Cisco ASA Interim Release Notes
The software images listed below are Interim releases. They contain bug fixes which address specific issues found since the last Feature or Maintenance release. The images are fully supported by Cisco TAC and will remain on the download site only until the next Maintenance release is available.
Version 9.20.3.20 – April 30, 2025
Defects resolved since 9.20.3.16:
| CSCwd83069 | Add capability to disable auto-negotiation for 100G ports |
| CSCwh53745 | ASA: unexpected logs for initiating inbound connection for DNS query response |
| CSCwj83533 | FAN is working as expected but FAN LED is in off state. |
| CSCwk70078 | Failures and records are not seen in "show failover statistics" after simulating failures |
| CSCwm05960 | Generated Crypto checksum changes without configuration change |
| CSCwm37363 | Portmanager and lacp sync is not programmatic |
| CSCwm92310 | FQDNs are unresolved via DNS on data interface after reboot or traceback |
| CSCwn39081 | SNMP walk results in ASCII value for IPSEC Peer instead of an IP address. |
| CSCwn80419 | Need the SVC Rx/Tx queue as a configurable option |
| CSCwn81995 | Traceback and Reload caused by Memory corruption with SNMP inspection enabled |
| CSCwn90900 | High ASA/FTD memory usage due to polling of RA VPN related SNMP OIDs |
| CSCwn95939 | Generate syslog if received CRL is older than cached CRL |
| CSCwn95945 | Generate syslog if received CRL signature validation fails |
| CSCwn98402 | Debuggability: FP2100 port-channel interfaces flap after upgrade |
| CSCwo00102 | Snort3 trimming packets with invalid sequence number due to bad window size information received |
| CSCwo00225 | VNI source MTU is not IPv6 aware after upgrade if configured prior to upgrade |
| CSCwo08042 | ASAv reloaded unexpectedly with traceback on Unicorn Proxy Thread |
| CSCwo18838 | ASA/FTD may traceback and reload in Thread Name 'lina_exec_startup_thread' |
| CSCwo24772 | debug packet-condition does not work as expected |
| CSCwo26258 | Default Route Changes from Management0 to Management1 After Reload or Upgrade on FPR 4200 Series |
| CSCwo35783 | Enhance Debugging for add/update/withdraw of routes with neighbors |
| CSCwo35788 | Serviceability Enhancement - New 'show bgp internal' command for advanced debugging |
| CSCwo35810 | show bgp update-group a.b.c.d displays "no such neighbor" when there is a valid neighbor |
| CSCwo41250 | Traceback & Reload in thread named: DATAPATH-1-23988 during low memory condition |
| CSCwo42230 | Memory leak leading to split brain |
| CSCwo45848 | SecGW: Data node fails to join the cluster with cluster_ccp_make_rpc_call failed to clnt_call error |
| CSCwo47978 | ASA may traceback and reload in Thread Name 'fover_parse' |
| CSCwo48439 | Traceback & Reload in Thread Name Unicorn Admin Handler |
| CSCwo49425 | Logging recipient-address not overriding the logging mail message severity levels |
| CSCwo49744 | DNS and default gateway are removed on FTD managed through data interface |
| CSCwo71052 | FPR1010 Ethernet1/1 trunk port is not passing Vlan traffic after a reload |
| CSCwo73467 | Interface mac stuck issue seen with peer switch reloads or after upgrade |
| CSCwo87938 | backout change preventing enabling clustering in FIPS mode |
Version 9.20.3.16 – March 26, 2025
Defects resolved since 9.20.3.13:
| CSCwe88492 | Banner login does not display when configured |
| CSCwf04460 | The fxos directory disappears after cancelling show tech fprm detail command with Ctr+c is executed. |
| CSCwf25454 | Stale anyconnect entries causing issues with routing |
