Cisco Notification Alert -Nexus 9000 Series Switch-01-Jun-2015 17:10 GMT

Feedback Sign Up Unsubscribe         Software Updates for Nexus 9000 Series Switches Product Name: Nexus 9332PQ Switch Software Type: NX-OS System Software-ACI Release Version: 11.0(4h) Alert Type: Software Advisory File Name: aci-apic-dk9.1.0.4h.iso File Description: APIC Release image for 1.0(4h) release Software Advisory Date: 22-MAY-2015 Software Updates for Nexus 9000 Series Switches Product Name: Nexus 9332PQ Switch Software Type: NX-OS System Software-ACI Release Version: 11.0(4g) Alert Type: Obsolete File File Name: aci-n9000-dk9.11.0.4g.bin File Description: Cisco Nexus 9000 Series ACI Mode Switch Software Release 11.0(4g) Obsolete Date: 05-MAY-2015 Find additional information in Software Downloads index. Software Updates for Nexus 9000 Series Switches Product Name: Nexus 9516 Switch Software Type: NX-OS EPLD Updates Release Version: 7.0(3)I1(2) Alert Type: New File File Name: n9000-epld.7.0.3.I1.2.img File Description: Nexus 9000 Standalone switch EPLD Image for 7.0(3)I1(2) File Release Date: 17-MAY-2015 Software Updates for Nexus 9000 Series Switches Product Name: Nexus 9516 Switch Software Type: NX-OS EPLD Updates Release Version: 6.1(2)I3(4a) Alert Type: New File File Name: n9000-epld.6.1.2.I3.4a.img File Description: Nexus 9000 Standalone switch EPLD Image for 6.1(2)I3(4a) File Release Date: 18-MAY-2015 Find additional information in Software Downloads index. Software Updates for Nexus 9000 Series Switches Product Name: Nexus 9396PX Switch Software Type: NX-OS Software Maintenance Upgrades (SMU) Release Version: 7.0(3)I1(1a) Alert Type: New File File Name: n9000-dk9.7.0.3.I1.1a.CSCut95590.bin File Description: Route-map Match Logic File Release Date: 01-MAY-2015 Find additional information in Software Downloads index. Software Updates for Nexus 9000 Series Switches Product Name: Nexus 9396PX Switch Software Type: NX-OS System Software Release Version: 6.1(2)I3(4a) Alert Type: New File File Name: n9000-dk9.6.1.2.I3.4a.bin File Description: Cisco Nexus 9000 Standalone Switch File Release Date: 18-MAY-2015 Software Updates for Nexus 9000 Series Switches Product Name: Nexus 9396PX Switch Software Type: NX-OS System Software Release Version: 7.0(3)I1(2) Alert Type: New File File Name: n9000-dk9.7.0.3.I1.2.bin File Description: Cisco Nexus 9000 Standalone Switch File Release Date: 17-MAY-2015 Find additional information in Software Downloads index. Software Updates for Nexus 9000 Series Switches Product Name: Nexus 9396TX Switch Software Type: NX-OS EPLD Updates Release Version: 6.1(2)I3(4a) Alert Type: New File File Name: n9000-epld.6.1.2.I3.4a.img File Description: Nexus 9000 Standalone switch EPLD Image for 6.1(2)I3(4a) File Release Date: 18-MAY-2015 Software Updates for Nexus 9000 Series Switches Product Name: Nexus 9396TX Switch Software Type: NX-OS EPLD Updates Release Version: 7.0(3)I1(2) Alert Type: New File File Name: n9000-epld.7.0.3.I1.2.img File Description: Nexus 9000 Standalone switch EPLD Image for 7.0(3)I1(2) File Release Date: 17-MAY-2015 Find additional information in Software Downloads index. Software Updates for Nexus 9000 Series Switches Product Name: Nexus 9372PX Switch Software Type: NX-OS Software Maintenance Upgrades (SMU) Release Version: 7.0(3)I1(1a) Alert Type: New File File Name: n9000-dk9.7.0.3.I1.1a.CSCut95590.bin File Description: Route-map Match Logic File Release Date: 01-MAY-2015 Find additional information in Software Downloads index. Software Updates for Nexus 9000 Series Switches Product Name: Nexus 9372PX Switch Software Type: NX-OS System Software Release Version: 6.1(2)I3(4a) Alert