BugZero | Cisco BugID CSCvt26067 - Active FTP fails when secondary interface is used ...

Loading...

Operational Defect Database

A free repository of operational (non-security) bugs centralized through custom integrations with leading IT vendors.

Product

Enterprise platform
Bug Scrub Advisor
Operational Risk Scoring
Vendor Integrations

Company

Plans
Value Guide
About
Contact us
Legal

Resources

Blog
ServiceNow App
Trust Center
Risk Management
NIST
DORA

Operational Defect Database

A free repository of operational (non-security) bugs centralized through custom integrations with leading IT vendors.

Product

Enterprise platform
Bug Scrub Advisor
Operational Risk Scoring
Vendor Integrations

Company

Plans
Value Guide
About
Contact us
Legal

Resources

Blog
ServiceNow App
Trust Center
Risk Management
NIST
DORA

©2025 BugZero. All Rights Reserved.

Privacy Policy Terms of Service

BugZero | Cisco BugID CSCvt26067 - Active FTP fails when secondary interface is used ...

ODD
Cisco
CSCvt26067

Cisco - Defect ID: CSCvt26067

Active FTP fails when secondary interface is used on FTD

ODD
Cisco
CSCvt26067

Cisco - Defect ID: CSCvt26067

Active FTP fails when secondary interface is used on FTD

Last updated on March 8th, 2023

BugZero Risk Score
6.1 Medium

Overall: 6.1

Severity: 6.4

Lifecycle: 9.1

Popularity: 4.6

What is the BugZero Risk Score?

Cisco Integration

Learn more about where this data comes from

Cisco Integration

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise

Bug Details

Description

Symptom

FTP Client able to connect to the FTP server, however unavailable to list the directory from the FTP server.

Conditions

- FTD with dual ISP scenario, with floating default route configured and preferred are configured as the following example: route outside 0.0.0.0 0.0.0.0 10 route backup 0.0.0.0 0.0.0.0 100 - FTP Server on inside interface (or any internal network). - Active FTP mode transfer. - Client reaching the FTD on the backup interface - FTP Server NATed on the backup interface, example: FTP-Server-Real host 192.168.10.20 nat (inside,backup) static FTP-Server-Mapped service tcp ftp ftp FTP-Server-Mapped host

Workaround

Configure a similar manual NAT as the following NAT: nat (backup,Inside) source dynamic any interface destination static FTP-Server-Mapped FTP-Server-Real Where: FTP-Server-Real host 192.168.10.20 FTP-Server-Mapped host With the NAT above, the SYN from the DATA FTP Channel will be forwarded over the "backup" interface instead of "outside" interface.

Further Problem Description

When Active FTP transfer is negotiated between client and server, the Data channel is initiated by the Server, this means on an FTD a new connection to be created. Active FTP Transfer is seen as follows ===========Control Channel=========== Client [n TCP port] -----> [port 21] Server ===========Data Channel=========== Client [n+1 TCP port] <----- [port 20] Server Where n is an ephemeral TCP port as the connection is initiated by the Client. This secondary TCP connection (Data channel) on the FTD should be forwarded through the same interface where the Control channel is initiated, however, on FTD it has been seen that the SYN is sent over the outside interface (primary link) instead of the backup interface (secondary link) causing the Client to discard the connection as the source IP from the Data channel from the SYN is different as the destination IP from Control's SYN.

Change history

2023-03-08 Added: 9.10.1.27, 9.10.1.30, 9.10.1.32, 9.10.1.37, 9.10.1.40, 9.10.1.42, 9.10.1.44, 9.12.3, 9.12.3.2, 9.12.3.7, 9.12.3.9, 9.13.1.2, 9.13.1.7, 9.14.1, 9.14.1.6, 9.9.2.59, 9.9.2.61, 9.9.2.66, 9.9.2.67, 9.9.2.74, 9.9.2.80, 9.9.2.83, 9.9.2.85

Relevant Products

Click on a version to see all relevant bugs

Affected versions:9.10.1.27, 9.10.1.30, 9.10.1.32, 9.10.1.37, 9.10.1.40, 9.10.1.42, 9.10.1.44, 9.12.3, 9.12.3.2, 9.12.3.7, 9.12.3.9, 9.13.1.2, 9.13.1.7, 9.14.1, 9.14.1.6, 9.9.2.59, 9.9.2.61, 9.9.2.66, 9.9.2.67, 9.9.2.74, 9.9.2.80, 9.9.2.83, 9.9.2.85

