BugZero | Cisco BugID CSCwi84767 - Memory dump outputs appear without debugs enabled ...

OPERATIONAL DEFECT DATABASE

...

BugZero | Cisco BugID CSCwi84767 - Memory dump outputs appear without debugs enabled ...

Cisco - Defect ID: CSCwi84767

Memory dump outputs appear without debugs enabled in SSL VPN code

Cisco - Defect ID: CSCwi84767

Memory dump outputs appear without debugs enabled in SSL VPN code

Last updated on September 9th, 2025

BugZero Risk Score
6.1 Medium

Overall: 6.1

Severity: 6.4

Lifecycle: 9.1

Popularity: 4.6

What is the BugZero Risk Score?

Cisco Integration

Learn more about where this data comes from

Cisco Integration

Learn more

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

Learn more

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise

Learn more

Bug Details

Description

Symptom

Without any debugs enabled, the router sees memory dump outputs that appear to be HTTP methods: FFFF7936E8E4: 47455420 2F62696E 2F7A6874 7470642F GET /bin/zhttpd/ FFFF793BB964: 0E000000 00000000 ........ FFFF793BB974: 00000000 00000000 62626262 30313030 ........bbbb0100 FFFF793BB984: 30303030 3031 000001 FFFF7932BDA4: 504F5354 202F7363 POST /sc FFFF7932BDC4: 48545450 2F312E31 0D0A436F 6E74656E HTTP/1.1..Conten FFFF7932BDD4: 742D4C65 6E677468 t-Length ... Users may see a number of crypto/VPN-related syslogs simultaneously: %CRYPTO-5-IKMP_SETUP_FAILURE: IKE SETUP FAILED for local:xx.xx.xx.xx local_id:xx.xx.xx.xx remote:xx.xx.xx.xx remote_id:xx.xx.xx.xx IKE profile:None fvrf:None fail_reason:Peer lost fail_class_cnt:1 %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr=xx.xx.xx.xx, prot=xx, spi=0xXXXXXXXX(XXXXXXXXXX), srcaddr=xx.xx.xx.xx, input interface=GigabitEthernetx/y/z %CRYPTO-5-IKMP_SETUP_FAILURE: IKE SETUP FAILED for local:xx.xx.xx.xx local_id:xx.xx.xx.xx remote:xx.xx.xx.xx remote_id:xx.xx.xx.xx IKE profile:None fvrf:None fail_reason:Peer lost fail_class_cnt:1 %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr=xx.xx.xx.xx, prot=xx, spi=0xXXXXXXXX(XXXXXXXXXX), srcaddr=xx.xx.xx.xx, input interface=GigabitEthernetx/y/z %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr=xx.xx.xx.xx, prot=xx, spi=0xXXXXXXXX(XXXXXXXXXX), srcaddr=xx.xx.xx.xx, input interface=GigabitEthernetx/y/z

Conditions

This particular memory dump occurs within SSL VPN processing, so that functionality needs to be enabled on the router in order to encounter this issue. As the memory dump occurs in an SSL VPN error state, simply having the feature configured will not necessarily result in this behavior. The device would need to be in the corresponding SSL VPN error state.

Workaround

There is no impact from these debug messages. Users can simply ignore the logs or work to address the underlying SSL VPN issues that lead to the code path that dumps this memory.

Further Problem Description

Through traceback analysis, a list of functions leading up to the memory dump was determined. They show SSL VPN processing leading up to the memory dump. Through code analysis, it appears the router reaches this code flow when there is an error parsing an SSL record. The router ends up in SSL VPN handling code, and there is a function to dump memory that is not properly wrapped in a debug. Other nearby debugs are properly handled so that they don’t appear unless the corresponding "debug" is enabled. Looking through the nearby code, the "debug crypto ssl data" debug may be helpful in isolating any underlying VPN issues as the router should land in that code flow in order to get to the problematic memory dump function call.

Change history

2025-07-08 Added: 17.9.4a

Links

Original Vendor Announcement

Relevant Products

Click on a version to see all relevant bugs

Affected versions:17.9.4a

Fixed versions: 17.12.4, 17.12.4a, 17.12.4b, 17.12.5, 17.12.5a, 17.12.5b, 17.12.6, 17.15.1, 17.15.1a, 17.15.1b, 17.15.1w, 17.15.1x, 17.15.1y, 17.15.2, 17.15.2a, 17.15.2b, 17.15.2c, 17.15.3, 17.15.3a, 17.15.3b, 17.15.4, 17.15.4a, 17.16.1, 17.16.1a, 17.17.1, 17.18.1, 17.18.1a, 17.9.6, 17.9.6a, 17.9.6b, 17.9.7, 17.9.7a, 17.9.7b, Cupertino-17.9.6, Dublin-17.12.4

Relevant Products

Click on a version to see all relevant bugs

Affected versions:17.9.4a

Top Cisco Defects

9.7Defect ID: CSCwe01579
Cat9800 wncd reload while creating an RRM Client Coverage on large scale setup
9.7Defect ID: CSCwj74769
After [non]pairwise key enabling and reboot, bfd ip and port mismatch on device.
9.7Defect ID: CSCwa00729
All NADs got deleted due to one particular NAD deletion
9.7Defect ID: CSCwc94466
Cisco ASA/FTD Firepower 2100 SSL/TLS Denial of Service Vulnerability
9.7Defect ID: CSCvg76186
Cisco Smart Install Remote Code Execution and Denial of Service Vulnerability

Cisco Integration

Learn more about where this data comes from

Cisco Integration

Learn more

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

Learn more

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise

Learn more

Ready to prevent the next vendor outage?

Get a demo

OPERATIONAL DEFECT DATABASE

Cisco - Defect ID: CSCwi84767

Memory dump outputs appear without debugs enabled in SSL VPN code

Cisco - Defect ID: CSCwi84767

Memory dump outputs appear without debugs enabled in SSL VPN code

Last updated on September 9th, 2025

BugZero Risk Score6.1 Medium

Bug Details

Symptom

Conditions

Workaround

Further Problem Description

Links

Top Cisco Defects

Ready to prevent the next vendor outage?

BugZero Risk Score
6.1 Medium