Type: New File File Name: n9000-dk9.6.1.2.I3.4a.bin File Description: Cisco Nexus 9000 Standalone Switch File Release Date: 18-MAY-2015 Software Updates for Nexus 9000 Series Switches Product Name: Nexus 9372PX Switch Software Type: NX-OS System Software Release Version: 7.0(3)I1(2) Alert Type: New File File Name: n9000-dk9.7.0.3.I1.2.bin File Description: Cisco Nexus 9000 Standalone Switch File Release Date: 17-MAY-2015 Find additional information in Software Downloads index. Software Updates for Nexus 9000 Series Switches Product Name: Nexus 93128TX Switch Software Type: NX-OS System Software Release Version: 7.0(3)I1(2) Alert Type: New File File Name: n9000-dk9.7.0.3.I1.2.bin File Description: Cisco Nexus 9000 Standalone Switch File Release Date: 17-MAY-2015 Software Updates for Nexus 9000 Series Switches Product Name: Nexus 93128TX Switch Software Type: NX-OS System Software Release Version: 6.1(2)I3(4a) Alert Type: New File File Name: n9000-dk9.6.1.2.I3.4a.bin File Description: Cisco Nexus 9000 Standalone Switch File Release Date: 18-MAY-2015 Find additional information in Software Downloads index. Software Updates for Nexus 9000 Series Switches Product Name: Nexus 9504 Switch Software Type: NX-OS System Software Release Version: 6.1(2)I3(4a) Alert Type: New File File Name: n9000-dk9.6.1.2.I3.4a.bin File Description: Cisco Nexus 9000 Standalone Switch File Release Date: 18-MAY-2015 Software Updates for Nexus 9000 Series Switches Product Name: Nexus 9504 Switch Software Type: NX-OS System Software Release Version: 7.0(3)I1(2) Alert Type: New File File Name: n9000-dk9.7.0.3.I1.2.bin File Description: Cisco Nexus 9000 Standalone Switch File Release Date: 17-MAY-2015 Find additional information in Software Downloads index. Software Updates for Nexus 9000 Series Switches Product Name: Nexus 9504 Switch Software Type: NX-OS System Software-ACI Release Version: 11.0(4g) Alert Type: Obsolete File File Name: aci-n9000-dk9.11.0.4g.bin File Description: Cisco Nexus 9000 Series ACI Mode Switch Software Release 11.0(4g) Obsolete Date: 05-MAY-2015 Software Updates for Nexus 9000 Series Switches Product Name: Nexus 9504 Switch Software Type: NX-OS System Software-ACI Release Version: 11.0(4h) Alert Type: Software Advisory File Name: aci-apic-dk9.1.0.4h.iso File Description: APIC Release image for 1.0(4h) release Software Advisory Date: 22-MAY-2015 Find additional information in Software Downloads index. Software Updates for Nexus 9000 Series Switches Product Name: Nexus 9396PX Switch Software Type: NX-OS EPLD Updates Release Version: 7.0(3)I1(2) Alert Type: New File File Name: n9000-epld.7.0.3.I1.2.img File Description: Nexus 9000 Standalone switch EPLD Image for 7.0(3)I1(2) File Release Date: 17-MAY-2015 Software Updates for Nexus 9000 Series Switches Product Name: Nexus 9396PX Switch Software Type: NX-OS EPLD Updates Release Version: 6.1(2)I3(4a) Alert Type: New File File Name: n9000-epld.6.1.2.I3.4a.img File Description: Nexus 9000 Standalone switch EPLD Image for 6.1(2)I3(4a) File Release Date: 18-MAY-2015 Find additional information in Software Downloads index. Software Updates for Nexus 9000 Series Switches Product Name: Nexus 9372TX Switch Software Type: NX-OS EPLD Updates Release Version: 7.0(3)I1(2) Alert Type: New File File Name: n9000-epld.7.0.3.I1.2.img File Description: Nexus 9000 Standalone switch EPLD Image for 7.0(3)I1(2) File Release Date: 17-MAY-2015 Software Updates for Nexus 9000 Series Switches Product Name: Nexus 9372TX Switch Software Type: NX-OS EPLD Updates Release Version: 6.1(2)I3(4a) Alert Type: New File File Name: n9000-epld.6.1.2.I3.4a.img File Description: Nexus 9000 Standalone