Fixed versions: 9.12.3.12, 9.12.4, 9.12.4.10, 9.12.4.13, 9.12.4.18, 9.12.4.2, 9.12.4.24, 9.12.4.26, 9.12.4.29, 9.12.4.30, 9.12.4.35, 9.12.4.37, 9.12.4.38, 9.12.4.39, 9.12.4.4, 9.12.4.40, 9.12.4.41, 9.12.4.47, 9.12.4.48, 9.12.4.50, 9.12.4.52, 9.12.4.54, 9.12.4.55, 9.12.4.7, 9.12.4.8, 9.13.1.10, 9.13.1.12, 9.13.1.13, 9.13.1.16, 9.13.1.19, 9.13.1.21, 9.14.1.10, 9.14.1.15, 9.14.1.19, 9.14.1.30, 9.14.2, 9.14.2.13, 9.14.2.15, 9.14.2.4, 9.14.2.8, 9.14.3, 9.14.3.1, 9.14.3.11, 9.14.3.13, 9.14.3.15, 9.14.3.18, 9.14.3.9, 9.14.4, 9.14.4.12, 9.14.4.13, 9.14.4.14, 9.14.4.15, 9.14.4.17, 9.14.4.22, 9.14.4.23, 9.14.4.6, 9.14.4.7, 9.15.1, 9.15.1.1, 9.15.1.10, 9.15.1.15, 9.15.1.16, 9.15.1.17, 9.15.1.21, 9.15.1.7, 9.16.1, 9.16.1.28, 9.16.2, 9.16.2.11, 9.16.2.13, 9.16.2.14, 9.16.2.3, 9.16.2.7, 9.16.3, 9.16.3.14, 9.16.3.15, 9.16.3.19, 9.16.3.23, 9.16.3.3, 9.16.4, 9.16.4.14, 9.16.4.9, 9.17.1, 9.17.1.10, 9.17.1.11, 9.17.1.13, 9.17.1.15, 9.17.1.20, 9.17.1.7, 9.17.1.9, 9.18.1, 9.18.1.3, 9.18.2, 9.18.2.5, 9.18.2.7, 9.18.2.8, 9.18.3, 9.19.1, 9.19.1.5

Relevant Products

Click on a version to see all relevant bugs

Affected versions:9.10.1.27, 9.10.1.30, 9.10.1.32, 9.10.1.37, 9.10.1.40, 9.10.1.42, 9.10.1.44, 9.12.3, 9.12.3.2, 9.12.3.7, 9.12.3.9, 9.13.1.2, 9.13.1.7, 9.14.1, 9.14.1.6, 9.9.2.59, 9.9.2.61, 9.9.2.66, 9.9.2.67, 9.9.2.74, 9.9.2.80, 9.9.2.83, 9.9.2.85

Fixed versions: 9.12.3.12, 9.12.4, 9.12.4.10, 9.12.4.13, 9.12.4.18, 9.12.4.2, 9.12.4.24, 9.12.4.26, 9.12.4.29, 9.12.4.30, 9.12.4.35, 9.12.4.37, 9.12.4.38, 9.12.4.39, 9.12.4.4, 9.12.4.40, 9.12.4.41, 9.12.4.47, 9.12.4.48, 9.12.4.50, 9.12.4.52, 9.12.4.54, 9.12.4.55, 9.12.4.7, 9.12.4.8, 9.13.1.10, 9.13.1.12, 9.13.1.13, 9.13.1.16, 9.13.1.19, 9.13.1.21, 9.14.1.10, 9.14.1.15, 9.14.1.19, 9.14.1.30, 9.14.2, 9.14.2.13, 9.14.2.15, 9.14.2.4, 9.14.2.8, 9.14.3, 9.14.3.1, 9.14.3.11, 9.14.3.13, 9.14.3.15, 9.14.3.18, 9.14.3.9, 9.14.4, 9.14.4.12, 9.14.4.13, 9.14.4.14, 9.14.4.15, 9.14.4.17, 9.14.4.22, 9.14.4.23, 9.14.4.6, 9.14.4.7, 9.15.1, 9.15.1.1, 9.15.1.10, 9.15.1.15, 9.15.1.16, 9.15.1.17, 9.15.1.21, 9.15.1.7, 9.16.1, 9.16.1.28, 9.16.2, 9.16.2.11, 9.16.2.13, 9.16.2.14, 9.16.2.3, 9.16.2.7, 9.16.3, 9.16.3.14, 9.16.3.15, 9.16.3.19, 9.16.3.23, 9.16.3.3, 9.16.4, 9.16.4.14, 9.16.4.9, 9.17.1, 9.17.1.10, 9.17.1.11, 9.17.1.13, 9.17.1.15, 9.17.1.20, 9.17.1.7, 9.17.1.9, 9.18.1, 9.18.1.3, 9.18.2, 9.18.2.5, 9.18.2.7, 9.18.2.8, 9.18.3, 9.19.1, 9.19.1.5

Top Cisco Defects

9.7Defect ID: CSCwt50498
Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
9.7Defect ID: CSCvx82406
Memory leaks in IOS_PRIV_OPER_DB
9.7Defect ID: CSCuh07579
IPSec fails to delete/create SAs due to IPSec background process stuck
9.7Defect ID: CSCwh87343
Cisco IOS XE Software Web UI Privilege Escalation Vulnerability
9.7Defect ID: CSCvx32806
Access Points stuck in bootloop due to image checksum verification failed

Ready to prevent the next vendor outage?

Links

Original Vendor Announcement

Cisco Integration

Learn more about where this data comes from

Cisco Integration

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise