BugZero | Cisco BugID CSCwj08302 - FTD: HostScan scanning results not processed in ve...

Loading...

Operational Defect Database

A free repository of operational (non-security) bugs centralized through custom integrations with leading IT vendors.

Product

Enterprise platform
Bug Scrub Advisor
Operational Risk Scoring
Vendor Integrations

Company

Plans
Value Guide
About
Contact us
Legal

Resources

Blog
ServiceNow App
Trust Center
Risk Management
NIST
DORA

Operational Defect Database

A free repository of operational (non-security) bugs centralized through custom integrations with leading IT vendors.

Product

Enterprise platform
Bug Scrub Advisor
Operational Risk Scoring
Vendor Integrations

Company

Plans
Value Guide
About
Contact us
Legal

Resources

Blog
ServiceNow App
Trust Center
Risk Management
NIST
DORA

©2025 BugZero. All Rights Reserved.

Privacy Policy Terms of Service

BugZero | Cisco BugID CSCwj08302 - FTD: HostScan scanning results not processed in ve...

ODD
Cisco
CSCwj08302

Cisco - Defect ID: CSCwj08302

FTD: HostScan scanning results not processed in version 7.4.1

ODD
Cisco
CSCwj08302

Cisco - Defect ID: CSCwj08302

FTD: HostScan scanning results not processed in version 7.4.1

Last updated on February 25th, 2026

BugZero Risk Score
7.9 High

Overall: 7.9

Severity: 8.2

Lifecycle: 9.1

Popularity: 6.0

What is the BugZero Risk Score?

Cisco Integration

Learn more about where this data comes from

Cisco Integration

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise

Bug Details

Views: 5

Description

Symptom

After upgrading the FTD headend to version 7.4.1, AnyConnect/Secure Client is not able to establish a VPN session when HostScan/Secure Firewall Posture is enabled. The behavior is experienced as the FTD is not able to process the scanning results posted by the client when the file exceeds the 25,000 bytes. - When using the AnyConnect client with HostScan package enabled in the headend, the posture assessment process is stuck and displays the "Posture: Initiating..." message after the user successfully authenticates. - When using Cisco Secure Client with Secure Firewall Posture package enabled in the headend, the posture assessment process is stuck and displays the "HostScan mission complete" message after the user successfully authenticates. - On the VPN headend in "show counters" output below counter is increasing: ------------------ show counters ------------------ Protocol Counter Value Context ... ZERO_TRUST HUGE_PAYLOAD 354 Summary ...

Conditions

- FTD version 7.4.1 - Cisco Secure Client / AnyConnect client, regardless of the version - Scanning results file exceeds 25,000 bytes (scan.xml posted by the client to the FTD headend).

Workaround

1. Navigate to the lina CLI (system support diagnostic-cli) and verify the current "hostscan data-limit" configuration by running the commands below: FTD01# show run webvpn hostscan data-limit 2. If the command above does not return any value, it means there is no hostscan data-limit set, and therefore the default value is 200kB. Run command below: FTD01# debug menu zero-trust 10 200000 2.1. If hostscan data-limit is not default and is set to a certain value, the debug menu command must match the hostscan-data limit. As shown in the example below. FTD01# show run webvpn hostscan data-limit hostscan data-limit 127000 FTD01# debug menu zero-trust 10 127000 FTD01# Note that the debug command is only valid for the duration of the FTD uptime. If the FTD headend reboots, the "debug menu zero-trust" value will default back to 25000 bytes. Therefore, the workaround will need to be applied upon every reboot.

Further Problem Description

HostScan and Secure Firewall Posture are used to perform posture assessment checks on endpoints before allowing VPN access. This issue impacts the VPN session establishment process, leading to user authentication hanging indefinitely. The counter 'HUGE_PAYLOAD' indicates that the client's scan.xml file exceeded the payload processing limit set on the FTD.

