Cisco ASA Interim Release Notes

The software images listed below are Interim releases. They contain bug fixes which address specific issues found since the last Feature or Maintenance release. The images are fully supported by Cisco TAC and will remain on the download site only until the next Maintenance release is available.

Note: ASA 9.16(4) and later requires ASDM 7.18(1)152 or later. The ASA now validates whether the ASDM image is a Cisco digitally signed image. If you try to run an older ASDM image than 7.18(1.152) with an ASA version with this fix, ASDM will be blocked and the message “%ERROR: Signature not valid for file disk0:/<filename>” will be displayed at the ASA CLI. (CSCwb05291, CSCwb05264)

Version 9.16.4.84 – April 10, 2025

Defects resolved in this release:

CSCwk46737ASA on HA: alloc_ch() alloc from chunk mem Failed message on one context in Standby device
CSCwn90900High ASA/FTD memory usage due to polling of RA VPN related SNMP OIDs
CSCwn90958Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Authenticated Command Injection Vulnerability
CSCwo00141Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software VPN Web Server Denial of Service Vulnerability
CSCwo00880Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software VPN Web Server Denial of Service Vulnerability
CSCwo08017Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Remote Access VPN Web Server Denial of Service Vulnerability
CSCwo08042ASAv reloaded unexpectedly with traceback on Unicorn Proxy Thread
CSCwo09060SSL trustpoint with 4096 bit RSA keys not allowed by ASA if renewed via CLI
CSCwo15022Cisco Secure Firewall Adaptive Security Appliance, and Secure Firewall Threat Defense Software IKEv2 Denial of Service Vulnerability
CSCwo15023Cisco Secure Firewall Adaptive Security Appliance, and Secure Firewall Threat Defense Software IKEv2 Denial of Service Vulnerability
CSCwo15027Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Remote Access SSL VPN Denial of Service Vulnerability
CSCwo41250Traceback & Reload in thread named: DATAPATH-1-23988 during low memory condition


Version 9.16.4.82 – March 12, 2025

Defects resolved in this release:

CSCwf25454Stale anyconnect entries causing issues with routing
CSCwh17965[Display]FXOS: PC member interface is shown as down & unassociated/unassigned after reload
CSCwk28058FTD memory depletion resulting in traceback and reload
CSCwk63586App instance stuck in STOP_FAILED with error message
CSCwm28007Browser redirects to blank page when the user clicks the WebVPN bookmark
CSCwm35730LINA may traceback in Thread Name: Datapath with NAT config
CSCwm36631FTD Secondary Unit got stuck in Bulk sync state.
CSCwm37455ASA/FTD will allow local IP pool with invalid netmask
CSCwm44412FTD inline-set ignore reverse flag for inject/rewrite
CSCwm49721ASA Traceback and Reload due to MEMORY CORRUPTION WAS DETECTED
CSCwm52931ASA/FTD may traceback and reload in Thread Name "fover_parse"
CSCwm56864show run access-list command returns warning
CSCwm63868FTD - Missing routes on BGP advertised-routes after FTD HA failover event
CSCwm68211ASA traceback and reload on thread snmp_inspect
CSCwm70835ASA traceback and reload due to stack overflow while using APCF file
CSCwm71265ASA traceback and reload on thread DATAPATH when processing gtpv1 end marker msg for PDP
CSCwm85228ASA/FTD may traceback and reload in Thread Name "IKEv2 Daemon" while joining failover
CSCwm90905GTP inspection drops packet with error ERROR-DROP:MsgType:32
CSCwm95070Cisco Secure Firewall ASA and Secure FTD Software for FP 2100 Series IPv6 over IPsec DoS Vulnerability
CSCwm97054ASA/FTD traceback and reload with high rate of SIP connections
CSCwm98278TCP Conn not being flagged as Half-Closed after receiving the ACK for the FIN.
CSCwn00475Memory Blocks 80 and 9344 leak due to priority-queue
CSCwn01281GTP inspection not allowing GTP data packets if session create response has cause type 18
CSCwn14447ASA/FTD may traceback and reload in Thread Name 'ldap_client_thread'
CSCwn15104FTD reload with traceback on swapcontext function
CSCwn17121ASA/FTD may traceback and reload in Thread Name 'cli_xml_request_process'.
CSCwn20024ASA may traceback and reload in Thread Name 'ssh'
CSCwn21584Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Web Services Denial of Service Vulnerability
CSCwn22456GTPv2 IE-type 157 (Signaling Priority Indication) is dropped with reason as unknown IE type
CSCwn24577ASA booting process may freeze when including 'no pim' or 'no igmp' config
CSCwn26165FTD/ASA May Traceback and Reload - During Deployment / Radius changes - Due to Radius Packets
CSCwn27819Jumbo frame packets are being fragmented
CSCwn34259Monitored interfaces may go in waiting state after upgrade to 9.20.3.7
CSCwn34659Firewall not initiating TCP request even after receiving the TC bit set in DNS response
CSCwn34707Multiple Unicorn Admin Handler processes consume all the control plane CPU.
CSCwn35470Serviceability : FQDN Packet based debug and capture trace support
CSCwn36120Enhanced Debug Image with Lina and PDTS Capabilities for FQDN Issue Resolution
CSCwn39780FTD Deployment Resilience: Skip non-critical / non-existing commands to avoid deployment failures.
CSCwn42949Implementing forwarder flow on non-owner units handling distributed secondary flow connections
CSCwn65415ASA: floating-conn not closing UDP conns if conn was created without ARP entry for next hop
CSCwn73351Asia/Bangkok timezone option not listed in ASA running on firepower1k
CSCwn73399Cisco Secure Firewall Adaptive Security Appliance, and Secure Firewall Threat Defense Software IKEv2 Denial of Service Vulnerability
CSCwn84557Lina traceback and reload due to "spin_lock_fair_mode_enqueue"
CSCwn92894Occasionally, 'show chunkstat top-usage' output does not show all entries
CSCwn93319ASA/FTD may traceback and reload in Thread Name "DATAPATH"
CSCwo01557ASA traceback and reload on DATAPATH thread due to memory corruption


Version 9.16.4.76 – November 13, 2024

Defects resolved in this release:

CSCwa82791ENH: Support for snapshots of RX queues on InternalData interfaces when "Blocks free curr" goes low
CSCwc57500Remove bootlogd package from FXOS to avoid ASA boot log problems
CSCwc87387Valid DNS requests are being dropped by Lina DNS inspection when Umbrella DNS is configured
CSCwh51872Message asa_log_client exited 1 time(s) seen multiple times
CSCwi98274unzip 5.52 is from 2005 is contains multiple vulnerabilities
CSCwj31918Segmentation fault with "logger_msg_dispatch" while HA sync
CSCwj53725Traceback observed while applying 'no failover' and 'failover' in the ASA standby
CSCwj72013PAT communication via using PAT pool fails for about 40 seconds when a device joins a cluster
CSCwk08241FTD is not resolving FQDN for ACLs intermittently
CSCwk08476FTD/ASA traceback and reload due to 'show bgp summary' memory leak
CSCwk10884Connectivity failure due to mismatch between l2_table and subinterface mac address
CSCwk16332ASA/FTD traceback and reload with high rate of SIP connections
CSCwk35710FTD/LINA may traceback and reload when "show capture" command is executed in EEM script
CSCwk61157FTD LINA Traceback and Reload dhcp_daemon Thread
CSCwk63733HA-monitored interfaces are going into "waiting" state and subsequently to "Failed"
CSCwk67859FTD and FXOS: RADIUS Protocol Spoofing Vulnerability (Blast-RADIUS): July 2024
CSCwk71992BlastRADIUS vulnerability phase-1 fix for pix-asa - Message Authenticator
CSCwk75956ASA/FTD may traceback and reload in Thread Name SSH
CSCwk87457ASA/FTD may traceback and reload in Process Name "lina" after device was reloaded
CSCwk88182FTDv50 traceback during normal operation at PTHREAD-8141 spin_lock_fair_mode_enqueue
CSCwk89836ASA/FTD may traceback and reload in Thread Name 'strlen'
CSCwk94382FTD: Lina might fail to respond to CONFIG_XML_REQUEST leading to stuck deployments
CSCwm01544Lina traceback and reload in data-path thread
CSCwm04650Increase memory usage leading to tracebacks in Lina.
CSCwm05520Disable cluster syn cookie decoding when FTD cluster is deployed with inline-set
CSCwm08231Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Network Address Translation DNS Inspection Denial of Service Vulnerability
CSCwm08232Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Network Address Translation DNS Inspection Denial of Service Vulnerability
CSCwm13141FTD CLISH/CLI gets locked up when trying to run any show command
CSCwm14509Wrong drops seen with Invalid length for 23, 24 and 25 IE-Types during GTP inspection
CSCwm30731The ASA's OSPF routing table is not properly synchronized with the neighbors
CSCwm33613Default Group Policy is applied when receiving multiple Group Policies in SAML assertion attributes
CSCwm41847Serviceability to capture PDTS writing/reading block to help root cause CSCwm36314
CSCwm49410Misconfigured Cross-Origin-Opener-Policy
CSCwm60536SQLNet traffic getting dropped intermittently in Clustering data unit.
CSCwm61282ASA/FTD: RA VPN tunnel causing memory leak leading to traceback & Reload
CSCwm78351Potential High CPU usage in Multi-Context Cluster setup with unconditional execution of capture code
CSCwm92397LINA core observed pointing to "IP RIB Update" thread


Version 9.16.4.71 – September 24, 2024

Defects resolved in this release:

CSCwm13199SIP traffic is affected due to unexpected behavior with NAT untranslations.
CSCwm49153Cisco Adaptive Security Appliance Software SSH Server Resource DoS Vulnerability


Version 9.16.4.70 – August 29, 2024

Defects resolved in this release:

CSCwi44912ISA3000 Traceback and reload boot loop
CSCwk13132FTD/ASA 1550 blocks may get exhausted while sending logs to TCP syslog server


Version 9.16.4.67 – August 7, 2024

Defects resolved in this release:

CSCwf34069Cisco ASA and FTD Remote Access SSL VPN Authentication Targeted Denial of Service Vulnerability
CSCwh10931ASA/FTD traceback and reload when invoking "show webvpn saml idp" CLI command
CSCwh70874FTD: Policy Deployment failure due to abort as no progress
CSCwi79037IKEv2 client services is not getting enabled - XML profile is not downloaded
CSCwi90751FTD/ASA - SNMP queries using snmpwalk are not displaying all "nameif" interfaces
CSCwj63974Memory manager improvements for webvpn internal lua library
CSCwj74323ASAv Memory leak involving PKI/Crypto for VPN
CSCwj83185FTD/ASA : Standby FTD traceback and reload after enabling memory tracking
CSCwj83634Seeing message "reg_fover_nlp_sessions: failover ioctl C_FOREG failed"
CSCwj87501ASA/FTD may traceback and reload in Thread Name 'fover_FSM_thread'
CSCwk06564Add New Syslog for Routes for NP add/delete
CSCwk11983High LINA CPU observed due to NetFlow due to 'flow-export delay flow-create' configuration
CSCwk12497Traceback and reload on active unit due to HA break operation.
CSCwk14909Traffic drop with 'rule-transaction-in-progress' after failover with TCM cfgd in multi-ctx mode
CSCwk21561Add warning message when configuring CCL MTU
CSCwk22034Snmpwalk displays incorrect interface speeds for values greater or equal than 10G
CSCwk24176FTD/ASA - VPN traffic flowing through the device may trigger tracebacks and reloads.
CSCwk25117ENH: Add application support for blocking consecutive AAA failures on LINA
CSCwk26968Backup feature does not save/restore DAP configuration in multiple context mode.
CSCwk32501256/1550 block depletion process fover_thread
CSCwk36312High cpu on "update block depletion" with secondary effects (Bgp flaps, traffic drops)
CSCwk44165Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Remote Access SSL VPN Denial of Service Vulnerability
CSCwk48975Packet-tracer output incorrectly appends 'control-plane' to drops for data-plane access-group
CSCwk53369Cisco ASA and FTD Software Remote Access VPN Denial of Service Vulnerability
CSCwk62381ASA might traceback and reload due to ssh/client hitting a null pointer while using SCP.
CSCwk69742FTD: Policy deployment failed due to mismatch of checksum.


Version 9.16.4.62 – June 26, 2024

Defects resolved in this release:

CSCwh29276ASA: Traceback and reload when switching from single to multiple mode
CSCwi05240ASA - Traceback the standby device while HA sync ACL-DAP
CSCwi94356Lina traceback and reload in Thread Name: cli_xml_request_process
CSCwj17447ASA/FTD may traceback and reload in Thread Name 'DATAPATH-6-26174'
CSCwj19125Cisco ASA and FTD NSG Access Control List Bypass Vulnerability
CSCwj20804Cisco ASA and FTD Software VPN Web Server Limited Information Disclosure Vulnerability
CSCwj24828Issue when two FQDN objects with same IP are added in source or destination (FTD/ASA)
CSCwj30980Addition of debugs & a show command to capture the ID usage in the CTS SXP flow.
CSCwj43345SNMP poll for some OIDs may cause CPU hogs and high latency can be observed for ICMP packets
CSCwj44398when set the route-map in route RIP on FTD, routes update is not working after FTD reload
CSCwj49745Cisco ASA and FTD VPN Web Client Services Cross-Site Scripting Vulnerabilities
CSCwj68783FTD/ASA-HA configs not in sync as the command sync process is sending configs with special chars
CSCwj72683ASA - Bookmarks on the WebVPN portal are unreachable after successful login.
CSCwj73061SNMP OID for CPUTotal1min omits snort cpu cores entries when polled
CSCwj76503Syslogs continue to be sent after disabling logging class on ASA
CSCwj82247Cisco ASA and FTD SSL VPN Memory Management Denial of Service Vulnerability
CSCwj82736TLS Handshake Fails if Segmented or Fragmented Client Hello Packet is Received Out of Order
CSCwj86116High LINA CPU observed due to NetFlow configuration
CSCwj88400FTD may traceback and reload in process name lina while processing appAgent msg reply
CSCwj89264FTD HA: Traceback and reload in netsnmp_oid_compare_ll
CSCwj91570Cisco ASA and FTD Software Remote Access VPN Brute Force Denial of Service Vulnerability
CSCwj95590Browser redirects to logon page when the user clicks the WebVPN bookmark
CSCwj99043Cisco ASA & FTD Software IKEv2 Denial of Service Vulnerability
CSCwk02804WebVPN connections stuck in CLOSEWAIT state
CSCwk02928ASA/FTD may traceback and reload in Thread Name PTHREAD
CSCwk04492ASA CLI hangs with 'show run' with multiple ssh sessions
CSCwk05851"set ip next-hop" line deleted from config at reload if IP address is matched to a NAME
CSCwk07934Clock skew between FXOS and Lina causes SAML assertion processing failure
CSCwk08576command to print the debug menu setting of service worker
CSCwk12698SNMP polling of admin context mgmt interface fails to show all interfaces across all contexts
CSCwk12738Cisco Adaptive Security Virtual Appliance and Secure FTD Virtual SSL VPN DoS Vulnerability
CSCwk13812ASA/FTD incorrectly forwards extended community attribute after upgrade.
CSCwk17637State Link Stops Sending Hello Messages Post-Failover Triggered by Snort traceback in FTD HA
CSCwk17854FTD doesn't send Type A query after receiving a refuse error from one DNS server in AAAA query.
CSCwk21561Add warning message when configuring CCL MTU
CSCwk22759Issue with Setting Certain Timezones (e.g. GMT+1) on Cisco ASA Firepower in Appliance Mode
CSCwk27830ASA/FTD may traceback and reload in Thread Name 'lina'


Version 9.16.4.61 – May 21, 2024

Defects resolved in this release:

CSCvy51481[ENH] FTD should show error/warning when attaching a not valid certificate to the interface for VPN
CSCwb03293IKEv2 debugs: Received Policies and Expected Policies are empty
CSCwe11754Nodes randomly fail to join cluster due to internal clustering error
CSCwe12645Secondary state flips between Ready & Failed when node is rebooted and mgmt interface is shutdown
CSCwe18462ASA/FTD: Improve GTP Inspection Logging
CSCwe18467ASA/FTD: GTP Inspection engine serviceability
CSCwf63256Firepower reloads unexpectedly with a traceback
CSCwf75694ASA - The GTP inspection dropped the message 'Delete PDP Context Response' due to an invalid TEID=0
CSCwf84318ASA/FTD traceback and reload on thread DATAPATH
CSCwh43945FTD/ASA traceback and reload may occur when ssl packet debugs are enabled
CSCwh60971NAT pool is not working properly despite is not reaching the 32k object ID limit.
CSCwh68068Firepower WCCP router-id changes randomly when VRFs are configured
CSCwh83021ASA/FTD HA pair EIGRP routes getting flushed after failover
CSCwh95443Datapath hogs causing clustering units to get kicked out of the cluster
CSCwi06797ASA/FTD traceback and reload on thread DATAPATH
CSCwi42291Cisco Firepower Threat Defense Software TCP Snort 3 Detection Engine Bypass Vulnerability
CSCwi43492ASA traceback and reload on Thread Name: DATAPATH
CSCwi49770ASA|FTD Traceback & reload in thread name Datapath
CSCwi56499Cut-Through Proxy feature spikes CP CPU with a flood of un-authenticated traffic
CSCwi60430CVE-2023-51385 (Medium Sev) In ssh in OpenSSH before 9.6, OS command injection might occur if a us
CSCwi68625Continuous snmpd restarts observed if SNMP host is configured before the IP is configured
CSCwi84314ASA CLI hangs with 'show run' on multiple SSH
CSCwi95796FTD SNMP OID 1.3.6.1.4.1.9.9.109.1.1.1.1.7 always returns 0% for SysProc Average
CSCwi97836ASA traceback and reload after configuring capture on nlp_int_tap and deleting context
CSCwi97948EIGRP bandwidth is changing after upgrade or after "shutdown"/"no shutdown" commands
CSCwi99429Policy deployment failure rollback didnt reconfigure the FTD devices
CSCwj05151ASA/FTD may traceback and reload in Thread Name DATAPATH due to GTP Spin Lock Assertion
CSCwj06675Cisco ASA and FTD Software Persistent Local Code Execution Vulnerability
CSCwj10451The secondary device reloaded while rebooting the primary device.
CSCwj15792Cisco ASA and FTD Software Dynamic Access Policies Denial of Service Vulnerability
CSCwj16125Traceback and Reload when testing or loading an invalid hostscan image
CSCwj17447ASA/FTD may traceback and reload in Thread Name 'DATAPATH-6-26174'
CSCwj22235Lina traceback and reload due to mps_hash_memory pointing to null hash table
CSCwj22990After upgrading the ASA, \u201cSlot 1: ATA Compact Flash memory\u201d shows a ditterent value
CSCwj25975FTD/ASA : CSR generation with comma between \u201cCompany Name\u201d attribute does not work expected
CSCwj32035Clientless VPN users are unable to reach pages with HTTP Basic Authentication
CSCwj33487ASA/FTD may traceback and reload while handling DTLS traffic
CSCwj33580IKEv2 tunnels flap due to fragmentation and throttling caused by multiple ciphers/proposal
CSCwj48704ASA traceback and reload when accessing file system from ASDM
CSCwj49958Crypto IPSEC Negotiation Failing At "Failed to compute a hash value"
CSCwj55036ASA/FTD: A delay in an async crypto command induces a traceback and subsequently a reload.
CSCwj59861ASA/FTD may traceback and reload in Thread Name 'lina' due to SCP/SSH process
CSCwj60265ASA/FTD may traceback and reload in Thread Name 'DATAPATH-1-16803'
CSCwj68783FTD/ASA-HA configs not in sync as the command sync process is sending configs with special chars
CSCwj82285ASA/FTD may traceback and reload in Thread Name 'sdi_work'


Version 9.16.4.57 – April 1, 2024

Defects resolved in this release:

CSCvz70310ASA may fail to create NAT rule for SNMP with: "error NAT unable to reserve ports."
CSCwd16850More information is required on Syslog 202010 messages for troubleshooting
CSCwd67100ASA traceback and reload on Datapath process
CSCwe02012ASA/FTD may traceback and reload in Thread Name 'lina'
CSCwe11902FTD: HA traceback and reload
CSCwe47485FTD: CLISH slowness due to command execution locking LINA prompt
CSCwe93736ASA not updating Timezone despite taking commands
CSCwf17389ASA accepts replayed SAML assertions for RA VPN authentication
CSCwf23262Cisco ASA and FTD AnyConnect Access Control List Bypass Vulnerability
CSCwf39108Firewall rings may get stuck and cause packet loss when asp load-balance per-packet auto is used
CSCwf44621Traceback and reload on Thread DATAPATH-6-21369 and linked to generation of syslog message ID 202010
CSCwf69880Firewall Traceback and reload due to SNMP thread
CSCwh19352comm alarm is raised and unit switches over even if one ack is dropped.
CSCwh40294ASA traceback due to panic event during SNMP configuration
CSCwh454502100: Interfaces missing from FTD after removing interfaces as members of a port-channel
CSCwh69156FTD-HA does not fail over sometimes when snort3 traceback
CSCwh71161ASA|FTD: Traceback & reload in thread Name: update_mem_reference
CSCwh84376In FPR4200/FPR3100-HA/cluster observed crashinfo/corefile.lina observed on device reboot.
CSCwh91065Lina Traceback : Thread Name: DATAPATH during session terminate
CSCwh92345crypto_archive file generated after the software upgrade.
CSCwh95025GTP connections, under certain circumstances do not get cleared on issuing clear conn.
CSCwh95277FTD traceback due to system memory exhaustion
CSCwh96055Management DNS Servers may be unreacheable if data interface is used as the gateway
CSCwi01381ASA/FTD may traceback and reload in Thread Name 'lina'
CSCwi02754FTD 1120 Traceback and reload on standby unit with SNMP enabled.
CSCwi03407Traceback on FP2140 without any trigger point.
CSCwi04351FTD upgrade failling on script 999_finish/999_zz_install_bundle.sh
CSCwi20045ASA/FTD may traceback and reload in Thread Name 'lina' due to a watchdog (watchdog_time = 0)
CSCwi31966FTD ADI debugs may show incorrect server_group and/or realm_id for SAML-authenticated sessions
CSCwi40193Hairpinning of DCE/RPC/FTP traffic during the suboptimal lookup
CSCwi44208low memory/stress causing traceback in SNMP
CSCwi46010ASA/FTD: Cluster incorrectly generating syslog 202010 for invalid packets destined to PAT IP
CSCwi48699ASA traceback and reload on Thread Name: pix_flash_config_thread
CSCwi49884TCP MSS is changed back to the default value when a VTI or loopback interface is created
CSCwi50343Their standalone FTD running 7.2.2 on FPR-4112 experienced a traceback on the SNMP module
CSCwi55938The "show asp drop" command usage requires better updates for cluster-related drops
CSCwi59525Multiple lina cores on 7.2.6 KP2110 managed by cdFMC
CSCwi59831ASA/FTD may traceback and reload in Thread Name 'lina'
CSCwi60285ASA/FTD may traceback and reload in Thread Name 'lina'
CSCwi63113Null pointer dereference in SNMP that results in traceback and reload
CSCwi63743ASA/FTD may traceback and reload in Thread Name "appAgent_monitor_nd_thread" & Rip: _lina_assert.
CSCwi64829traceback and reload around function HA
CSCwi65116DHCPv6:ASA traceback on Thread Name: DHCPv6 CLIENT.
CSCwi66676ASA/FTD may traceback and reload in Thread Name 'webvpn_task'
CSCwi74214ASA/FTD traceback and reload in Thread Name: IKEv2 Daemon when moving from active to standby HA
CSCwi75198Standby FTD experiencing periodic traceback and reload
CSCwi76002Memory exhaustion due to absence of freeing up mechanism for tmatch
CSCwi76361Transparent firewall MAC filter does not capture frames with STP-UplinkFast dst MAC consistently
CSCwi76630FP2100/FP1000: ASA Smart licenses lost after reload
CSCwi79042FTD/Lina traceback and reload of HA pairs, in data path, after adding NAT policy
CSCwi79703Incorrect Timezone Format on FTD When Configured via FXOS
CSCwi80465CCM ID 63 - LTS18
CSCwi87382Traceback and reload on Primary unit while running debugs over the SSH session
CSCwi90040Cisco ASA and FTD Software Command Injection Vulnerability
CSCwi90399FTD/ASA system clock resets to year 2023
CSCwi90571Access to website via Clientless SSL VPN Fails
CSCwi95228"crypto ikev2 limit queue sa_init" resets after reboot
CSCwi95708FTD: Hostname Missing from Syslog Message
CSCwi95994Chromium-based browsers have SSL connection conflicts when FIPS CC is enabled on the firewall.
CSCwi97839FTD traceback assert in vni_idb_get_mode and reloaded
CSCwi98284Cisco ASA and FTD Software Persistent Local Code Execution Vulnerability
CSCwj02505ASA Checkheaps traceback while entering same engineID twice
CSCwj09110Upload files through Clientless portal is not working as expected after the ASA upgrade
CSCwj10955Cisco ASA and FTD Software Web Services Denial of Service Vulnerability
CSCwj14028CCM ID 67 - LTS18


Version 9.16.4.55 – February 6, 2024

Defects resolved in this release:

CSCvx37329Remove Syslog Messages 852001 and 852002 in Firewall Threat Defense
CSCwc31953Prevention of RSA private key leaks regardless of root cause.
CSCwc40352Lina Netflow sending permited events to Stealthwatch but they are block by snort afterwards
CSCwd10822Failover trigger due to Inspection engine in other unit has failed due to disk failure
CSCwd31806ASAv show crashinfo printing in loop continuously
CSCwe06562FPR1K/FPR2K: Increase in failover time in Transparent Mode with high number of Sub-Interfaces
CSCwe21884Write wrapper around "kill" command to log who is calling it
CSCwe72330FTD LINA traceback and reload in Datapath thread after adding Static Routing
CSCwe97939ASA/FTD Cluster: Change "cluster replication delay" with max value increase from 15 to 50 sec
CSCwf08387LSP version not updated to latest in LINA Prompt in SSP_CLUSTER with 7.2.4 build.
CSCwf34070Cisco ASA and FTD Remote Access SSL VPN Authentication Targeted Denial of Service Vulnerability
CSCwf36419ASA/FTD: Traceback and reload with Thread Name 'PTHREAD'
CSCwf59571FTD/Lina - ZMQ issue OUT OF MEMORY. due to less Msglyr pool memory on certain platforms
CSCwf63589FTD snmpd process traceback and restart
CSCwf89959ASA: ISA3000 does not respond to entPhySensorValue OID SNMP polls
CSCwf99303Management UI presents self-signed cert rather than custom CA signed one after upgrade
CSCwh09113FPR1010 in HA failed to send or receive to GARP/ARP with error "edsa_rcv: out_drop"
CSCwh14863FTD 7.0.4 cluster drops Oracle's sqlnet packets due to tcp-not-syn
CSCwh16759SNMP is not working on the primary active ASA unit in multi-context environment
CSCwh30346ASA/FTD: 1 Second failover delay for each NLP NAT rule
CSCwh47053ASA/FTD may traceback and reload in Thread Name 'dns_cache_timer'
CSCwh58467ASA does not sent 'warmstart' snmp trap
CSCwh65128LINA show tech-support fails to generate as part of sf_troubleshoot.pl (Troubleshoot file)
CSCwh68482Cisco Firepower Threat Defense Software for Firepower 2100 Series TLS Denial of Service Vu
CSCwh69346ASA: Traceback and reload when restore configuration using CLI
CSCwh71665ASA traceback under match_partial_keyword during CPU profiling
CSCwh77348ASA: Traceback and reload when executing the command "show nat pool detail" on a cluster setup
CSCwh83254ASA/FTD: Traceback and reload on thread name CP Crypto Result Processing
CSCwh91574FTD: Traceback in threadname cli_xml_request_process
CSCwh93710'Last Hit' Timestamp fails to Update to latest value on ASA, ASDM, and FTD
CSCwh95010Unexpected traceback on thread name Lina and device experienced reboot
CSCwi01085FTD VMWare tracebacks at PTHREAD-3587
CSCwi02134FTD sends multiple replicated NetFlow records for the same flow event
CSCwi11520FTD OSPFV3 IPV6 Routing: FTD is sending unsupported extended LSA request to neighbor routers
CSCwi12284Cisco ASA webvpn XSS Vulnerability
CSCwi15409ASA/FTD - may traceback and reload in Thread Name 'Unicorn Proxy Thread'
CSCwi15595ASA traceback and reload during ACL configuration modification
CSCwi18581Firewall traceback and reload due to SSH thread
CSCwi19145FTD/ASA may traceback and reload in PKI, syslog, during upgrade
CSCwi19849VPN load-balancing cluster encryption using Phase 2 deprecated ciphers
CSCwi20114Cisco ASA Software and FTD Software SNMP Denial of Service Vulnerability
CSCwi20848ASA/FTD high memory usage due to SNMP caused by RAVPN OID polling
CSCwi20955FTD with may traceback in data-path during deployment when enabling TAP mode
CSCwi21625FailSafe admin password is not properly sync'd with system context enable pw
CSCwi26895ASA SNMP OID cpmCPUTotalPhysicalIndex returning zero values instead of CPU index values
CSCwi27338Stale asp entry for TCP 443 remains on standby after changing default port
CSCwi31091OSPF Redistribution route-map with prefix-list not working after upgrade
CSCwi32063ASA/FTD: SSL VPN Second Factor Fields Disappear
CSCwi32759Username-from-certificate secondary attribute is not extracted if the first attribute is missing
CSCwi33817ASA/FTD: 'IKEv2 Negotiation aborted due to ERROR: Platform errors' during a rekey
CSCwi34125ASA: Snmpwalk shows "No Such Instance" for the OID ceSensorExtThresholdValue
CSCwi36311use kill tree function in SMA instead of SIGTERM
CSCwi40536ASA/FTD: Traceback and reload when running show tech and under High Memory utilization condition
CSCwi42992ASA/FTD may traceback and reload in Thread Name IKEv2 Daemon
CSCwi43782GTP inspection dropping packets with IE 152 due to header length being invalid for IE type 152
CSCwi46023FTD drops double tagged BPDUs.
CSCwi53150Service object-group protocol type mismatch error seen while access-list referencing already
CSCwi53431Unable to Synch more then 100 environment-data with data unit
CSCwi56048Interface fragment queue may get stuck at 2/3 of fragment database size
CSCwi62683The SSH transport protocol with certain OpenSSH extensions, found in ... (CVE-2023-48795)


Version 9.16.4.48 – November 28, 2023

Defects resolved in this release:

CSCwb41189LINA time-sync correction
CSCwd02864logging/syslog is impacted by SNMP traps and logging history
CSCwd34079FTD: Traceback & reload in process name lina
CSCwd87438Enhance logging mechanism for syslogs
CSCwe03631Need to provide rate-limit on "logging history "
CSCwe18472[FTD Multi-Instance][SNMP] - CPU OIDs return incomplete list of associated CPUs
CSCwe25342ASA/FTD - SNMP related memory leak behavior when snmp-server is not configured
CSCwe44099Cisco Adaptive Security Virtual Appliance and Secure FTD Virtual SSL VPN DoS Vulnerability
CSCwe58207Memory leak observed on ASA/FTD when logging history is enabled
CSCwe65516show xlate does not display xlate entries for internal interfaces (nlp_int_tap) after enabling ssh.
CSCwe87134ASA/FTD: Traceback and reload due to high rate of SCTP traffic
CSCwe93137KP - multimode: ASA traceback observed during HA node break and rejoin.
CSCwf64590Units get kicked out of the cluster randomly due to HB miss | ASA 9.16.3.220
CSCwf92661ASA|FTD: Traceback & reload due to a free buffer corruption
CSCwf94450FTD Lina traceback Thread Name: DATAPATH due to memory corruption
CSCwh14352Lina CiscoSSL upgrade to 1.1.1v and FOM 7.3a
CSCwh19897ASA/FTD Cluster: Reuse of TCP Randomized Sequence number on two different conns with same 5 tuple
CSCwh21474ASA traceback when re-configuring access-list
CSCwh40106FTD hosted on KP incorrectly dropping decoded ESP packets if pre-filter action is analyze
CSCwh42412FTD Block 9344 leak due to fragmented GRE traffic over inline-set interface inner-flow processing
CSCwh47701ASA allows same BGP Dynamic routing process for Physical Data and management-only interfaces
CSCwh49244"show aaa-server" command always shows the Average round trip time 0ms.
CSCwh53745ASA: unexpected logs for initiating inbound connection for DNS query response
CSCwh59199ASA/FTD traceback and reload with IPSec VPN, possibly involving upgrade
CSCwh60604ASA/FTD may traceback and reload in Thread Name 'lina' while processing DAP data
CSCwh60631Fragmented UDP packet via MPLS tunnel reassemble fail
CSCwh66359ASDM can not see log timestamp after enable logging timestamp on cli
CSCwh70323Timestamp entry missing for some syslog messages sent to syslog server
CSCwh70481Community string sent from router is not matching ASA
CSCwh95175ASA/FTD may traceback and reload in Thread Name 'lina'


Version 9.16.4.42 – October 4, 2023

Defects resolved in this release:

CSCvy81493traceback and reload with 'CHECKHEAPS HAS DETECTED A MEMORY CORRUPTION'
CSCwc78781ASA/FTD may traceback and reload during ACL changes linked to PBR config
CSCwd28037No nameif during traffic causes the device traceback, lina core is generated.
CSCwd38583ASA/FTD: Command "no snmp-server enable oid mempool" enabled by default or enforced during upgrades
CSCwe28912Primary Unit lost all HA config after FTD HA upgrade
CSCwe42061Deleting a BVI in FTD interfaces is causing packet drops in other BVIs
CSCwe67816ASA / FTD Traceback and reload when removing isakmp capture
CSCwe90609Cisco ASA Software and FTD Software SNMP Denial of Service Vulnerability
CSCwe98319ASAConfig multiple restarts are leaking 16K memory in every Restart leading to ZMQ Out Of Memory.
CSCwf35233Cisco Adaptive Security Appliance Software and Firepower Threat Defense DoS
CSCwf35573Traffic may be impacted if TLS Server Identity probe timeout is too long
CSCwf47227Remove Priority-queue command from FTD|| Priority-queue command causes silent egress packet drops
CSCwf54510ASA traceback and reload on Thread Name: DHCPRA Monitor
CSCwf60590"show route all summary" executed on transparent mode FTD is causing CLISH to become Sluggish.
CSCwf62820Failover: standby unit traceback and reload during modifying access-lists
CSCwf63872FTD taking longer than expected to form OSPF adjacencies after a failover switchover
CSCwf69901FTD: Traceback and reload during OSPF redistribution process execution
CSCwf95147OSPFv3 Traffic is Centralized in Transparent Mode
CSCwh04395ASDM application randomly exits/terminates with an alert message on multi-context setup
CSCwh08481ASA traceback on Lina process with FREEB and VPN functions
CSCwh13821ASA/FTD may traceback and reload in when changing capture buffer size
CSCwh15223Lina crash in snp_fp_tcp_normalizer() when DAQ/Snort sends malformed L3 header
CSCwh16301Incorrect Hit count statistics on ASA Cluster only for Cluster-wide output
CSCwh23567PAC Key file missing on standby on reload
CSCwh27230Connections are not cleared after idle timeout when the interfaces are in inline mode.
CSCwh28144Specific OID 1.3.6.1.2.1.25 should not be responding
CSCwh30891ASA/FTD may traceback and reload in Thread Name 'ssh' when adding SNMPV3 config
CSCwh31495FTD - Traceback and reload due to nat rule removed by CPU core
CSCwh32118ASDM management-sessions quota reached due to HTTP sessions stuck in CLOSE_WAIT
CSCwh41127ASA/FTD: NAT64 error "overlaps with inside standby interface address" for Standalone ASA
CSCwh49483ASA/FTD may traceback and reload while running show inventory


Version 9.16.4.39 – September 20, 2023

Defects resolved in this release:

CSCwh45108Cisco ASA and FTD Software Remote Access VPN Unauthorized Access Vulnerability


Version 9.16.4.38 – August 30, 2023

Defects resolved in this release:

CSCvt25221FTD traceback in Thread Name cli_xml_server when deploying QoS policy
CSCvx04003Lack of throttling of ARP miss indications to CP leads to oversubscription
CSCvx54562High System Overhead memory on FTD
CSCwc82205ASA/FTD may traceback and reload in Thread Name 'lina'
CSCwd89095Stratix5950 and ISA3000 LACP channel member SFP port suspended after reload
CSCwd98316Cisco ASA and FTD Software VPN Packet Validation Vulnerability
CSCwe12705multimode-tmatch_df_hijack_walk traceback observed during shut/unshut on FO connected switch interfa
CSCwe28407LINA traceback with icmp_thread
CSCwe51443ASA Evaluation of OpenSSL vulnerability CVE-2022-4450
CSCwe65245FP2100 series devices might use excessive memory if there is a very high SNMP polling rate
CSCwe74089ASA/FTD may traceback and reload in Thread Name DATAPATH-1-1656
CSCwe82704PortChannel sub-interfaces configured as data/data-sharing, in multi-instance HA go into "waiting"
CSCwe83255ASA/FTD may traceback and reload in Thread Name 'lina'
CSCwe86225ASA/FTD traceback and reload due citing thread name: cli_xml_server in tm_job_add
CSCwe93561Cisco ASA and FTD VPN Web Client Services Client-Side Request Smuggling Vulnerability
CSCwe99550Add knob to pause/resume file specific logging in asa log infra.
CSCwf05295FTD running on FP1000 series might drop packets on TLS flows after the "Client Hello" message.
CSCwf10910FTD : Traceback in ZMQ running 7.3.0
CSCwf14126ASA Traceback and reload citing process name 'lina'
CSCwf15902ASAv in Hyper-V drops packets on management interface
CSCwf17042ASDM replaces custom policy-map with default map on class inspect options at backup restore.
CSCwf22005ASA/FTD : Packet-tracer may displays incorrect ACL rule, though produces correct verdict.
CSCwf26407FP2130- Unable to disassociate member from port channel, deployment fails, member is lost on FTD/FMC
CSCwf26534ASA/FTD: Connection information in SIP-SDP header remains untranslated with destination static Any
CSCwf33904[IMS_7_4_0] - Virtual FDM Upgrade fails: HA configStatus='OUT_OF_SYNC after UpgradeOnStandby
CSCwf34500FTD: GRE traffic is not being load balanced between CPU cores
CSCwf35207ASA: Traceback and reload while updating ACLs on ASA
CSCwf39163ASAv - High latency is experienced on Azure environment for ICMP ping packets while running snmpwalk
CSCwf43537traceback and reload in thread name: cli_xml_request_process during FTD cluster upgrade
CSCwf44537Traceback and reload on nat_remove_policy_from_np
CSCwf47924Cisco ASA and FTD VPN Web Client Services Client-Side Request Smuggling Vulnerability
CSCwf48599VPN load-balancing cluster encryption using deprecated ciphers
CSCwf49573ASA/FTD: Traceback and reload when issuing 'show memory webvpn all objects'
CSCwf50497DNS cache entry exhaustion leads to traceback
CSCwf51933FTD username with dot fails AAA-RADIUS external authentication login after upgrade
CSCwf52810ASA SNMP polling not working and showing "Unable to honour this request now" on show commands
CSCwf54418Reduce time taken to clear stale IKEv2 SAs formed after Duplicate Detection
CSCwf56386vFTD runs out of memory and goes to failed state
CSCwf56811ASA Traceback & reload on process name lina due to memory header validation
CSCwf58876KP2140-HA, reloaded primary unit not able to detect the peer unit
CSCwf60311ASA generating traceback with thread-name: DATAPATH-53-18309 after upgrade to 9.16.4.19
CSCwf62729Cisco ASA/FTD Firepower 2100 SSL/TLS Denial of Service Vulnerability
CSCwf72434Add meaningful logs when the maximums system limit rules are hit
CSCwf77191ASA appliance mode - 'connect fxos [admin]' will get ERROR: failed to open connection.
CSCwf78321ASA: Checkheaps traceback and reload due to Clientless WebVPN
CSCwf81058FTD: Firepower 3100 Dynamic Flow Offload showing as Enabled
CSCwf82247Policy deployment fails when a route same prefix/metric is configured in a separate VRF.
CSCwf82742FTD: SNMP not working on management interface
CSCwf92135ASA: Traceback and reload on Tread name "fover_FSM_thread" and ha_ntfy_prog_process_timer
CSCwf92646ECDSA Self-signed certificate using SHA384 for EC521
CSCwf94677"failover standby config-lock" config is lost after both HA units are reloaded simultaneously
CSCwh04365ASA Traceback & reload on process name lina due to memory header validation - webvpn side fix
CSCwh05863ASA omits port in host field of HTTP header of OCSP request if non-default port begins with 80
CSCwh06452Interface speed mismatch in SNMP response using OID .1.3.6.1.2.1.2.2
CSCwh11764ASA/FTD may traceback and reload in Thread Name "RAND_DRBG_bytes" and CTM function on n5 platforms
CSCwh23100Cisco ASA and FTD Software Remote Access VPN Unauthorized Access Vulnerability
CSCwh30676Ping to the configured systemIP on management interface getting failed in cluster setup.


