Cisco issues urgent reboot warning for bug in ASA and Firepower appliances

Cisco says without system reboot the devices will stop passing traffic after 213 days of uptime


Cisco has issued an urgent request to Cisco customers running specific releases of software on their Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) appliances to reboot their devices to prevent a device from hanging and stop passing traffic.

Cisco said its ASA and FTD devices are affected by a “functional software defect that will cause the device to stop passing traffic after 213 days of uptime” and that the issue is a result of a software regression bug introduced when addressing Cisco bug ID CSCva03607.

+More on Network World: IBM on the state of network security: Abysmal

The current problem is limited to device operability and it is not a vulnerability, nor is there continued exposure to the vulnerability that was already addressed. This issue cannot be triggered by a threat actor, Cisco wrote in a blog outlining the problem.

Included in the reboot warning are software releases for Firepower,

and 6.2.0 s and about 30 versions of ASA software starting with version to A complete list is available on the Cisco Field Notice.

Cisco defines the ASA as a security device that combines firewall, antivirus, intrusion prevention, and virtual private network (VPN) capabilities. It provides proactive threat defense that stops attacks before they spread through the network. Cisco Firepower Threat Defense (FTD) appliances are next generation firewalls with myriad security features.

+More on Network World: Cisco: IOS security update includes denial of service and code execution warnings+

“For customers with failover configurations, it is recommended to reboot the standby devices first, make them active after they complete booting, and then reboot the formerly active devices. Customers with clustering configurations should remove one slave at a time from the cluster, reboot them, and rejoin them until each slave has been rebooted. Then, move the master to one of the rebooted devices and then remove that device from the cluster, reboot it, and then have it rejoin,” Cisco stated. “The reboot of the security appliance must be performed prior to 213 days 12 hours of uptime. After the reboot, the security appliance avoids an encounter with this issue for another 213 days 12 hours.”

Updated software that addresses this issue will be published in the coming weeks., the company said.

Check out these other hot stories:

IBM technology creates smart wingman for self-driving cars

Extreme swallows Brocade's data center networking business for $55M

IBM on the state of network security: Abysmal

Cisco expands wireless reach with access points, management software

5 burning questions with new IETF Chair and Cisco Fellow Alissa Cooper

Cisco Talos warns of Apple iOS and MacOS X.509 certificate flaw

FTC warns on “Can you hear me now” robocall: Hang up!

Cisco: IOS security update includes denial of service and code execution warnings

Can you imagine Mars with Saturn-like rings?

Cisco closes AppDynamics deal, increases software weight

Juniper extends data center interconnect options

Cisco issues critical warning after CIA WikiLeaks dump bares IOS security weakness

DARPA wants to cultivate the ultimate transistor of the future

DARPA plan would reinvent not-so-clever machine learning systems

Cisco security advisory dump finds 20 warnings, 2 critical


Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2017 IDG Communications, Inc.

SD-WAN buyers guide: Key questions to ask vendors (and yourself)