Relevant Products

Click on a version to see all relevant bugs

Affected versions:9.20.1, 9.20.1.5, 9.20.2, 9.20.2.10

Fixed versions: 9.12.4.56, 9.12.4.58, 9.12.4.62, 9.12.4.65, 9.12.4.67, 9.14.4.23, 9.14.4.24, 9.16.4.14, 9.16.4.19, 9.16.4.27, 9.16.4.38, 9.16.4.39, 9.16.4.42, 9.16.4.48, 9.16.4.55, 9.16.4.57, 9.16.4.61, 9.16.4.62, 9.16.4.67, 9.16.4.70, 9.16.4.71, 9.16.4.76, 9.16.4.82, 9.16.4.84, 9.17.1.30, 9.17.1.33, 9.17.1.39, 9.17.1.45, 9.17.1.46, 9.18.3, 9.18.3.39, 9.18.3.46, 9.18.3.53, 9.18.3.55, 9.18.3.56, 9.18.4, 9.18.4.22, 9.18.4.24, 9.18.4.29, 9.18.4.34, 9.18.4.40, 9.18.4.47, 9.18.4.5, 9.18.4.50, 9.18.4.52, 9.18.4.53, 9.18.4.57, 9.18.4.8, 9.19.1.12, 9.19.1.18, 9.19.1.22, 9.19.1.24, 9.19.1.27, 9.19.1.28, 9.19.1.31, 9.19.1.37, 9.19.1.38, 9.19.1.42, 9.19.1.5, 9.19.1.9, 9.20.2.21, 9.20.2.22, 9.20.3, 9.20.3.10, 9.20.3.13, 9.20.3.16, 9.20.3.20, 9.20.3.4, 9.20.3.7, 9.20.3.9, 9.22.1.1, 9.22.1.2, 9.22.1.3, 9.22.1.6, 9.22.2, 9.22.2.4, 9.23.1, 9.23.1.3

Relevant Products

Click on a version to see all relevant bugs

Affected versions:9.20.1, 9.20.1.5, 9.20.2, 9.20.2.10

Fixed versions: 9.12.4.56, 9.12.4.58, 9.12.4.62, 9.12.4.65, 9.12.4.67, 9.14.4.23, 9.14.4.24, 9.16.4.14, 9.16.4.19, 9.16.4.27, 9.16.4.38, 9.16.4.39, 9.16.4.42, 9.16.4.48, 9.16.4.55, 9.16.4.57, 9.16.4.61, 9.16.4.62, 9.16.4.67, 9.16.4.70, 9.16.4.71, 9.16.4.76, 9.16.4.82, 9.16.4.84, 9.17.1.30, 9.17.1.33, 9.17.1.39, 9.17.1.45, 9.17.1.46, 9.18.3, 9.18.3.39, 9.18.3.46, 9.18.3.53, 9.18.3.55, 9.18.3.56, 9.18.4, 9.18.4.22, 9.18.4.24, 9.18.4.29, 9.18.4.34, 9.18.4.40, 9.18.4.47, 9.18.4.5, 9.18.4.50, 9.18.4.52, 9.18.4.53, 9.18.4.57, 9.18.4.8, 9.19.1.12, 9.19.1.18, 9.19.1.22, 9.19.1.24, 9.19.1.27, 9.19.1.28, 9.19.1.31, 9.19.1.37, 9.19.1.38, 9.19.1.42, 9.19.1.5, 9.19.1.9, 9.20.2.21, 9.20.2.22, 9.20.3, 9.20.3.10, 9.20.3.13, 9.20.3.16, 9.20.3.20, 9.20.3.4, 9.20.3.7, 9.20.3.9, 9.22.1.1, 9.22.1.2, 9.22.1.3, 9.22.1.6, 9.22.2, 9.22.2.4, 9.23.1, 9.23.1.3

Top Cisco Defects

9.7Defect ID: CSCwt50498
Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
9.7Defect ID: CSCvv15096
9200L: SYS-3-CPUHOG: Task is running for (2843)msecs, more than (2000)msecs process = SAUtilReport.
9.7Defect ID: CSCvx82406
Memory leaks in IOS_PRIV_OPER_DB
9.7Defect ID: CSCwj74769
After [non]pairwise key enabling and reboot, bfd ip and port mismatch on device.
9.7Defect ID: CSCvq05584
Cisco IOS and IOS XE Software Tcl Arbitrary Code Execution Vulnerability

Ready to prevent the next vendor outage?

Change history

2025-12-11 Added: 9.20.1, 9.20.1.5, 9.20.2, 9.20.2.10

Links

Original Vendor Announcement

Cisco Integration

Learn more about where this data comes from

Cisco Integration

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise