 ASA/FTD: High failover delay with large number of (sub)interfaces and http server enabled
CSCwe44311 FP2100:Update LINA asa.log files to avoid recursive messages-.1.gz rotated filenames
CSCwe44672 Syslog ASA-6-611101 is generated twice for a single ssh connection
CSCwe45093 User with no vpn-filter may get additional access when per-user-override is set (IKEv2 RAVPN)
CSCwe45779 ASA/FTD drops traffic to BVI if floating conn is not default value due to no valid adjacency
CSCwe51286 ASA/FTD may traceback and reload in Thread Name 'lina'
CSCwe54288 syslog-ng process may hang and would lead the module to a frozen state
CSCwe54529 FTD on FPR2140 - Lina traceback and reload by TCP normalization
CSCwe59380 FTD: "timeout floating-conn" not operating as expected for connections dependent on VRF routing
CSCwe61969 ASA Multicontext 'management-only' interface attribute not synced during creation
CSCwe62361 ASA reboots due to heartbeat loss and "Communication with NPU lost"
CSCwe62997 ASA/FTD traceback in snp_tracer_format_route
CSCwe63067 ASA/FTD may traceback and reload in Thread Name 'lina' due to due to tcp intercept stat
CSCwe63232 ASA/FTD: Ensure flow-offload states within cluster are the same
CSCwe64404 ASA/FTD may traceback and reload
CSCwe64557 ASA: Prevent SFR module configuration on unsuported platforms
CSCwe64563 The command "neighbor x.x.x.x ha-mode graceful-restart" removed when deleting any created context
CSCwe65634 ASA - Standby device may traceback and reload during synchronization of ACL DAP
CSCwe66132 ASA/FTD may traceback and reload in Thread Name 'lina'
CSCwe67751 Last fragment from SIP IPv6 packets has MF equal to 1, flagging that more packets are expected
CSCwe68159 Failover fover_trace.log file is flooding and gets overwritten quickly
CSCwe70378 Connections not replicated to Standby FTD
CSCwe71284 ASA/FTD may traceback and reload in Thread Name DATAPATH-3-21853
CSCwe72535 Unable to login to FTD using external authentication
CSCwe74059 logrotate is not compressing files on 9.16 ASA or 7.0 FTD
CSCwe74328 AnyConnect - mobile devices are not able to connect when hostscan is enabled
CSCwe78977 ASA/FTD may traceback and reload in Thread Name 'pix_flash_config_thread'
CSCwe79072 ASA/FTD may traceback and reload in Thread Name 'lina'
CSCwe81684 ASA: Standby failure on parsing of "management-only" not reported to parser/failover subsystem
CSCwe89030 Serial number attribute from the subject DN of certificate should be taken as the username
CSCwe90202 ASA: Standby failure on parsing of "management-only" for dynamic configuraiton changes
CSCwe93532 ASA/FTD may traceback and reload in Thread Name 'lina'.
CSCwe94287 FTD DHCP Relay drops NACK if multiple DHCP Servers are configured
CSCwe96068 ASA: Configurable CLU for Large amount of under/overruns on CLU RX/TX queues
CSCwe98687 Cisco FTD Software Software for Cisco Firepower 2100 Series Inspection Rules DoS Vulnerability


Version 9.16.4.18 – March 27, 2023

Defects resolved since 9.16.4.14:

CSCvu24703 FTD - Flow-Offload should be able to coexist with Rate-limiting Feature (QoS)
CSCwa96920 ASA/FTD may traceback and reload in process Lina
CSCwb00871 ENH: Reduce latency in log_handler_file to reduce watchdog under scale or stress
CSCwc82188 FTD Traceback and reload when applying long commands from FMC UI or CLISH
CSCwd07278 ASA/FTD tmatch compilation check when unit joins the cluster, when TCM is off
CSCwd30856 User with no vpn-filter may get additional access when per-user-override is set
CSCwd33054 DHCP Relay is looping back the DHCP offer packet causing dhcprelay to fail on the FTD/ASA
CSCwd39468 ASA/FTD Traceback and reload when configuring ISAKMP captures on device
CSCwd46741 fxos log rotate failing to cycle files, resulting in large file sizes
CSCwd69454 Port-channel interfaces of secondary unit are in waiting status after reload
CSCwd81538 FTD Traffic failure due to 9344 block depletion in peer_proxy_tx_q
CSCwd85927 Traceback and reload when webvpn users match DAP access-list with 36k elements
CSCwd86929 Cut-Through Proxy does not work with HTTPS traffic
CSCwd87438 Enhance logging mechanism for syslogs
CSCwd88585 ASA/FTD NAT Pool Cluster allocation and reservation discrepancy between units
CSCwd96755 ASA is unexpected reload when doing backup
CSCwe00864 License Commands go missing in Cluster data unit if the Cluster join fails.
CSCwe09811 FTD traceback and reload during policy deployment adding/removing/editing of NAT statements.
CSCwe14514 ASA/FTD Traceback and reload of Standby Unit while removing capture configurations
CSCwe18974 ASA/FTD may traceback and reload in Thread Name: CTM Daemon
CSCwe20043 256-byte memory block gets depleted on start if jumbo frame is enabled with FTD on ASA5516
CSCwe23039 NTP polling frequency changed from 5 minutes to 1 second causes large useless log files
CSCwe25342 ASA/FTD - SNMP related memory leak behavior when snmp-server is not configured
CSCwe29179 CLUSTER: ICMP reply arrives at director earlier than CLU add flow request from flow owner.
CSCwe29583 ASA/FTD may traceback and reload in Thread Name 'None' at lua_getinfo
CSCwe41898 ASA: FP2100 FTW timeout triggered by high CPU usage during FTD Access Control Policy deploy.


