BugZero | Cisco BugID CSCwh99399 - ftmd crash observed while running PWK suite

Cisco - Defect ID: CSCwh99399

ftmd crash observed while running PWK suite

Cisco - Defect ID: CSCwh99399

ftmd crash observed while running PWK suite

Last updated on December 30th, 2025

BugZero Risk Score
7.8 High

Overall: 7.8

Severity: 8.2

Lifecycle: 9.1

Popularity: 5.1

What is the BugZero Risk Score?

Cisco Integration

Learn more about where this data comes from

Cisco Integration

Learn more

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

Learn more

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise

Learn more

Bug Details

Description

Symptom

FTDM process may crash while running performance/scale testing. cEdge device will have control connections but BFD sessions will be down.

Conditions

This crash was seen during performance/scale testing. The cEdge device will have control connections up. There will be some BFD sessions that will be in the down state. When you check the following commands on both devices with the down BFD sessions, the SPI on the Local device will not match the Outbound SPI on the remote device. - show sdwan ipsec local-sa - show platform software sdwan R0 internal "ttm tlocs" | inc TLOC:|spi In a working scenario, you will see the local-sa SPI match the SPI on the remote side: cEdge1: show sdwan ipsec local-sa SOURCE SOURCE SOURCE TLOC ADDRESS TLOC COLOR SPI IPv4 IPv6 PORT KEY HASH ---------------------------------------------------------------------------------------------------------------------- 5.5.5.3 biz-internet 278<<<< 192.168.30.111 :: 32722 *****fd45 show platform software sdwan R0 internal "ttm tlocs" | inc TLOC:|spi TLOC: 4.4.4.4 : biz-internet : ipsec, Origin: REMOTE, Index: 32771, Carrier: 1, LR Enabled: 0, LR hold time: 0 Encap: ipsec-tunnel, Integrity: ip-udp-esp esp(0x98), encrypt: aes256(0xc), spi 307 TLOC: 5.5.5.1 : public-internet : ipsec, Origin: REMOTE, Index: 32773, Carrier: 1, LR Enabled: 0, LR hold time: 0 Encap: ipsec-tunnel, Integrity: ip-udp-esp esp(0x98), encrypt: aes256(0xc), spi 449 <<<< This matches the SPI on cEdge2 output 'show sdwan ipsec local-sa' Remote Device: cEdge2: show sdwan ipsec local-sa SOURCE SOURCE SOURCE TLOC ADDRESS TLOC COLOR SPI IPv4 IPv6 PORT KEY HASH ---------------------------------------------------------------------------------------------------------------------- 4.4.4.4 biz-internet 307<<<< 192.168.18.184 :: 32722 *****598d show platform software sdwan R0 internal "ttm tlocs" | inc TLOC:|spi TLOC: 4.4.4.4 : biz-internet : ipsec, Origin: LOCAL, Index: 32786, Carrier: 1, LR Enabled: 0, LR hold time: 7000 Encap: ipsec-tunnel, Integrity: ip-udp-esp esp(0x98), encrypt: aes256(0xc), spi 307 TLOC: 5.5.5.1 : mpls : ipsec, Origin: REMOTE, Index: 32780, Carrier: 1, LR Enabled: 0, LR hold time: 0 Encap: ipsec-tunnel, Integrity: ip-udp-esp esp(0x98), encrypt: aes256(0xc), spi 446 TLOC: 5.5.5.1 : public-internet : ipsec, Origin: REMOTE, Index: 32783, Carrier: 1, LR Enabled: 0, LR hold time: 0 Encap: ipsec-tunnel, Integrity: ip-udp-esp esp(0x98), encrypt: aes256(0xc), spi 449 TLOC: 5.5.5.3 : biz-internet : ipsec, Origin: REMOTE, Index: 32784, Carrier: 1, LR Enabled: 0, LR hold time: 0 Encap: ipsec-tunnel, Integrity: ip-udp-esp esp(0x98), encrypt: aes256(0xc), spi 278 <<<< This matches the SPI on cEdge1 output 'show sdwan ipsec local-sa' In a non-working scenario, the SPIs will not match on another.

Workaround

Reboot the device. Solution - Upgrade to a known fixed version.

Further Problem Description

Will impact all cedge platforms. To fully validate you are being impacted, perform the following commands on the device(s) and generate an admin tech with all 3 boxes checked (Log, Core, and Tech). Open a TAC case and upload the admin tech(s) to the case.

Relevant Products

Click on a version to see all relevant bugs

Affected versions:No known affected versions

Fixed versions: 17.12.3, 17.12.3a, 17.12.4, 17.12.4a, 17.12.4b, 17.12.5, 17.12.5a, 17.12.5b, 17.12.5c, 17.12.5d, 17.12.6, 17.12.6a, 17.14.1, 17.14.1a, 17.15.1, 17.15.1a, 17.15.1b, 17.15.1w, 17.15.1x, 17.15.1y, 17.15.1z, 17.15.2, 17.15.2a, 17.15.2b, 17.15.2c, 17.15.3, 17.15.3a, 17.15.3b, 17.15.4, 17.15.4a, 17.15.4b, 17.15.4c, 17.15.4d, 17.15.4s1, 17.16.1, 17.16.1a, 17.17.1, 17.18.1, 17.18.1a, 17.18.1w, 17.18.2, 17.6.7, 17.6.8, 17.6.8a, 17.9.5e, 17.9.5f, 17.9.6, 17.9.6a, 17.9.6b, 17.9.7, 17.9.7a, 17.9.7b, 17.9.8

Relevant Products

Click on a version to see all relevant bugs

Affected versions:No known affected versions

Top Cisco Defects

No bugs this month

Ready to prevent the next vendor outage?

Get a demo

Cisco - Defect ID: CSCwh99399

ftmd crash observed while running PWK suite

Cisco - Defect ID: CSCwh99399

ftmd crash observed while running PWK suite

Last updated on December 30th, 2025

BugZero Risk Score7.8 High

Bug Details

Symptom

Conditions

Workaround

Further Problem Description

Top Cisco Defects

Ready to prevent the next vendor outage?

Links

BugZero Risk Score
7.8 High