switch EPLD Image for 6.1(2)I3(4a) File Release Date: 18-MAY-2015 Find additional information in Software Downloads index. Software Updates for Nexus 9000 Series Switches Product Name: Nexus 93120TX Switch Software Type: NX-OS EPLD Updates Release Version: 7.0(3)I1(2) Alert Type: New File File Name: n9000-epld.7.0.3.I1.2.img File Description: Nexus 9000 Standalone switch EPLD Image for 7.0(3)I1(2) File Release Date: 20-MAY-2015 Find additional information in Software Downloads index. Software Updates for Nexus 9000 Series Switches Product Name: Nexus 9332PQ Switch Software Type: NX-OS System Software Release Version: 6.1(2)I3(4a) Alert Type: New File File Name: n9000-dk9.6.1.2.I3.4a.bin File Description: Cisco Nexus 9000 Standalone Switch File Release Date: 18-MAY-2015 Software Updates for Nexus 9000 Series Switches Product Name: Nexus 9332PQ Switch Software Type: NX-OS System Software Release Version: 7.0(3)I1(2) Alert Type: New File File Name: n9000-dk9.7.0.3.I1.2.bin File Description: Cisco Nexus 9000 Standalone Switch File Release Date: 17-MAY-2015 Find additional information in Software Downloads index. Software Updates for Nexus 9000 Series Switches Product Name: Nexus 9504 Switch Software Type: NX-OS EPLD Updates Release Version: 6.1(2)I3(4a) Alert Type: New File File Name: n9000-epld.6.1.2.I3.4a.img File Description: Nexus 9000 Standalone switch EPLD Image for 6.1(2)I3(4a) File Release Date: 18-MAY-2015 Software Updates for Nexus 9000 Series Switches Product Name: Nexus 9504 Switch Software Type: NX-OS EPLD Updates Release Version: 7.0(3)I1(2) Alert Type: New File File Name: n9000-epld.7.0.3.I1.2.img File Description: Nexus 9000 Standalone switch EPLD Image for 7.0(3)I1(2) File Release Date: 17-MAY-2015 Find additional information in Software Downloads index. Software Updates for Nexus 9000 Series Switches Product Name: Nexus 9508 Switch Software Type: NX-OS EPLD Updates Release Version: 6.1(2)I3(4a) Alert Type: New File File Name: n9000-epld.6.1.2.I3.4a.img File Description: Nexus 9000 Standalone switch EPLD Image for 6.1(2)I3(4a) File Release Date: 18-MAY-2015 Software Updates for Nexus 9000 Series Switches Product Name: Nexus 9508 Switch Software Type: NX-OS EPLD Updates Release Version: 7.0(3)I1(2) Alert Type: New File File Name: n9000-epld.7.0.3.I1.2.img File Description: Nexus 9000 Standalone switch EPLD Image for 7.0(3)I1(2) File Release Date: 17-MAY-2015 Find additional information in Software Downloads index. Software Updates for Nexus 9000 Series Switches Product Name: Nexus 9372TX Switch Software Type: NX-OS Software Maintenance Upgrades (SMU) Release Version: 7.0(3)I1(1a) Alert Type: New File File Name: n9000-dk9.7.0.3.I1.1a.CSCut95590.bin File Description: Route-map Match Logic File Release Date: 01-MAY-2015 Find additional information in Software Downloads index. Software Updates for Nexus 9000 Series Switches Product Name: Nexus 9372TX Switch Software Type: NX-OS System Software Release Version: 7.0(3)I1(2) Alert Type: New File File Name: n9000-dk9.7.0.3.I1.2.bin File Description: Cisco Nexus 9000 Standalone Switch File Release Date: 17-MAY-2015 Software Updates for Nexus 9000 Series Switches Product Name: Nexus 9372TX Switch Software Type: NX-OS System Software Release Version: 6.1(2)I3(4a) Alert Type: New File File Name: n9000-dk9.6.1.2.I3.4a.bin File Description: Cisco Nexus 9000 Standalone Switch File Release Date: 18-MAY-2015 Find additional information in Software Downloads index. Software Updates for Nexus 9000 Series Switches Product Name: Nexus 93120TX Switch Software Type: NX-OS System Software Release Version: 7.0(3)I1(2) Alert Type: New File File Name: n9000-dk9.7.0.3.I1.2.bin