BugZero | Cisco BugID CSCvu85445 - Cisco IOS XE SD-WAN device ZBFW not blocking amazo...

Cisco - Defect ID: CSCvu85445

Cisco IOS XE SD-WAN device ZBFW not blocking amazon-web-services when action item is inspected

Cisco - Defect ID: CSCvu85445

Cisco IOS XE SD-WAN device ZBFW not blocking amazon-web-services when action item is inspected

Last updated on 4/22/2024

Overall: 6.16.1

Severity: 6.46.4

Lifecycle: 9.19.1

Popularity: 4.64.6

What is the BugZero Risk Score?

Vendor details

No defect details.

Overall: 6.16.1

Severity: 6.46.4

Lifecycle: 9.19.1

Popularity: 4.64.6

What is the BugZero Risk Score?

Vendor details

No defect details.

Symptom

Amazon-web services for some flows are not getting detected when traffic is passing through cEdge device

Conditions

NBAR is classifying the application correctly for some packets, but not for all. User is able to open Path Trace Feature: IPV4(Input) Input : GigabitEthernet0/0/0 Output : Source : 192.168.30.30 Destination : 192.168.10.1 Protocol : 6 (TCP) SrcPort : 36506 DstPort : 443 Feature: NBAR Packet number in flow: 25 Classification state: Final Classification name: a mazon-web-services Classification ID: [CANA-L7:603] Classification source: Unknown Number of matched sub-classifications: 0 Number of extracted fields: 0 Is PA (split) packet: False TPH-MQC bitmask value: 0x4 Is optimize packet: False Is allow packet: False BR3-cEdge-1_Template#show ip nbar protocol-id | in amazon-web amazon-web-services 603 L7 STANDARD For some flows action is forward: Summary Input : GigabitEthernet0/0/0 Output : GigabitEthernet0/0/1 State : FWD Path Trace Feature: IPV4(Input) Input : GigabitEthernet0/0/0 Output : Source : 192.168.30.30 Destination : 192.168.20.1 Protocol : 6 (TCP) SrcPort : 44516 DstPort : 443 Feature: NBAR Packet number in flow: 1 Classification state: Not final << NBAR unable to classify this flow Classification name: unknown Classification ID: [CANA-L7:1] Classification source: Unknown Number of matched sub-classifications: 0 Number of extracted fields: 0 Is PA (split) packet: False TPH-MQC bitmask value: 0x0 Is optimize packet: False Is allow packet: False

Workaround

Further Problem Description

Original Vendor Announcement

9.65Defect ID: CSCwd45843
Auth Step latency for policy evaluation due to Garbage Collection activity.
9.65Defect ID: CSCwa92734
CUBE DTMF interworking fails from rtp-nte to OOB SIP methods
9.65Defect ID: CSCwj45822
Cisco ASA and FTD Software Remote Access VPN Brute Force Denial of Service Vulnerability
9.65Defect ID: CSCvo03458
PKI "revocation check crl none" does not fallback if CRL not reachable
9.65Defect ID: CSCvq05584
Cisco IOS and IOS XE Software Tcl Arbitrary Code Execution Vulnerability

Ready to prevent the next vendor outage?

Get a demo

OPERATIONAL DEFECT DATABASE

Cisco - Defect ID: CSCvu85445

Cisco IOS XE SD-WAN device ZBFW not blocking amazon-web-services when action item is inspected

Cisco - Defect ID: CSCvu85445

Cisco IOS XE SD-WAN device ZBFW not blocking amazon-web-services when action item is inspected

Last updated on 4/22/2024

Vendor details

Vendor details

Description

Symptom

Conditions

Workaround

Further Problem Description

Links

Top Cisco defects by risk score

Ready to prevent the next vendor outage?