| CSCwh10931 | ASA/FTD traceback and reload when invoking "show webvpn saml idp" CLI command |
| CSCwh17965 | [Display]FXOS: PC member interface is shown as down & unassociated/unassigned after reload |
| CSCwj29599 | FDM bootstrap might be interrupted by extra reboot due to firmware upgrade |
| CSCwj57435 | Cleanup stale logrotate files |
| CSCwk28058 | FTD memory depletion resulting in traceback and reload |
| CSCwk42676 | Virtual ASA/FTD may traceback and reload in thread PTHREAD |
| CSCwk46737 | ASA on HA: alloc_ch() alloc from chunk mem Failed message on one context in Standby device |
| CSCwk47035 | CMI is disabled if pre-CMI nameif on diagnostic interface is MANAGEMENT |
| CSCwk82557 | FTD upgrade to 7.4.2 via FDM is blocked |
| CSCwm35624 | Long boot time seen with one AC rule having object-group and other plain ACL's |
| CSCwm36631 | FTD Secondary Unit got stuck in Bulk sync state. |
| CSCwm74289 | NAT traps have to be rate-limited |
| CSCwn19190 | Memory fragmentation resulted in huge pages unavailable for lina |
| CSCwn40572 | MI: Vlan info is not applied at FXOS level when Virtual MAC is configured |
| CSCwn44335 | FXOS - Download command generates an extra "/" over HTTP and HTTPS GET requests |
| CSCwn45510 | S2S VPN tunnel Child SA unsuccessful renegotiation |
| CSCwn46855 | LINA may observe random traceback with Netflow configured |
| CSCwn47308 | Critical health alerts 'user configuration(FSM.sam.dme.AaaUserEpUpdateUserEp)' on FPR 1100/2100/3100 |
| CSCwn51845 | Tracebacks observed in a cluster member running ASA 9.20.3.4 |
| CSCwn65415 | ASA: floating-conn not closing UDP conns if conn was created without ARP entry for next hop |
| CSCwn73399 | Cisco Secure Firewall Adaptive Security Appliance, and Secure Firewall Threat Defense Software IKEv2 Denial of Service Vulnerability |
| CSCwn75667 | Banner motd does not display when configured |
| CSCwn76079 | SSH works in admin context but doesn't work in any user context after changing ssh key-exchange |
| CSCwn79553 | Unreachable LDAP/AD referrals may cause delays or timeouts in external authentication on FTD |
| CSCwn80765 | ISA3000 with ASA Refuses SSH Access If CiscoSSH is Enabled |
| CSCwn84557 | Lina traceback and reload due to "spin_lock_fair_mode_enqueue" |
| CSCwn86002 | core corruption still seen with switching to quick core feature |
| CSCwn90958 | Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Authenticated Command Injection Vulnerability |
| CSCwn91612 | Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Authenticated Command Injection Vulnerability |
| CSCwn92894 | Occasionally, 'show chunkstat top-usage' output does not show all entries |
| CSCwn93319 | ASA/FTD may traceback and reload in Thread Name "DATAPATH" |
| CSCwn96929 | ASA: Traceback and Reload Under Thread Name SSH |
| CSCwo00880 | Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software VPN Web Server Denial of Service Vulnerability |
| CSCwo01557 | ASA traceback and reload on DATAPATH thread due to memory corruption |
| CSCwo08306 | Command authorization fallback to Local only works for users with privilege 15. |
| CSCwo09060 | SSL trustpoint with 4096 bit RSA keys not allowed by ASA if renewed via CLI |
| CSCwo09195 | Traceback and reload during the deployment after disabling FQDNs. |
| CSCwo09618 | Enabling debugs with EEM fails |
| CSCwo15021 | Cisco Secure Firewall Adaptive Security Appliance, and Secure Firewall Threat Defense Software IKEv2 Denial of Service Vulnerability |
| CSCwo15022 | Cisco Secure Firewall Adaptive Security Appliance, and Secure Firewall Threat Defense Software IKEv2 Denial of Service Vulnerability |
| CSCwo15023 | Cisco Secure Firewall Adaptive Security Appliance, and Secure Firewall Threat Defense Software IKEv2 Denial of Service Vulnerability |
| CSCwo15024 | Cisco Secure Firewall Adaptive Security Appliance, and Secure Firewall Threat Defense Software IKEv2 Denial of Service Vulnerability |
| CSCwo15026 | Cisco Secure Firewall Adaptive Security Appliance, and Secure Firewall Threat Defense Software IKEv2 Denial of Service Vulnerability |
| CSCwo15027 | Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Remote Access SSL VPN Denial of Service Vulnerability |
| CSCwo21767 | Port scan alerts not getting generated for custom configuration |
| CSCwo49928 | Cisco Secure Firewall Adaptive Security Appliance, and Secure Firewall Threat Defense Software IKEv2 Denial of Service Vulnerability |
Version 9.20.3.13 – February 5, 2025
Defects resolved since 9.20.3.10:
| CSCwe92324 | FPR31xx - SNMP poll reports incorrect FanTray Status at Down while actually operational |
| CSCwh82305 | Lina core at swapcontext on FTD during policy deployment |
| CSCwj77877 | Disable/Enable an MI instance results it in "State Failed" |
| CSCwk32984 | FPR3K SFP+(10G) optics:Port Channel mem intf becomes down after reload/flap/reinsertion on peer side |
| CSCwk36144 | Update Fan RPM Thresholds for 42xx platforms |
| CSCwk48628 | FTD/FxOS - Upgrade/erase configuration result in App-instance 'Operational State: Starting' |
| CSCwm28007 | Browser redirects to blank page when the user clicks the WebVPN bookmark |
| CSCwm37455 | ASA/FTD will allow local IP pool with invalid netmask |
| CSCwm44412 | FTD inline-set ignore reverse flag for inject/rewrite |
| CSCwm52973 | TPK Low End FPR3100:Changing interface speed from 1g to 100mbps/100mps to 1g bring downs the link |
| CSCwm63868 | FTD - Missing routes on BGP advertised-routes after FTD HA failover event |
| CSCwm68211 | ASA traceback and reload on thread snmp_inspect |
| CSCwm70835 | ASA traceback and reload due to stack overflow while using APCF file |
| CSCwm76872 | Lina traceback and reload on ztna app disable |
| CSCwm96652 | Cluster assigning wrong nat for unit, traffic not being forwarded properly back to unit |
| CSCwm97054 | ASA/FTD traceback and reload with high rate of SIP connections |
| CSCwm98278 | TCP Conn not being flagged as Half-Closed after receiving the ACK for the FIN. |
| CSCwn00475 | Memory Blocks 80 and 9344 leak due to priority-queue |
| CSCwn03446 | When capture enabled on cluster interface, it always includes CCL IP along with the configured rule |
| CSCwn11728 | FPR9K-SM-56 module intermittently lock up and cause traffic impact. |
| CSCwn14130 | FTD cluster to traceback and reload after extended PAT is enabled |
| CSCwn14447 | ASA/FTD may traceback and reload in Thread Name 'ldap_client_thread' |
| CSCwn17121 | ASA/FTD may traceback and reload in Thread Name 'cli_xml_request_process'. |
| CSCwn19706 | Admin users are prompted to change local password when authenticating to external server |
| CSCwn19739 | HA would bring data interfaces up while moving from cold standby to failed state |
| CSCwn20024 | ASA may traceback and reload in Thread Name 'ssh' |
| CSCwn21584 | Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Web Services Denial of Service Vulnerability |
| CSCwn22036 | FTD: Management0/0 status went down, line protocol is up after upgrade |
| CSCwn22456 | GTPv2 IE-type 157 (Signaling Priority Indication) is dropped with reason as unknown IE type |
