BugZero | Cisco BugID CSCwb49718 - CWA clients not getting the login page due to an e...

Cisco - Defect ID: CSCwb49718

CWA clients not getting the login page due to an extra 'permit any' entry on COS APs due to "remark"

Cisco - Defect ID: CSCwb49718

CWA clients not getting the login page due to an extra 'permit any' entry on COS APs due to "remark"

Last updated on 6/1/2025

Overall: 6.16.1

Severity: 6.46.4

Lifecycle: 9.19.1

Popularity: 4.64.6

What is the BugZero Risk Score?

Vendor details

No defect details.

Overall: 6.16.1

Severity: 6.46.4

Lifecycle: 9.19.1

Popularity: 4.64.6

What is the BugZero Risk Score?

Vendor details

No defect details.

Symptom

- CWA clients are stuck in Web Auth Pending state with full access to the internet. - The login page appears only when entering the URL manually. - On the WLC, redirect ACL and URL are applied.

Conditions

- There is an extra ‘permit any’ rule on the AP which is the reason why clients have full access: * On the WLC: Extended IP access list ACL_REDIRECT 11 deny tcp any host ... ... 112 deny udp host ... 200 permit ip any any * On the AP: ACL_REDIRECT rule 0: allow true rule 1: allow true and dst ... ... rule 12: allow true and src ... rule 13: deny true rule 14: allow true

Workaround

- Entering the URL manually on the browser.

Further Problem Description

Original Vendor Announcement

9.65Defect ID: CSCwd45843
Auth Step latency for policy evaluation due to Garbage Collection activity.
9.65Defect ID: CSCwa92734
CUBE DTMF interworking fails from rtp-nte to OOB SIP methods
9.65Defect ID: CSCwj45822
Cisco ASA and FTD Software Remote Access VPN Brute Force Denial of Service Vulnerability
9.65Defect ID: CSCvo03458
PKI "revocation check crl none" does not fallback if CRL not reachable
9.65Defect ID: CSCvq05584
Cisco IOS and IOS XE Software Tcl Arbitrary Code Execution Vulnerability

Ready to prevent the next vendor outage?

Get a demo

OPERATIONAL DEFECT DATABASE

Cisco - Defect ID: CSCwb49718

CWA clients not getting the login page due to an extra 'permit any' entry on COS APs due to "remark"

Cisco - Defect ID: CSCwb49718

CWA clients not getting the login page due to an extra 'permit any' entry on COS APs due to "remark"

Last updated on 6/1/2025

Vendor details

Vendor details

Description

Symptom

Conditions

Workaround

Further Problem Description

Links

Top Cisco defects by risk score

Ready to prevent the next vendor outage?