BugZero | Cisco BugID CSCvy56395 - ASA traceback and reload due to snmp encrypted com...

Cisco - Defect ID: CSCvy56395

ASA traceback and reload due to snmp encrypted community string when key config is present

Cisco - Defect ID: CSCvy56395

ASA traceback and reload due to snmp encrypted community string when key config is present

Last updated on 7/24/2024

Overall: 7.87.8

Severity: 8.28.2

Lifecycle: 9.19.1

Popularity: 5.15.1

What is the BugZero Risk Score?

Vendor details

No defect details.

Overall: 7.87.8

Severity: 8.28.2

Lifecycle: 9.19.1

Popularity: 5.15.1

What is the BugZero Risk Score?

Vendor details

No defect details.

Symptom

In case of reload traceback is observed on ASA/FPR9k/FPR2k/FPR4k with snmp configuration.

Conditions

Issue is happening in case of reload when the encrypted community string len >32 in snmp-ser host-group cli. snmp allows plain community whose len 33char. config : snmp-server host-group mgmt SNMP_HOST_OBJECT poll community fkPf7ApiVALP2o3BLVcoHbkH8vjZ version 2c key config-key password-encryption New key: Cisco!123 Confirm key: Cisco!123 (config)# password encryption aes (config)# write memory all

Workaround

when snmp-server is configured with plain community i.e with 0/WORD(unencrypted community) unconfig i.e "no key config-key password-encryption " and save the config.

Further Problem Description

On Firepower platforms this will result with module going into failsafe mode

Original Vendor Announcement

9.65Defect ID: CSCwd45843
Auth Step latency for policy evaluation due to Garbage Collection activity.
9.65Defect ID: CSCwa92734
CUBE DTMF interworking fails from rtp-nte to OOB SIP methods
9.65Defect ID: CSCwj45822
Cisco ASA and FTD Software Remote Access VPN Brute Force Denial of Service Vulnerability
9.65Defect ID: CSCvo03458
PKI "revocation check crl none" does not fallback if CRL not reachable
9.65Defect ID: CSCvq05584
Cisco IOS and IOS XE Software Tcl Arbitrary Code Execution Vulnerability

Ready to prevent the next vendor outage?

Get a demo

OPERATIONAL DEFECT DATABASE

Cisco - Defect ID: CSCvy56395

ASA traceback and reload due to snmp encrypted community string when key config is present

Cisco - Defect ID: CSCvy56395

ASA traceback and reload due to snmp encrypted community string when key config is present

Last updated on 7/24/2024

Vendor details

Vendor details

Description

Symptom

Conditions

Workaround

Further Problem Description

Links

Top Cisco defects by risk score

Ready to prevent the next vendor outage?