| CSCwn22565 | Frequent route updates causes routes to get removed causing outages |
| CSCwn24577 | ASA booting process may freeze when including 'no pim' or 'no igmp' config |
| CSCwn24596 | FTD may traceback and reload while executing "network-service reload" command and if it gets stuck |
| CSCwn26165 | FTD/ASA May Traceback and Reload - During Deployment / Radius changes - Due to Radius Packets |
| CSCwn27819 | Jumbo frame packets are being fragmented |
| CSCwn29611 | Radius user ssh login fails with error: username is not defined with a service type that is valid |
| CSCwn31653 | FTD may traceback and reload in Thread Name "FPRLI_FPR4K-SM-32" |
| CSCwn34259 | Monitored interfaces may go in waiting state after upgrade to 9.20.3.7 |
| CSCwn34659 | Firewall not initiating TCP request even after receiving the TC bit set in DNS response |
| CSCwn34707 | Multiple Unicorn Admin Handler processes consume all the control plane CPU. |
| CSCwn35470 | Serviceability : FQDN Packet based debug and capture trace support |
| CSCwn39780 | FTD Deployment Resilience: Skip non-critical / non-existing commands to avoid deployment failures. |
| CSCwn39826 | HA should prevent honouring failover requests while copy/config-sync/rollback is in progress |
| CSCwn40485 | MI: Traffic fails to reach the Secondary FTD when enabled with data-sharing interface |
| CSCwn42949 | Implementing forwarder flow on non-owner units handling distributed secondary flow connections |
| CSCwn46426 | ASA 21xx: 'sh environment temperature' shows incorrect temperature values |
| CSCwn63839 | Traceback in thread name Lina on configuring arp permit-nonconnected with BVI |
| CSCwn73351 | Asia/Bangkok timezone option not listed in ASA running on firepower1k |
Version 9.20.3.10 – December 10, 2024
Defects resolved since 9.20.3.7:
| CSCwb77894 | Firepower 1000/2100 may boot to ROMMON mode |
| CSCwe45584 | FP2130 - Incorrect spelling seen in tech_support_brief in FPRM |
| CSCwh40635 | Syslogs over management interface don't go through loggerd after FTD reboot or lina reload |
| CSCwh69156 | FTD-HA does not fail over sometimes when snort3 traceback |
| CSCwh81366 | [Multi-Instance] Second Hard Drive (FPR-MSP-SSD) not in use |
| CSCwi49884 | TCP MSS is changed back to the default value when a VTI or loopback interface is created |
| CSCwi57783 | Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Access Control Rules Bypass Vulnerability |
| CSCwj33187 | Internal cached access-group list maintenance issue with unexpected clear configure access-list |
| CSCwj34204 | Disk quota for the corefile should be revisited based on platform |
| CSCwj43902 | FTDv - The interface connected to the AWS GW may have connection issues for DHCP or an idle state. |
| CSCwj74716 | tpk_mi upgrade failed from 7.4.1.1 > 7.6.0 000_start/000_00_run_cli_kick_start.sh. |
| CSCwk11989 | Accepting duplicate object/group-object into object-group from multiple ssh sessions |
| CSCwk21540 | ASA/FTD - Unable to establish RAVPN sessions |
| CSCwk30049 | ASA/FTD May traceback & reload citing Thread Name 'lina' as the faulting thread. |
| CSCwk52890 | FTD / ASA High Memory Usage Due to HTTP-based Path Monitoring |
| CSCwk63586 | App instance stuck in STOP_FAILED with error message |
| CSCwk67859 | FTD and FXOS: RADIUS Protocol Spoofing Vulnerability (Blast-RADIUS): July 2024 |
| CSCwk76362 | FTDv traceback in Thread name - PTHREAD |
| CSCwm04021 | ASA|FTD Traceback & reload in process name lina |
| CSCwm06393 | Changes in port-channel membership or member status may cause periodic OSPF/EIGRP adjacency flaps |