File Description: Cisco Nexus 9000 Standalone Switch File Release Date: 20-MAY-2015 Find additional information in Software Downloads index. Software Updates for Nexus 9000 Series Switches Product Name: Nexus 9372PX Switch Software Type: NX-OS System Software-ACI Release Version: 11.0(4h) Alert Type: Software Advisory File Name: aci-apic-dk9.1.0.4h.iso File Description: APIC Release image for 1.0(4h) release Software Advisory Date: 22-MAY-2015 Software Updates for Nexus 9000 Series Switches Product Name: Nexus 9372PX Switch Software Type: NX-OS System Software-ACI Release Version: 11.0(4g) Alert Type: Obsolete File File Name: aci-n9000-dk9.11.0.4g.bin File Description: Cisco Nexus 9000 Series ACI Mode Switch Software Release 11.0(4g) Obsolete Date: 05-MAY-2015 Find additional information in Software Downloads index. Software Updates for Nexus 9000 Series Switches Product Name: Nexus 93128TX Switch Software Type: NX-OS Software Maintenance Upgrades (SMU) Release Version: 7.0(3)I1(1a) Alert Type: New File File Name: n9000-dk9.7.0.3.I1.1a.CSCut95590.bin File Description: Route-map Match Logic File Release Date: 01-MAY-2015 Find additional information in Software Downloads index. Software Updates for Nexus 9000 Series Switches Product Name: Nexus 93128TX Switch Software Type: NX-OS System Software-ACI Release Version: 11.0(4g) Alert Type: Obsolete File File Name: aci-n9000-dk9.11.0.4g.bin File Description: Cisco Nexus 9000 Series ACI Mode Switch Software Release 11.0(4g) Obsolete Date: 05-MAY-2015 Software Updates for Nexus 9000 Series Switches Product Name: Nexus 93128TX Switch Software Type: NX-OS System Software-ACI Release Version: 11.0(4h) Alert Type: Software Advisory File Name: aci-apic-dk9.1.0.4h.iso File Description: APIC Release image for 1.0(4h) release Software Advisory Date: 22-MAY-2015 Find additional information in Software Downloads index. Software Updates for Nexus 9000 Series Switches Product Name: Nexus 9508 Switch Software Type: NX-OS System Software-ACI Release Version: 11.0(4h) Alert Type: Software Advisory File Name: aci-apic-dk9.1.0.4h.iso File Description: APIC Release image for 1.0(4h) release Software Advisory Date: 22-MAY-2015 Software Updates for Nexus 9000 Series Switches Product Name: Nexus 9508 Switch Software Type: NX-OS System Software-ACI Release Version: 11.0(4g) Alert Type: Obsolete File File Name: aci-n9000-dk9.11.0.4g.bin File Description: Cisco Nexus 9000 Series ACI Mode Switch Software Release 11.0(4g) Obsolete Date: 05-MAY-2015 Find additional information in Software Downloads index. Software Updates for Nexus 9000 Series Switches Product Name: Nexus 9396PX Switch Software Type: NX-OS System Software-ACI Release Version: 11.0(4h) Alert Type: Software Advisory File Name: aci-apic-dk9.1.0.4h.iso File Description: APIC Release image for 1.0(4h) release Software Advisory Date: 22-MAY-2015 Software Updates for Nexus 9000 Series Switches Product Name: Nexus 9396PX Switch Software Type: NX-OS System Software-ACI Release Version: 11.0(4g) Alert Type: Obsolete File File Name: aci-n9000-dk9.11.0.4g.bin File Description: Cisco Nexus 9000 Series ACI Mode Switch Software Release 11.0(4g) Obsolete Date: 05-MAY-2015 Find additional information in Software Downloads index. Software Updates for Nexus 9000 Series Switches Product Name: Nexus 9372TX Switch Software Type: NX-OS System Software-ACI Release Version: 11.0(4g) Alert Type: Obsolete File File Name: aci-n9000-dk9.11.0.4g.bin File Description: Cisco Nexus 9000 Series ACI Mode Switch Software Release 11.0(4g) Obsolete Date: 05-MAY-2015 Software Updates for Nexus 9000 Series Switches Product Name: Nexus 9372TX Switch