Version 9.16.4.27 – June 15, 2023

Defects resolved in this release:

CSCwb88729FTD - %FTD-3-199015: port-manager: Error: DOM Block Read failure, port X, st = X log false/positive
CSCwb95453ASA: The timestamp for all logs generated by Admin context are the same
CSCwb95784cache and dump last 20 rmu request response packets in case failures/delays while reading registers
CSCwd34288FP1000 - During boot process in LINA mode, broadcasts leaked between interfaces resulting in storm
CSCwd67101FPR1150 : Exec format error seen and the device hung until reload when erase secure all is executed
CSCwd7483930+ seconds data loss when unit re-join cluster
CSCwd94183Blade not coming up after FXOS update support on multi-instance due to ssp_ntp.log log rotation prob
CSCwd96493Link Up seen for a few seconds on FPR1010 during bootup
CSCwe03529FTD traceback and reload while deploying PAT POOL
CSCwe20714Traffic drop when primary device is active
CSCwe20918Cisco ASA and FTD Software Remote Access SSL VPN Multiple Certificate Auth Bypass
CSCwe22302Partition "/opt/cisco/config" gets full due to wtmp file not getting logrotated
CSCwe26612FTD taking longer than expected to form OSPF adjacencies after a failover switchover
CSCwe30867Workaround to set hwclock from ntp logs on low end platforms
CSCwe38029Multiple traceback seen on standby unit.
CSCwe394252100: Power switch toggle leads to ungraceful shutdowns and "PowerCycleRequest" reset
CSCwe40463Stale IKEv2 SA formed during simultaneous IKE SA handling when missing delete from the peer
CSCwe44311FP2100:Update LINA asa.log files to avoid recursive messages-.1.gz rotated filenames
CSCwe50993SNMPD running on FXOS platform goes down and won't come back up
CSCwe52120SSL decrypted conns fails when tx chksum-offload is enabled with the egress interface a pppoe.
CSCwe59737ASA/FTD reboots due to traceback pointing to watchdog timeout on p3_tree_lookup
CSCwe59809CCM seq 45 - WR6, WR8, LTS18 and LTS21.
CSCwe59919FTD Traceback and reload on Thread Name "NetSnmp Event mib process"
CSCwe61928PIM register packets are not sent to RP after a reload if FTD uses a default gateway to reach the RP
CSCwe63266Need fault/error for invalid firmware MF-111-234949
CSCwe70202Multiple times the failover may be disabled by wrongly seeing a different "Mate operational mode".
CSCwe74916Interface remains DOWN in an Inline-set with propagate link state
CSCwe77123ASA/FTD : Degradation for TCP tput on FPR2100 via IPSEC VPN when there is delay between VPN peers
CSCwe80063Default DLY value of port-channel sub interface mismatch with parent Portchannel
CSCwe85432ASA/FTD traceback and reload on thread DATAPATH-14-11344 when SIP inspection is enabled
CSCwe89731Notification Daemon false alarm of Service Down
CSCwe90720ASA Traceback and reload in parse thread due ha_msg corruption
CSCwe92905ngfwManager process continuously restarting leading to ZMQ Out of Memory traceback
CSCwe93202FXOS REST API: Unable to create a keyring with type "ecdsa"
CSCwe93489Threat-detection does not recognize exception objects with a prefix in IPv6
CSCwe93561Cisco ASA and FTD VPN Web Client Services Client-Side Request Smuggling Vulnerability
CSCwe95729Cisco ASA & FTD SAML Authentication Bypass Vulnerability
CSCwe95757ASA/FTD may traceback and reload in Thread Name 'lina'
CSCwe96023ASa/FTD: SNMP related traceback and reload immediately after upgrade from 6.6.5 to 7.0.1
CSCwe97277Observed ASA traceback and reload when performing hitless upgrade while VPN traffic running
CSCwe99040traceback and reload thread datapath on process tcpmod_proxy_continue_bp
CSCwf03490portmanager.sh outputing continuous bash warnings to log files
CSCwf04831ASA/FTD may traceback and reload in Thread Name 'ci/console'
CSCwf06377Setting heartbeat timeout to 6sec for Firepower 4100 and 9300
CSCwf07791ASA running out of SNMP PDU and SNMP VAR chunks
CSCwf08043Lina traceback and reload due to fragmented packets
CSCwf12005ASA sends OCSP request without user-agent and host
CSCwf12408ASA: After upgrade to 9.16.4 all type-8 passwords are lost on first reboot
CSCwf14735traceback and reload in Process Name: lina related to Nat/Pat
CSCwf14811TCP normalizer needs stats that show actions like packet drops
CSCwf15858LDAP authentication over SSL not working for users that send large authorisation profiles
CSCwf17814ASA/FTD may traceback and reload in Thread Name '19', free block checksum failure
CSCwf20338ASA may traceback and reload in Thread Name 'DHCPv6 Relay'
CSCwf21106ASA/FTD: Traceback on thread name: snmp_master_callback_thread during SNMP and interface changes
CSCwf23564Unable to establish BGP when using MD5 authentication over GRE TUNNEL and FTD as passthrough device
CSCwf26939FTD may fail to create a NAT rule with error: "IPv4 dst real obj address range is huge"
CSCwf28488Inconsistent log messages seen when emblem is configured and buffer logging is set to debug
CSCwf30716ASA in multi context shows standby device in failed stated even after MIO HB recovery.
CSCwf30727ASA integration with umbrella does not work without validation-usage ssl-server.
CSCwf31701ASA traceback and reload with the Thread name: **CP Crypto Result Processing**
CSCwf31820Firewall may drop packets when routing between global or user VRFs
CSCwf33574ASA access-list entries have the same hash after upgrade
CSCwf42144ASA/FTD may traceback and reload citing process name "lina"
CSCwf43288Traceback in Thread Name: ssh/client in a clustered setup
CSCwf57261ASA: Traceback and reload due to clientless webvpn session closure


Version 9.16.4.19 – May 4, 2023

Defects resolved in this release:

