Software Advisory for CSCvs84578 and CSCvs84713

Available Languages

Download Options

  • PDF     (304.7 KB)
    View with Adobe Reader on a variety of devices
Updated:February 25, 2020

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Dear Cisco Customer,

Cisco engineering has identified the following software issues with the release that you have selected that might affect your use of this software. Please review the Software Advisory notice here to determine if either of these issues apply to your environment.

Affected Software and Replacement Solution for CSCvs84578 and CSCvs84713

Software Type

Software Affected

Software Solution

Firepower Threat Defense (FTD) Software

Version:

6.2.3.15 build 38

Version:

6.2.3-DW Hotfix

Reason for Advisory: This software advisory addresses the following two software issues and provides workarounds to address the issues:

Software Issue #1

CSCvs84578      Upgrading FTD on 4100/9300 Platform to 6.2.3.15 prevents the FTD instance from booting up

 

Affected Platforms: Firepower 4100 Series and Firepower 9300

 

Symptom: FTD application on the Firepower 4100/9300 will not start after upgrading to 6.2.3.15 build 38, deploying a policy, and then restarting.
 
Conditions: 
These events precede the problem state:
§ Firepower 4100/9300 is running FXOS 2.3.1.
§ The FTD application is upgraded to 6.2.3.15 build 38.
§ A policy is pushed to the device.
§ The FTD application is restarted.
 

Software Issue #2

CSCvs84713      Cannot SSH to the device after upgrading FTD on ASA55XX/ISA 3000/FTDv to 6.2.3.15 build 38

 

Affected Platforms: ASA 5500-X Series with FTD, ISA 3000 with FTD, and Cisco Firepower Threat Defense Virtual (FTDv)

 

Symptom: After upgrading to 6.2.3.15 build 38, the FTD/FTDv application may refuse all management port SSH session connection requests.
 
Conditions:
These events precede the problem state:
§ The FTD/FTDv application is upgraded to 6.2.3.15 build 38.
§ A policy is pushed to the FTD/FTDv application.
§ The FTD/FTDv application is restarted.
 

Workaround

To work around either of these issues, do one of the following:
§  Use the updated 6.2.3.15 build 39 or a later software release and avoid 6.2.3.15 build 38.  The problematic 6.2.3.15 build 38 is no longer available for download.
§  If the system is running 6.2.3.15 build 38 and is operational, perform one of the following software updates:
o   Apply the Firepower Threat Defense 6.2.3-DW hotfix: https://www.cisco.com/c/en/us/td/docs/security/firepower/hotfix/Firepower_Hotfix_Release_Notes/available-hotfixes.html#id_84872
o   Upgrade to Firepower Threat Defense 6.3, 6.4, or 6.5.
§  If the system is no longer operational:
o   Contact Cisco TAC so that a customer representative can manually repair the FTD application.
o   For Firepower 4100/9300, you can also upgrade the chassis to FXOS 2.4.1 or a higher version that is compatible with 6.2.3.15 based on the following compatibility matrix: https://www.cisco.com/c/en/us/td/docs/security/firepower/fxos/compatibility/fxos-compatibility.html#id_59069