BugZero | Cisco BugID CSCwb76423 - ASA/FTD traceback and reload when checking CRL

background buggy image

OPERATIONAL DEFECT DATABASE

...

Operational Defect Database

A free repository of operational (non-security) bugs centralized through custom integrations with leading IT vendors.

Product

Enterprise platform
Bug Scrub Advisor
Vendor Integrations

Company

Plans
Value Guide
About
Contact us

Resources

Blog
ServiceNow App
Trust Center
NIST
DORA

Operational Defect Database

A free repository of operational (non-security) bugs centralized through custom integrations with leading IT vendors.

Product

Enterprise platform
Bug Scrub Advisor
Vendor Integrations

Company

Plans
Value Guide
About
Contact us

Resources

Blog
ServiceNow App
Trust Center
NIST
DORA

©2025 BugZero. All Rights Reserved.

Privacy Policy Terms of Service

BugZero | Cisco BugID CSCwb76423 - ASA/FTD traceback and reload when checking CRL

ODD
Cisco
CSCwb76423

Cisco - Defect ID: CSCwb76423

ASA/FTD traceback and reload when checking CRL

ODD
Cisco
CSCwb76423

Cisco - Defect ID: CSCwb76423

ASA/FTD traceback and reload when checking CRL

Last updated on April 23rd, 2025

BugZero Risk Score
7.8 High

Overall: 7.8

Severity: 8.2

Lifecycle: 9.1

Popularity: 4.6

What is the BugZero Risk Score?

Cisco Integration

Learn more about where this data comes from

Cisco Integration

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise

Bug Details

Description

Symptom

ASA/FTD raceback and reloads when attempts CRL revocation checking to verify a CRL during session establishment for syslog-over-TLS or peer-to-peer IPsec VPN.

Conditions

CRL revocation checking is configured for a trustpoint used for syslog-over-TLS or peer-to-peer IPsec VPN.

Workaround

None.

Further Problem Description

ASA logs show CRL revocation checking starting, and packet capture shows CRL download, however the ASA crashes before generating an audit messages indicating the success/failure of the TLS or IPsec connection.

Change history

2025-04-23 Added: 9.14.4.23, 9.14.4.24, 9.16.4, 9.16.4.14, 9.16.4.18, 9.16.4.19, 9.16.4.27, 9.16.4.38, 9.16.4.39, 9.16.4.42, 9.16.4.48, 9.16.4.55, 9.16.4.57, 9.16.4.61, 9.16.4.62, 9.16.4.67, 9.16.4.70, 9.16.4.71, 9.16.4.76, 9.16.4.82, 9.16.4.84, 9.16.4.9, 9.18.2, 9.18.2.5, 9.18.2.7, 9.18.2.8, 9.18.3, 9.18.3.39, 9.18.3.46, 9.18.3.53, 9.18.3.55, 9.18.3.56, 9.18.4, 9.18.4.22, 9.18.4.24, 9.18.4.29, 9.18.4.34, 9.18.4.40, 9.18.4.47, 9.18.4.5, 9.18.4.50, 9.18.4.52, 9.18.4.53, 9.18.4.57, 9.18.4.8, 9.19.1, 9.19.1.12, 9.19.1.18, 9.19.1.22, 9.19.1.24, 9.19.1.27, 9.19.1.28, 9.19.1.31, 9.19.1.37, 9.19.1.38, 9.19.1.42, 9.19.1.5, 9.19.1.9, 9.20.1, 9.20.1.5, 9.20.2, 9.20.2.10, 9.20.2.21, 9.20.2.22, 9.20.3, 9.20.3.10, 9.20.3.13, 9.20.3.16, 9.20.3.4, 9.20.3.7, 9.20.3.9, 9.22.1.1, 9.22.1.2, 9.22.1.3, 9.22.1.6, 9.22.2, 9.23.1, 9.23.1.3

Links

Original Vendor Announcement

Relevant Products

Click on a version to see all relevant bugs

Affected versions:No known affected versions

Fixed versions: 9.14.4.23, 9.14.4.24, 9.16.4, 9.16.4.14, 9.16.4.18, 9.16.4.19, 9.16.4.27, 9.16.4.38, 9.16.4.39, 9.16.4.42, 9.16.4.48, 9.16.4.55, 9.16.4.57, 9.16.4.61, 9.16.4.62, 9.16.4.67, 9.16.4.70, 9.16.4.71, 9.16.4.76, 9.16.4.82, 9.16.4.84, 9.16.4.9, 9.18.2, 9.18.2.5, 9.18.2.7, 9.18.2.8, 9.18.3, 9.18.3.39, 9.18.3.46, 9.18.3.53, 9.18.3.55, 9.18.3.56, 9.18.4, 9.18.4.22, 9.18.4.24, 9.18.4.29, 9.18.4.34, 9.18.4.40, 9.18.4.47, 9.18.4.5, 9.18.4.50, 9.18.4.52, 9.18.4.53, 9.18.4.57, 9.18.4.8, 9.19.1, 9.19.1.12, 9.19.1.18, 9.19.1.22, 9.19.1.24, 9.19.1.27, 9.19.1.28, 9.19.1.31, 9.19.1.37, 9.19.1.38, 9.19.1.42, 9.19.1.5, 9.19.1.9, 9.20.1, 9.20.1.5, 9.20.2, 9.20.2.10, 9.20.2.21, 9.20.2.22, 9.20.3, 9.20.3.10, 9.20.3.13, 9.20.3.16, 9.20.3.4, 9.20.3.7, 9.20.3.9, 9.22.1.1, 9.22.1.2, 9.22.1.3, 9.22.1.6, 9.22.2, 9.23.1, 9.23.1.3

Relevant Products

Click on a version to see all relevant bugs

Affected versions:No known affected versions

Fixed versions: 9.14.4.23, 9.14.4.24, 9.16.4, 9.16.4.14, 9.16.4.18, 9.16.4.19, 9.16.4.27, 9.16.4.38, 9.16.4.39, 9.16.4.42, 9.16.4.48, 9.16.4.55, 9.16.4.57, 9.16.4.61, 9.16.4.62, 9.16.4.67, 9.16.4.70, 9.16.4.71, 9.16.4.76, 9.16.4.82, 9.16.4.84, 9.16.4.9, 9.18.2, 9.18.2.5, 9.18.2.7, 9.18.2.8, 9.18.3, 9.18.3.39, 9.18.3.46, 9.18.3.53, 9.18.3.55, 9.18.3.56, 9.18.4, 9.18.4.22, 9.18.4.24, 9.18.4.29, 9.18.4.34, 9.18.4.40, 9.18.4.47, 9.18.4.5, 9.18.4.50, 9.18.4.52, 9.18.4.53, 9.18.4.57, 9.18.4.8, 9.19.1, 9.19.1.12, 9.19.1.18, 9.19.1.22, 9.19.1.24, 9.19.1.27, 9.19.1.28, 9.19.1.31, 9.19.1.37, 9.19.1.38, 9.19.1.42, 9.19.1.5, 9.19.1.9, 9.20.1, 9.20.1.5, 9.20.2, 9.20.2.10, 9.20.2.21, 9.20.2.22, 9.20.3, 9.20.3.10, 9.20.3.13, 9.20.3.16, 9.20.3.4, 9.20.3.7, 9.20.3.9, 9.22.1.1, 9.22.1.2, 9.22.1.3, 9.22.1.6, 9.22.2, 9.23.1, 9.23.1.3

Top Cisco Defects

9.7Defect ID: CSCwj45822
Cisco ASA and FTD Software Remote Access VPN Brute Force Denial of Service Vulnerability
9.7Defect ID: CSCwj73634
Full or partial 9800 configuration loss after HA SSO failover
9.7Defect ID: CSCwk61938
ISE Evaluate OpenSSH CVE-2024-6387 "regreSSHion"
9.7Defect ID: CSCwh87343
Cisco IOS XE Software Web UI Privilege Escalation Vulnerability
9.7Defect ID: CSCvx82406
Memory leaks in IOS_PRIV_OPER_DB

Cisco Integration

Learn more about where this data comes from

Cisco Integration

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise

Ready to prevent the next vendor outage?