CSCvx71936FXOS: Fault "The password encryption key has not been set." displayed on FPR1000 and FPR2100 devices
CSCwa29934Interfaces on standalone 2120 and 2110 FTD show as modified after upgrade to 7.0.1-84 from 6.6.5
CSCwa89116Clean up session index handling in IKEv2/SNMP/Session-mgr for MIB usage
CSCwb19387ASA SNMP Poll is failing & show display "Unable to honour this request now.Please try again later."
CSCwb24306duplicate log entry for /mnt/disk0/log/asa_snmp.log
CSCwb97486FPR3100: 25G optic may show link up on some 1/10G capable only fiber ports
CSCwd10880critical health alerts 'user configuration(FSM.sam.dme.AaaUserEpUpdateUserEp)' on FPR 1100/2100/3100
CSCwd22413ASA/FTD: Traceback and reload in Thread Name: EIGRP-IPv4
CSCwd42410Expected snmp output is not found in 'show run | in fxos snmp'
CSCwd43666Analyze why there is no logrotate for /opt/cisco/config/var/log/ASAconsole.log
CSCwd54360FP2100: FXOS side changes for HA is not resilient to unexpected lacp process termination issue
CSCwd68088ASA|FTD: Implement different TLS diffie-hellman prime based on RFC recommendation
CSCwd72680FXOS: FP2100 FTW timeout triggered by high CPU usage during FTD Access Control Policy deploy.
CSCwd80343MI FTD running 7.0.4 is on High disk utilization
CSCwd95415The Standby Device going in failed state due to snort heartbeat failure
CSCwd96766FPR41xx/9300: Blade does not capture or log a reboot signal
CSCwe07722Cluster data unit drops non-VPN traffic with ASP reason "VPN reclassify failure
CSCwe08729FPR1120:connections are getting teardown after switchover in HA
CSCwe11119ASA: Traceback and reload while processing SNMP packets
CSCwe21187ASA/FTD may drop multicast packets due to no-mcast-intrf ASP drop reason until UDP timeout expires
CSCwe21280Multicast connection built or teardown syslog messages may not always be generated
CSCwe22176WR6, WR8, LTS18 and LTS21 commit id update in CCM layer (Seq 43)
CSCwe26612FTD taking longer than expected to form OSPF adjacencies after a failover switchover
CSCwe28094ASA/FTD may traceback and reload after executing 'clear counters all' when VPN tunnels are created
CSCwe28726The command "app-agent heartbeat" is getting removed when deleting any created context
CSCwe29529FTD MI does not adjust PVID on vlans attached to BVI
CSCwe29850ASA/FTD Show chunkstat top command implementation
CSCwe30228ASA/FTD might traceback in funtion "snp_fp_l2_capture_internal" due to cf_reinject_hide flag
CSCwe36176ASA/FTD: High failover delay with large number of (sub)interfaces and http server enabled
CSCwe44311FP2100:Update LINA asa.log files to avoid recursive messages-.1.gz rotated filenames
CSCwe44672Syslog ASA-6-611101 is generated twice for a single ssh connection
CSCwe45093User with no vpn-filter may get additional access when per-user-override is set (IKEv2 RAVPN)
CSCwe45779ASA/FTD drops traffic to BVI if floating conn is not default value due to no valid adjacency
CSCwe51286ASA/FTD may traceback and reload in Thread Name 'lina'
CSCwe54288syslog-ng process may hang and would lead the module to a frozen state
CSCwe54529FTD on FPR2140 - Lina traceback and reload by TCP normalization
CSCwe59380FTD: "timeout floating-conn" not operating as expected for connections dependent on VRF routing
CSCwe61969ASA Multicontext 'management-only' interface attribute not synced during creation
CSCwe62361ASA reboots due to heartbeat loss and "Communication with NPU lost"
CSCwe62997ASA/FTD traceback in snp_tracer_format_route
CSCwe63067ASA/FTD may traceback and reload in Thread Name 'lina' due to due to tcp intercept stat
CSCwe63232ASA/FTD: Ensure flow-offload states within cluster are the same
CSCwe64404ASA/FTD may traceback and reload
CSCwe64557ASA: Prevent SFR module configuration on unsuported platforms
CSCwe64563The command "neighbor x.x.x.x ha-mode graceful-restart" removed when deleting any created context
CSCwe65634ASA - Standby device may traceback and reload during synchronization of ACL DAP
CSCwe66132ASA/FTD may traceback and reload in Thread Name 'lina'
CSCwe67751Last fragment from SIP IPv6 packets has MF equal to 1, flagging that more packets are expected
CSCwe68159Failover fover_trace.log file is flooding and gets overwritten quickly
CSCwe70378Connections not replicated to Standby FTD
CSCwe71284ASA/FTD may traceback and reload in Thread Name DATAPATH-3-21853
CSCwe72535Unable to login to FTD using external authentication
CSCwe74059logrotate is not compressing files on 9.16 ASA or 7.0 FTD
CSCwe74328AnyConnect - mobile devices are not able to connect when hostscan is enabled
CSCwe78977ASA/FTD may traceback and reload in Thread Name 'pix_flash_config_thread'
CSCwe79072ASA/FTD may traceback and reload in Thread Name 'lina'
CSCwe81684ASA: Standby failure on parsing of "management-only" not reported to parser/failover subsystem
CSCwe89030Serial number attribute from the subject DN of certificate should be taken as the username
CSCwe90202ASA: Standby failure on parsing of "management-only" for dynamic configuraiton changes
CSCwe93532ASA/FTD may traceback and reload in Thread Name 'lina'.
CSCwe94287FTD DHCP Relay drops NACK if multiple DHCP Servers are configured
CSCwe96068ASA: Configurable CLU for Large amount of under/overruns on CLU RX/TX queues
CSCwe98687Cisco FTD Software Software for Cisco Firepower 2100 Series Inspection Rules DoS Vulnerability


Version 9.16.4.18 – March 27, 2023

Defects resolved in this release:

CSCvu24703FTD - Flow-Offload should be able to coexist with Rate-limiting Feature (QoS)
CSCwa96920ASA/FTD may traceback and reload in process Lina
CSCwb00871ENH: Reduce latency in log_handler_file to reduce watchdog under scale or stress
CSCwc82188FTD Traceback and reload when applying long commands from FMC UI or CLISH
CSCwd07278ASA/FTD tmatch compilation check when unit joins the cluster, when TCM is off
CSCwd30856User with no vpn-filter may get additional access when per-user-override is set
CSCwd33054DHCP Relay is looping back the DHCP offer packet causing dhcprelay to fail on the FTD/ASA
CSCwd39468ASA/FTD Traceback and reload when configuring ISAKMP captures on device
CSCwd46741fxos log rotate failing to cycle files, resulting in large file sizes
CSCwd69454Port-channel interfaces of secondary unit are in waiting status after reload
CSCwd81538FTD Traffic failure due to 9344 block depletion in peer_proxy_tx_q
CSCwd85927Traceback and reload when webvpn users match DAP access-list with 36k elements
CSCwd86929Cut-Through Proxy does not work with HTTPS traffic
CSCwd87438Enhance logging mechanism for syslogs
CSCwd88585ASA/FTD NAT Pool Cluster allocation and reservation discrepancy between units
CSCwd96755ASA is unexpected reload when doing backup
CSCwe00864License Commands go missing in Cluster data unit if the Cluster join fails.
CSCwe09811FTD traceback and reload during policy deployment adding/removing/editing of NAT statements.
CSCwe14514ASA/FTD Traceback and reload of Standby Unit while removing capture configurations
CSCwe18974ASA/FTD may traceback and reload in Thread Name: CTM Daemon
CSCwe20043256-byte memory block gets depleted on start if jumbo frame is enabled with FTD on ASA5516
CSCwe23039NTP polling frequency changed from 5 minutes to 1 second causes large useless log files
CSCwe25342ASA/FTD - SNMP related memory leak behavior when snmp-server is not configured
CSCwe29179CLUSTER: ICMP reply arrives at director earlier than CLU add flow request from flow owner.
CSCwe29583ASA/FTD may traceback and reload in Thread Name 'None' at lua_getinfo
CSCwe41898ASA: FP2100 FTW timeout triggered by high CPU usage during FTD Access Control Policy deploy.