| CSCwm35730 | LINA may traceback in Thread Name: Datapath with NAT config |
| CSCwm35751 | FPR3100: Interface may go to half duplex speed is hardcoded to 100mbps |
| CSCwm40531 | FTD/ASA : 1SXF interfaces on FP3100 stay in a link-down state when connected to a Nexus 9K Switch |
| CSCwm49154 | FXOS fault F1738 seen in deploymet with Error: CSP_OP_ERROR. CSP signature verification error |
| CSCwm49410 | Misconfigured Cross-Origin-Opener-Policy |
| CSCwm49721 | ASA Traceback and Reload due to MEMORY CORRUPTION WAS DETECTED |
| CSCwm49782 | enhance sma 2nd cruz heartbeat logging |
| CSCwm51874 | FXOS: messages rotates every 40 minutes due to Notification Daemon messages' being spammed |
| CSCwm52264 | Not able to remove or clear Fault "The password encryption key has not been set." |
| CSCwm52931 | ASA/FTD may traceback and reload in Thread Name "fover_parse" |
| CSCwm56864 | show run access-list command returns warning |
| CSCwm60536 | SQLNet traffic getting dropped intermittently in Clustering data unit. |
| CSCwm64553 | Incompatible members warning message after Po member interface flaps unable to rejoin Po |
| CSCwm71265 | ASA traceback and reload on thread DATAPATH when processing gtpv1 end marker msg for PDP |
| CSCwm78351 | Potential High CPU usage in Multi-Context Cluster setup with unconditional execution of capture code |
| CSCwm79169 | ASA/FTD may traceback and reload in DATAPATH-1-20757 |
| CSCwm85228 | ASA/FTD may traceback and reload in Thread Name "IKEv2 Daemon" while joining failover |
| CSCwm89523 | 'no capture /all' failed to disable capture completely in the backend, causing high datapath CPU |
| CSCwm90905 | GTP inspection drops packet with error ERROR-DROP:MsgType:32 |
| CSCwm91176 | Cisco ASA/FTD Firepower 3100/4200 Series TLS 1.3 Cipher Denial of Service Vulnerability |
| CSCwm92397 | LINA core observed pointing to "IP RIB Update" thread |
| CSCwm95070 | Cisco Secure Firewall ASA and Secure FTD Software for FP 2100 Series IPv6 over IPsec DoS Vulnerability |
| CSCwm96280 | FTD device stuck in rommon mode after pressing reset button |
| CSCwn01281 | GTP inspection not allowing GTP data packets if session create response has cause type 18 |
| CSCwn03835 | ASA/FTD may traceback and reload in Thread Name 'SSH Ctxt Thread' |
| CSCwn13187 | ASA upgrade failing from 9.20.2.21 to the target version 9.20.3.4 |
| CSCwn13597 | Customer FQDNs for VPN can be found on the internet unexpectedly |
| CSCwn13672 | Bind ESP to VTI Tunnel Source Interface To Avoid Additional Route-Lookup Post Encryption |
| CSCwn15104 | FTD reload with traceback on swapcontext function |
Version 9.20.3.7 – October 22, 2024
Defects resolved since 9.20.3.4:
| CSCwh17965 | [Display]FXOS: PC member interface is shown as down & unassociated/unassigned after reload |
| CSCwh71161 | ASA|FTD: Traceback & reload in thread Name: update_mem_reference |
| CSCwi98274 | unzip 5.52 is from 2005 is contains multiple vulnerabilities |
| CSCwj72013 | PAT communication via using PAT pool fails for about 40 seconds when a device joins a cluster |
| CSCwk08241 | FTD is not resolving FQDN for ACLs intermittently |
| CSCwk09612 | Clock skew: FXOS clock diverges from Lina NTP time ~1-10 secs |
| CSCwk31371 | NAT_HARDEN: CGNAT breaks when mapped ifc is configured as any |
| CSCwk40335 | Trigger Alert/Warning when the associated FQDN IDs of an IP address surpasses the set limit of 8 |
| CSCwk71992 | BlastRADIUS vulnerability phase-1 fix for pix-asa - Message Authenticator |
| CSCwk87457 | ASA/FTD may traceback and reload in Process Name "lina" after device was reloaded |
| CSCwk88225 | Critical fault : [FSM:FAILED]: user configuration(FSM:sam:dme:AaaUserEpUpdateUserEp) |
| CSCwk94382 | FTD: Lina might fail to respond to CONFIG_XML_REQUEST leading to stuck deployments |
| CSCwk96912 | FTD: Username missing in syslog message ID 302013 after upgrade to 7.4.1 |
| CSCwm01544 | Lina traceback and reload in data-path thread |
| CSCwm04650 | Increase memory usage leading to tracebacks in Lina. |
| CSCwm05520 | Disable cluster syn cookie decoding when FTD cluster is deployed with inline-set |
| CSCwm08231 | Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Network Address Translation DNS Inspection Denial of Service Vulnerability |
| CSCwm08232 | Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Network Address Translation DNS Inspection Denial of Service Vulnerability |
| CSCwm08235 | Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software DHCP Denial of Service Vulnerability |
| CSCwm13141 | FTD CLISH/CLI gets locked up when trying to run any show command |
| CSCwm14509 | Wrong drops seen with Invalid length for 23, 24 and 25 IE-Types during GTP inspection |
| CSCwm14561 | ASA/FTD may traceback and reload in Thread Name 'fover_parse' |
| CSCwm30731 | The ASA's OSPF routing table is not properly synchronized with the neighbors |
| CSCwm33229 | SAML Force re-authentication Is Not Enforcing User To re-enter Credentials Upon Retrying To Connect |
| CSCwm33613 | Default Group Policy is applied when receiving multiple Group Policies in SAML assertion attributes |
| CSCwm34333 | FTD - \u00a0Multi-Instance, docker0 interface overlap with private network 172.17.0.0/16 |
| CSCwm35035 | SAML Auth Request by FTD Will Always Be Signed By Sha1 Irrelevant Of the Algorithm Configured |
| CSCwm41847 | Serviceability to capture PDTS writing/reading block to help root cause CSCwm36314 |
| CSCwm42000 | FTD/ASA may traceback and reload in DATAPATH thread |
| CSCwm42745 | Dynamic Site-to-Site tunnels stuck in IN-NEG state When IKE_AUTH Is Missed |
| CSCwm61282 | ASA/FTD: RA VPN tunnel causing memory leak leading to traceback & Reload |
Version 9.20.3.4 – September 26, 2024
Defects resolved in this release:
| CSCwi00713 | A memory leak flaw was found in Libtiff's tiffcrop utility. This issue |
| CSCwi44912 | ISA3000 Traceback and reload boot loop |
| CSCwi90751 | FTD/ASA - SNMP queries using snmpwalk are not displaying all "nameif" interfaces |
| CSCwj08696 | FTD lina traceback Thread Name: Non-Lina Process data Init Thread |
| CSCwj15125 | ASA/FTD may traceback and reload in Thread Name 'lina' related to Netflow timer infra |
| CSCwj35701 | Dns-guard prematurely closing conn due to timing condition |
| CSCwj74323 | ASAv Memory leak involving PKI/Crypto for VPN |
| CSCwj79895 | ENH Logs FP4110 (FXOS 2.10.1.179) Security module stopped responding after device reboot |
| CSCwj83185 | FTD/ASA : Standby FTD traceback and reload after enabling memory tracking |
| CSCwj87501 | ASA/FTD may traceback and reload in Thread Name 'fover_FSM_thread' |
| CSCwk00604 | ASA Fails to initiate AAA Authentication with IKEv2-EAP and Windows Native VPN Client |
| CSCwk05800 | ASA/FTD SNMP polling fails due to overlapping networks in snmp-server host-group |
| CSCwk06564 | Add New Syslog for Routes for NP add/delete |
| CSCwk06573 | Serviceablity : Improve routing infra debugs and add new for error conditions |
| CSCwk08476 | FTD/ASA traceback and reload due to 'show bgp summary' memory leak |