Software Type: NX-OS System Software-ACI Release Version: 11.0(4h) Alert Type: Software Advisory File Name: aci-apic-dk9.1.0.4h.iso File Description: APIC Release image for 1.0(4h) release Software Advisory Date: 22-MAY-2015 Find additional information in Software Downloads index. Software Updates for Nexus 9000 Series Switches Product Name: Nexus 9332PQ Switch Software Type: NX-OS Software Maintenance Upgrades (SMU) Release Version: 7.0(3)I1(1a) Alert Type: New File File Name: n9000-dk9.7.0.3.I1.1a.CSCut95590.bin File Description: Route-map Match Logic File Release Date: 01-MAY-2015 Find additional information in Software Downloads index. Software Updates for Nexus 9000 Series Switches Product Name: Nexus 9332PQ Switch Software Type: NX-OS EPLD Updates Release Version: 6.1(2)I3(4a) Alert Type: New File File Name: n9000-epld.6.1.2.I3.4a.img File Description: Nexus 9000 Standalone switch EPLD Image for 6.1(2)I3(4a) File Release Date: 18-MAY-2015 Software Updates for Nexus 9000 Series Switches Product Name: Nexus 9332PQ Switch Software Type: NX-OS EPLD Updates Release Version: 7.0(3)I1(2) Alert Type: New File File Name: n9000-epld.7.0.3.I1.2.img File Description: Nexus 9000 Standalone switch EPLD Image for 7.0(3)I1(2) File Release Date: 17-MAY-2015 Find additional information in Software Downloads index. Software Updates for Nexus 9000 Series Switches Product Name: Nexus 9396TX Switch Software Type: NX-OS Software Maintenance Upgrades (SMU) Release Version: 7.0(3)I1(1a) Alert Type: New File File Name: n9000-dk9.7.0.3.I1.1a.CSCut95590.bin File Description: Route-map Match Logic File Release Date: 01-MAY-2015 Find additional information in Software Downloads index. Software Updates for Nexus 9000 Series Switches Product Name: Nexus 9396TX Switch Software Type: NX-OS System Software Release Version: 7.0(3)I1(2) Alert Type: New File File Name: n9000-dk9.7.0.3.I1.2.bin File Description: Cisco Nexus 9000 Standalone Switch File Release Date: 17-MAY-2015 Software Updates for Nexus 9000 Series Switches Product Name: Nexus 9396TX Switch Software Type: NX-OS System Software Release Version: 6.1(2)I3(4a) Alert Type: New File File Name: n9000-dk9.6.1.2.I3.4a.bin File Description: Cisco Nexus 9000 Standalone Switch File Release Date: 18-MAY-2015 Find additional information in Software Downloads index. Software Updates for Nexus 9000 Series Switches Product Name: Nexus 9396TX Switch Software Type: NX-OS System Software-ACI Release Version: 11.0(4h) Alert Type: Software Advisory File Name: aci-apic-dk9.1.0.4h.iso File Description: APIC Release image for 1.0(4h) release Software Advisory Date: 22-MAY-2015 Software Updates for Nexus 9000 Series Switches Product Name: Nexus 9396TX Switch Software Type: NX-OS System Software-ACI Release Version: 11.0(4g) Alert Type: Obsolete File File Name: aci-n9000-dk9.11.0.4g.bin File Description: Cisco Nexus 9000 Series ACI Mode Switch Software Release 11.0(4g) Obsolete Date: 05-MAY-2015 Find additional information in Software Downloads index. Software Updates for Nexus 9000 Series Switches Product Name: Nexus 9516 Switch Software Type: NX-OS System Software Release Version: 6.1(2)I3(4a) Alert Type: New File File Name: n9000-dk9.6.1.2.I3.4a.bin File Description: Cisco Nexus 9000 Standalone Switch File Release Date: 18-MAY-2015 Software Updates for Nexus 9000 Series Switches Product Name: Nexus 9516 Switch Software Type: NX-OS System Software Release Version: 7.0(3)I1(2) Alert Type: New File File Name: n9000-dk9.7.0.3.I1.2.bin File Description: Cisco Nexus 9000 Standalone Switch File Release Date: 17-MAY-2015 Find additional information in Software Downloads index. Software Updates for