Version 9.16.4.14 – February 7, 2023

Defects resolved since 9.16.4.9:

CSCvy84336 Add a warning when member interfaces of the port-channel are different between active and standby
CSCwa04262 Cisco ASA Software SSL VPN Client-Side Request Smuggling Vulnerability via "/"URI
CSCwb09606 FP2100: ASA/FTD high availability is not resilient to unexpected lacp process termination
CSCwb44848 ASA/FTD Traceback and reload in Process Name: lina
CSCwc03332 FTD on FP2100 can take over as HA active unit during reboot process
CSCwc64923 ASA/FTD may traceback and reload in Thread Name 'lina' ip routing ndbshr
CSCwc67687 ASA HA failover triggers HTTP server restart failure and ASDM outage
CSCwc77680 FTD may traceback and reload in Thread Name 'DATAPATH-0-4948'
CSCwc89924 FXOS ASA/FTD SNMP OID to poll Internal-data 'no buffer' interface counters
CSCwc95290 ESP rule missing in vpn-context may cause IPSec traffic drop
CSCwd04210 ASA: ASDM sessions stuck in CLOSE_WAIT causing lack of MGMT
CSCwd19053 ASA/FTD may traceback with large number of network objects deployment using distribute-list
CSCwd23188 ASA/FTD may traceback and reload in Thread Name 'lina'
CSCwd28236 standby unit using both active and standby IPs causing duplicate IP issues due to nat "any"
CSCwd33811 Cluster registration is failing because DATA_NODE isn't joining the cluster
CSCwd46061 FPR 2100: 10G interfaces with 1G SFP goes down post reload
CSCwd46780 ASA/FTD: Traceback and reload in Thread Name: appAgent_reply_processor_thread
CSCwd48633 ASA - traceback and reload when Webvpn Portal is used
CSCwd50218 ASA restore is not applying vlan configuration
CSCwd53135 ASA/FTD: Object Group Search Syslog for flows exceeding threshold
CSCwd53340 FTD PDTS LINA RX queue can become stuck when snort send messages with 4085-4096 bytes size
CSCwd56254 "show tech-support" generation does not include "show inventory" when run on FTD
CSCwd56296 FTD Lina traceback and reload in Thread Name 'IP Init Thread'
CSCwd56774 Misleading drop reason in "show asp drop"
CSCwd56995 Clientless Accessing Web Contents using application/octet-stream vs text/plain
CSCwd57698 Recursive panic under lina_duart_write
CSCwd58528 Memory depletion while running EMIX traffic profile on QP HA active node
CSCwd59736 ASA/FTD: Traceback and reload due to SNMP group configuration during upgrade
CSCwd61016 ASA: Standby may get stuck in "Sync Config" status upon reboot when there is EEM is configured
CSCwd62138 ASA Connections stuck in idle state when DCD is enabled
CSCwd62859 Cisco ASA and FTD AnyConnect SSL/TLS VPN Denial of Service Vulnerability
CSCwd63580 FPR2100: Increase in failover convergence time with ASA in Appliance mode
CSCwd63961 AC clients fail to match DAP rules due to attribute value too large
CSCwd66709 FP4125 2.10.1.166 FTD applications in HA went into not responding state
CSCwd66815 Lina changes to support - Snort3 traceback in daq-pdts while handling FQDN based traffic
CSCwd74116 S2S Tunnels do not come up due to DH computation failure caused by DSID Leak
CSCwd77581 Cisco ASA and FTD ICMPv6 Message Processing Denial of Service Vulnerability
CSCwd78123 ASA/FTD traceback and reload when IPSec/Ikev2 vpn session bringup with dh group 31 in fips mode
CSCwd78624 ASA may traceback and reload with multiple input/output error messages
CSCwd82235 LINA Traceback on FPR-1010 under Thread Name: update_cpu_usage
CSCwd84133 ASA/FTD may traceback and reload in Thread Name 'telnet/ci'
CSCwd84868 Observing some devcmd failures and checkheaps traceback when flow offload is not used.
CSCwd85178 AWS ASAv PAYG Licensing not working in GovCloud regions.
CSCwd91421 ASA/FTD may traceback and reload in logging_cfg processing
CSCwd93376 Clientless VPN users are unable to download large files through the WebVPN portal
CSCwd94096 Anyconnect users unable to connect when ASA using different authentication and authorization server
CSCwd95043 Cisco ASA and FTD VPN Web Client Services Client-Side Request Smuggling Vulnerability
CSCwd95436 Primary ASA traceback upon rebooting the secondary
CSCwd95908 ASA/FTD traceback and reload, Thread Name: rtcli async executor process
CSCwd96845 Cisco ASA and FTD AnyConnect Access Control List Bypass Vulnerability
CSCwd97020 ASA/FTD: External IDP SAML authentication fails with Bad Request message
CSCwe03991 FTD/ASA traceback and reload during to tmatch compilation process
CSCwe05913 FTD traceback/reloads - Icmp error packet processing involves snp_nat_xlate_identity
CSCwe09074 None option under trustpoint doesn't work when CRL check is failing
CSCwe12407 High Lina memory use due to leaked SSL handles
CSCwe14174 FTD - 'show memory top-usage' providing improper value for memory allocation
CSCwe25025 8x10Gb netmod fails to come online