Version 9.16.4.14 – February 7, 2023

Defects resolved in this release:

CSCvy84336Add a warning when member interfaces of the port-channel are different between active and standby
CSCwa04262Cisco ASA Software SSL VPN Client-Side Request Smuggling Vulnerability via "/"URI
CSCwb09606FP2100: ASA/FTD high availability is not resilient to unexpected lacp process termination
CSCwb44848ASA/FTD Traceback and reload in Process Name: lina
CSCwc03332FTD on FP2100 can take over as HA active unit during reboot process
CSCwc64923ASA/FTD may traceback and reload in Thread Name 'lina' ip routing ndbshr
CSCwc67687ASA HA failover triggers HTTP server restart failure and ASDM outage
CSCwc77680FTD may traceback and reload in Thread Name 'DATAPATH-0-4948'
CSCwc89924FXOS ASA/FTD SNMP OID to poll Internal-data 'no buffer' interface counters
CSCwc95290ESP rule missing in vpn-context may cause IPSec traffic drop
CSCwd04210ASA: ASDM sessions stuck in CLOSE_WAIT causing lack of MGMT
CSCwd19053ASA/FTD may traceback with large number of network objects deployment using distribute-list
CSCwd23188ASA/FTD may traceback and reload in Thread Name 'lina'
CSCwd28236standby unit using both active and standby IPs causing duplicate IP issues due to nat "any"
CSCwd33811Cluster registration is failing because DATA_NODE isn't joining the cluster
CSCwd46061FPR 2100: 10G interfaces with 1G SFP goes down post reload
CSCwd46780ASA/FTD: Traceback and reload in Thread Name: appAgent_reply_processor_thread
CSCwd48633ASA - traceback and reload when Webvpn Portal is used
CSCwd50218ASA restore is not applying vlan configuration
CSCwd53135ASA/FTD: Object Group Search Syslog for flows exceeding threshold
CSCwd53340FTD PDTS LINA RX queue can become stuck when snort send messages with 4085-4096 bytes size
CSCwd56254"show tech-support" generation does not include "show inventory" when run on FTD
CSCwd56296FTD Lina traceback and reload in Thread Name 'IP Init Thread'
CSCwd56774Misleading drop reason in "show asp drop"
CSCwd56995Clientless Accessing Web Contents using application/octet-stream vs text/plain
CSCwd57698Recursive panic under lina_duart_write
CSCwd58528Memory depletion while running EMIX traffic profile on QP HA active node
CSCwd59736ASA/FTD: Traceback and reload due to SNMP group configuration during upgrade
CSCwd61016ASA: Standby may get stuck in "Sync Config" status upon reboot when there is EEM is configured
CSCwd62138ASA Connections stuck in idle state when DCD is enabled
CSCwd62859Cisco ASA and FTD AnyConnect SSL/TLS VPN Denial of Service Vulnerability
CSCwd63580FPR2100: Increase in failover convergence time with ASA in Appliance mode
CSCwd63961AC clients fail to match DAP rules due to attribute value too large
CSCwd66709FP4125 2.10.1.166 FTD applications in HA went into not responding state
CSCwd66815Lina changes to support - Snort3 traceback in daq-pdts while handling FQDN based traffic
CSCwd74116S2S Tunnels do not come up due to DH computation failure caused by DSID Leak
CSCwd77581Cisco ASA and FTD ICMPv6 Message Processing Denial of Service Vulnerability
CSCwd78123ASA/FTD traceback and reload when IPSec/Ikev2 vpn session bringup with dh group 31 in fips mode
CSCwd78624ASA may traceback and reload with multiple input/output error messages
CSCwd82235LINA Traceback on FPR-1010 under Thread Name: update_cpu_usage
CSCwd84133ASA/FTD may traceback and reload in Thread Name 'telnet/ci'
CSCwd84868Observing some devcmd failures and checkheaps traceback when flow offload is not used.
CSCwd85178AWS ASAv PAYG Licensing not working in GovCloud regions.
CSCwd91421ASA/FTD may traceback and reload in logging_cfg processing
CSCwd93376Clientless VPN users are unable to download large files through the WebVPN portal
CSCwd94096Anyconnect users unable to connect when ASA using different authentication and authorization server
CSCwd95043Cisco ASA and FTD VPN Web Client Services Client-Side Request Smuggling Vulnerability
CSCwd95436Primary ASA traceback upon rebooting the secondary
CSCwd95908ASA/FTD traceback and reload, Thread Name: rtcli async executor process
CSCwd96845Cisco ASA and FTD AnyConnect Access Control List Bypass Vulnerability
CSCwd97020ASA/FTD: External IDP SAML authentication fails with Bad Request message
CSCwe03991FTD/ASA traceback and reload during to tmatch compilation process
CSCwe05913FTD traceback/reloads - Icmp error packet processing involves snp_nat_xlate_identity
CSCwe09074None option under trustpoint doesn't work when CRL check is failing
CSCwe12407High Lina memory use due to leaked SSL handles
CSCwe14174FTD - 'show memory top-usage' providing improper value for memory allocation
CSCwe250258x10Gb netmod fails to come online


Version 9.16.4.9 – November 29, 2022

Defects resolved in this release:

CSCvy65770 ASA/FTD: Traceback and reload during BGP route update
CSCvz34289 In some cases transition to lightweight proxy doesn't work for Do Not Decrypt flows
CSCvz41551 FP2100: ASA/FTD with threat-detection statistics may traceback and reload in Thread Name 'lina'
CSCwa96860 Failover high convergence causes traffic failures
CSCwc03507 No-buffer drops on Internal Data interfaces despite little evidence of CPU hog
CSCwc23844 ASAv high CPU and stack memory allocation errors despite over 30% free memory
CSCwc27846 Traceback and Reload while HA sync after upgrading and reloading.
CSCwc37256 SSL AnyConnect access blocked after upgrade
CSCwc66757 ASA/FTD may traceback and reload in Thread Name 'lina'
CSCwc67886 ASA/FTD may traceback and reload in Thread Name 'lina_inotify_file_monitor_thread'
CSCwc68656 ASA CLI for TCP Maximum unprocessed segments
CSCwc72155 ASA/FTD Traceback and reload on function "snp_cluster_trans_allocb"
CSCwc72284 TACACS Accounting includes an incorrect IPv6 address of the client
CSCwc74103 ASA/FTD may traceback and reload in Thread Name 'DATAPATH-11-32591'
CSCwc77519 FPR1000 ASA/FTD: Primary takes active role after reloading
CSCwc80234 "inspect snmp" config difference between active and standby
CSCwc81184 ASA/FTD traceback and reload caused by SNMP process failure
CSCwc90091 ASA 9.12(4)47 with user-statistics, will affects the "policy-server xxxx global" visibility.
CSCwc93166 Using write standby in a user context leaves secondary firewall license status in an invalid state
CSCwc94466 Cisco ASA/FTD Firepower 2100 SSL/TLS Denial of Service Vulnerability
CSCwc94501 ASA/FTD memory leak and tracebacks due to ctm_n5 resets
CSCwc96805 traceback and reload due to tcp intercept stat in thread unicorn
CSCwc99242 ISA3000 LACP channel member SFP port suspended after reload
CSCwd00386 ASA/FTD may traceback and reload when clearing the configration due to "snp_clear_acl_log_flow_all"
CSCwd00778 ifAdminStatus output is abnormal via snmp polling
CSCwd01032 ASA/FTD may traceback and reload when RAVPN with SAML is configured
CSCwd02864 logging/syslog is impacted by SNMP traps and logging history
CSCwd03793 FTD Traceback and reload
CSCwd11303 ASA might generate traceback in ikev2 process and reload
CSCwd11855 ASA/FTD may traceback and reload in Thread Name 'ikev2_fo_event'
CSCwd14972 ASA/FTD Traceback and Reload in Thread Name: pix_flash_config_thread
CSCwd16294 GTP inspection drops packets for optional IE Header Length being too short
CSCwd16517 GTP drops not always logged on buffer and syslog
CSCwd16689 ASA/FTD traceback due to block data corruption
CSCwd17856 ASA goes for traceback/reload with message - snmp_ma_kill_restart: vf is NULL
CSCwd18744 FPR1K FTD fails to form HA due to reason "Other unit has different set of hwidb index"
CSCwd20627 ASA/FTD: NAT configuration deployment failure
CSCwd22907 ASA/FTD High CPU in SNMP Notify Thread
CSCwd23913 FTD in HA traceback multiple times after adding a BGP neighbour with prefix list.
CSCwd25201 ASA/FTD SNMP traps enqueued when no SNMP trap server configured
CSCwd25256 ASA/FTD Transactional Commit may result in mismatched rules and traffic loss
CSCwd26867 Device should not move to Active state once Reboot is triggered
CSCwd31181 Lina traceback and reload - VPN parent channel (SAL) has an invalid underlying channel
CSCwd38805 Syslog 106016 is not rate-limited by default
CSCwd40260 Serviceability Enhancement - Unable to parse payload are silently drop by ASA/FTD
CSCwd41083 ASA traceback and reload due to DNS inspection
CSCwd51757 Unable to get polling results using snmp GET for connection rate OID\u2019s


Last edited on: August 25, 2025