Nexus 9000 Series Switches Product Name: Nexus 9336PQ ACI Spine Switch Software Type: NX-OS System Software-ACI Release Version: 11.0(4h) Alert Type: Software Advisory File Name: aci-apic-dk9.1.0.4h.iso File Description: APIC Release image for 1.0(4h) release Software Advisory Date: 22-MAY-2015 Software Updates for Nexus 9000 Series Switches Product Name: Nexus 9336PQ ACI Spine Switch Software Type: NX-OS System Software-ACI Release Version: 11.0(4g) Alert Type: Obsolete File File Name: aci-n9000-dk9.11.0.4g.bin File Description: Cisco Nexus 9000 Series ACI Mode Switch Software Release 11.0(4g) Obsolete Date: 05-MAY-2015 Find additional information in Software Downloads index. Software Updates for Nexus 9000 Series Switches Product Name: Nexus 9508 Switch Software Type: NX-OS System Software Release Version: 6.1(2)I3(4a) Alert Type: New File File Name: n9000-dk9.6.1.2.I3.4a.bin File Description: Cisco Nexus 9000 Standalone Switch File Release Date: 18-MAY-2015 Software Updates for Nexus 9000 Series Switches Product Name: Nexus 9508 Switch Software Type: NX-OS System Software Release Version: 7.0(3)I1(2) Alert Type: New File File Name: n9000-dk9.7.0.3.I1.2.bin File Description: Cisco Nexus 9000 Standalone Switch File Release Date: 17-MAY-2015 Find additional information in Software Downloads index. Software Updates for Nexus 9000 Series Switches Product Name: Nexus 9372PX Switch Software Type: NX-OS EPLD Updates Release Version: 6.1(2)I3(4a) Alert Type: New File File Name: n9000-epld.6.1.2.I3.4a.img File Description: Nexus 9000 Standalone switch EPLD Image for 6.1(2)I3(4a) File Release Date: 18-MAY-2015 Software Updates for Nexus 9000 Series Switches Product Name: Nexus 9372PX Switch Software Type: NX-OS EPLD Updates Release Version: 7.0(3)I1(2) Alert Type: New File File Name: n9000-epld.7.0.3.I1.2.img File Description: Nexus 9000 Standalone switch EPLD Image for 7.0(3)I1(2) File Release Date: 17-MAY-2015 Find additional information in Software Downloads index. Software Updates for Nexus 9000 Series Switches Product Name: Nexus 93128TX Switch Software Type: NX-OS EPLD Updates Release Version: 6.1(2)I3(4a) Alert Type: New File File Name: n9000-epld.6.1.2.I3.4a.img File Description: Nexus 9000 Standalone switch EPLD Image for 6.1(2)I3(4a) File Release Date: 18-MAY-2015 Software Updates for Nexus 9000 Series Switches Product Name: Nexus 93128TX Switch Software Type: NX-OS EPLD Updates Release Version: 7.0(3)I1(2) Alert Type: New File File Name: n9000-epld.7.0.3.I1.2.img File Description: Nexus 9000 Standalone switch EPLD Image for 7.0(3)I1(2) File Release Date: 17-MAY-2015 Find additional information in Software Downloads index. Known Bugs - Nexus 9000 Series Switches Bug Id: CSCut99603 Title: variable TTL echo reply when pinging OOB of spine and leaf switches Description: Symptom: When pinging the OOB ip address of the switch nodes in the fabric (leaf or spine) the TTL value keep changing with values between 250 and 1. Conditions: Nexus 9K in ACI mode running system version 11.0(3k) Workaround: Not available Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 02-MAY-2015 Known Affected Releases: 11.0(3f), 11.0(3k) Known Fixed Releases: 11.0(3.931), 11.1(0.207) Bug Id: CSCuq52214 Title: continuous core in bgp duing bootup Description: Symptom: continuous core in bgp on bootup Conditions: Scaled iBGP spine-to-fabric layer environment (128 iBGP neighborships to 32 fabric switches, which neighborships to each fabric switch striped across 4 line cards) Workaround: None Further Problem Description: Status: Fixed Severity: 1 Catastrophic Last Modified: 02-MAY-2015 Known Affected Releases: 6.1(2)I2(2b) Known