Version 9.16.4.9 – November 29, 2022

Defects resolved in this release:

CSCvy65770 ASA/FTD: Traceback and reload during BGP route update
CSCvz34289 In some cases transition to lightweight proxy doesn't work for Do Not Decrypt flows
CSCvz41551 FP2100: ASA/FTD with threat-detection statistics may traceback and reload in Thread Name 'lina'
CSCwa96860 Failover high convergence causes traffic failures
CSCwc03507 No-buffer drops on Internal Data interfaces despite little evidence of CPU hog
CSCwc23844 ASAv high CPU and stack memory allocation errors despite over 30% free memory
CSCwc27846 Traceback and Reload while HA sync after upgrading and reloading.
CSCwc37256 SSL AnyConnect access blocked after upgrade
CSCwc66757 ASA/FTD may traceback and reload in Thread Name 'lina'
CSCwc67886 ASA/FTD may traceback and reload in Thread Name 'lina_inotify_file_monitor_thread'
CSCwc68656 ASA CLI for TCP Maximum unprocessed segments
CSCwc72155 ASA/FTD Traceback and reload on function "snp_cluster_trans_allocb"
CSCwc72284 TACACS Accounting includes an incorrect IPv6 address of the client
CSCwc74103 ASA/FTD may traceback and reload in Thread Name 'DATAPATH-11-32591'
CSCwc77519 FPR1000 ASA/FTD: Primary takes active role after reloading
CSCwc80234 "inspect snmp" config difference between active and standby
CSCwc81184 ASA/FTD traceback and reload caused by SNMP process failure
CSCwc90091 ASA 9.12(4)47 with user-statistics, will affects the "policy-server xxxx global" visibility.
CSCwc93166 Using write standby in a user context leaves secondary firewall license status in an invalid state
CSCwc94466 Cisco ASA/FTD Firepower 2100 SSL/TLS Denial of Service Vulnerability
CSCwc94501 ASA/FTD memory leak and tracebacks due to ctm_n5 resets
CSCwc96805 traceback and reload due to tcp intercept stat in thread unicorn
CSCwc99242 ISA3000 LACP channel member SFP port suspended after reload
CSCwd00386 ASA/FTD may traceback and reload when clearing the configration due to "snp_clear_acl_log_flow_all"
CSCwd00778 ifAdminStatus output is abnormal via snmp polling
CSCwd01032 ASA/FTD may traceback and reload when RAVPN with SAML is configured
CSCwd02864 logging/syslog is impacted by SNMP traps and logging history
CSCwd03793 FTD Traceback and reload
CSCwd11303 ASA might generate traceback in ikev2 process and reload
CSCwd11855 ASA/FTD may traceback and reload in Thread Name 'ikev2_fo_event'
CSCwd14972 ASA/FTD Traceback and Reload in Thread Name: pix_flash_config_thread
CSCwd16294 GTP inspection drops packets for optional IE Header Length being too short
CSCwd16517 GTP drops not always logged on buffer and syslog
CSCwd16689 ASA/FTD traceback due to block data corruption
CSCwd17856 ASA goes for traceback/reload with message - snmp_ma_kill_restart: vf is NULL
CSCwd18744 FPR1K FTD fails to form HA due to reason "Other unit has different set of hwidb index"
CSCwd20627 ASA/FTD: NAT configuration deployment failure
CSCwd22907 ASA/FTD High CPU in SNMP Notify Thread
CSCwd23913 FTD in HA traceback multiple times after adding a BGP neighbour with prefix list.
CSCwd25201 ASA/FTD SNMP traps enqueued when no SNMP trap server configured
CSCwd25256 ASA/FTD Transactional Commit may result in mismatched rules and traffic loss
CSCwd26867 Device should not move to Active state once Reboot is triggered
CSCwd31181 Lina traceback and reload - VPN parent channel (SAL) has an invalid underlying channel
CSCwd38805 Syslog 106016 is not rate-limited by default
CSCwd40260 Serviceability Enhancement - Unable to parse payload are silently drop by ASA/FTD
CSCwd41083 ASA traceback and reload due to DNS inspection
CSCwd51757 Unable to get polling results using snmp GET for connection rate OID\u2019s


Last edited on: September 25, 2025