| CSCwk10884 | Connectivity failure due to mismatch between l2_table and subinterface mac address |
| CSCwk11983 | High LINA CPU observed due to NetFlow due to 'flow-export delay flow-create' configuration |
| CSCwk14685 | FTD : Management interface showing down despite being up and operational |
| CSCwk17637 | State Link Stops Sending Hello Messages Post-Failover Triggered by Snort traceback in FTD HA |
| CSCwk22034 | Snmpwalk displays incorrect interface speeds for values greater or equal than 10G |
| CSCwk22574 | Remove SGT frames/packets to allow VTI decryption |
| CSCwk24176 | FTD/ASA - VPN traffic flowing through the device may trigger tracebacks and reloads. |
| CSCwk26968 | Backup feature does not save/restore DAP configuration in multiple context mode. |
| CSCwk27175 | ASA/FTD: Substantial increase in the time taken to load configuration |
| CSCwk32501 | 256/1550 block depletion process fover_thread |
| CSCwk35710 | FTD/LINA may traceback and reload when "show capture" command is executed in EEM script |
| CSCwk36312 | High cpu on "update block depletion" with secondary effects (Bgp flaps, traffic drops) |
| CSCwk37371 | SGT INLINE-TAG added after upgrade to 7.4.x |
| CSCwk41007 | ASA/FTD may traceback and reload |
| CSCwk44165 | Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Remote Access SSL VPN Denial of Service Vulnerability |
| CSCwk45975 | TLS1.3 Decryption configuration on SSL policy is affecting DND traffic. |
| CSCwk48975 | Packet-tracer output incorrectly appends 'control-plane' to drops for data-plane access-group |
| CSCwk59009 | IPv6 SSL Anyconnect access blocked in HA pair |
| CSCwk59458 | 21xx: debug log process hangs preventing recovery from stuck writing operations |
| CSCwk61157 | FTD LINA Traceback and Reload dhcp_daemon Thread |
| CSCwk63733 | HA-monitored interfaces are going into "waiting" state and subsequently to "Failed" |
| CSCwk69742 | FTD: Policy deployment failed due to mismatch of checksum. |
| CSCwk71227 | FTD running on FPR 2k with LDAP skips backslash when updating ldap.conf |
| CSCwk71866 | ASA: Site-to-Site VPN between contexts on the same device drops traffic due to 'ipsec-tun-down' |
| CSCwk74813 | Cisco Adaptive Security Appliance and Firepower Threat Defense TLS Denial of Service Vulnerability |
| CSCwk75035 | Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vul |
| CSCwk75406 | FMC in CC-mode audit over syslog not working |
| CSCwk75956 | ASA/FTD may traceback and reload in Thread Name SSH |
| CSCwk78030 | ASA/FTD: Memory Exhaustion due to Threat-Detection |
| CSCwk86582 | 'ENDPOINT_TIME_OUT_OF_SYNC' Error Causing SAML Auth to Not Complete |
| CSCwk88182 | FTDv50 traceback during normal operation at PTHREAD-8141 spin_lock_fair_mode_enqueue |
| CSCwk88201 | S2S VPN with 3rd party broken after upgrading FPR 9.20 |
| CSCwk89836 | ASA/FTD may traceback and reload in Thread Name 'strlen' |
| CSCwm02801 | Unstable HA causing depolyment failure |
| CSCwm03142 | IPv6 Neighbor Discovery/multicast traffic affected on shared interface in multi instance setup |
| CSCwm07389 | CGroups errors in ASA Syslog during every reboot |
| CSCwm13199 | SIP traffic is affected due to unexpected behavior with NAT untranslations. |
| CSCwm14729 | CSF 3100 series not rebooting after power outage, requiring manual power cycle |
| CSCwm49153 | Cisco Adaptive Security Appliance Software SSH Server Resource DoS Vulnerability |
| CSCwm50591 | ASA/FTD: Inbound IPsec packets are dropped when IPsec offload is enabled with VTI and sub-interface |
| CSCwm50936 | 100GB interface flaps with Innolight QSFPs in both ends |