Fixed Releases: 6.0(2)A5(0.944), 6.0(2)A5(1), 6.0(2)U5(0.944), 6.0(2)U5(1), 6.1(2)I1(3.170), 6.1(2)I1(4), 6.1(2)I2(2c), 6.1(2)I3(0.167), 6.1(2)I3(1) Bug Id: CSCut70441 Title: AVS-SCALE: assert in the object store infra leads to vleaf elem core Description: Symptom: The VTEP tunnel is not present on the leaf. Conditions: AVS host reconnect. Workaround: vem restart on the AVS host. Further Problem Description: On an AVS host reconnect, the heartbeat counter for that device in opflexODev on the leaf gets reset to 0 without the expect heartbeat counter getting reset. This is causing the heartbeat check to mistakenly think that it was missing heartbeats. Status: Fixed Severity: 1 Catastrophic Last Modified: 02-MAY-2015 Known Affected Releases: 1.1(0.784) Known Fixed Releases: 1.0(4d), 1.1(0.797b), 1.1(0.799), 1.1(0.801a), 1.1(0.801c), 1.1(0.805) Bug Id: CSCuu05227 Title: vxlan tunnels removed when ports are removed/added into pc config Description: Symptom: VXLAN tunnels are removed when ports are removed/added into the PC configuration. Conditions: Workaround: vem restart Further Problem Description: Status: Fixed Severity: 1 Catastrophic Last Modified: 02-MAY-2015 Known Affected Releases: 1.0(3.46a) Known Fixed Releases: 1.0(3.54a), 1.0(3.56), 1.1(0.846) Bug Id: CSCut62151 Title: After delete, re-add config subnets are not leaked into Cons VRF Description: Symptom: The consumer endpoint group in one private network (fvCtx) is not able to communicate with service node in another private network (fvCtx) after deleting and re-adding the service graph from the contract. Conditions: The communication of the consumer endpoint group and the service node across the private networks requires route leaking the service node subnet to the consumer VRF. When deleting then re-adding the graph to the contract, the route leaking does not occur, which causes communication failure. Workaround: On the Bridge Domain (fv::BD class) attached with the graph, flap the "unicastRoute" property. Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 02-MAY-2015 Known Affected Releases: 1.1(0.766k) Known Fixed Releases: 1.1(0.766n), 1.1(0.784) Bug Id: CSCus69032 Title: External image download stuck on IFC due to leader change Description: If there is a Cluster leadership change due to fabric connectivity changes or other reason this could affect the download action. The leadership/re-election changes needs to be handled gracefully. Symptom: The image download gets stuck and does not complete. Conditions: Clustering changes (any link flaps or node flaps that could affect cluster or trigger a leadership change) Workaround: Manually retrigger the Firmware download, by deleting the old Firmware Download policy and creating a new firmware download policy of same name or by just creating a new firmware download policy of different name Further Problem Description: During the Image download if there is some fabric churn and APIC leader re-election happened, it will result in the download action(download,validate and create firmware objects) not resulting to completion. This needs to be handled without interruption gracefully(re-spawn on new leader). Status: Fixed Severity: 2 Severe Last Modified: 03-MAY-2015 Known Affected Releases: 1.1(0.622a) Known Fixed Releases: 1.0(3.52), 1.1(0.662a), 1.1(0.667), 1.1(0.839a), 1.1(0.843a), 1.1(0.846), 1.2(0.1) Bug Id: CSCur88014 Title: PL->VL move BCM entry for EP didnt get deleted Description: Symptom: When moving the MAC address from the Broadcom to an AVS tunnel, the MAC address is not cleared on the Broadcom Conditions: 11.0(2j) Workaround: none Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 04-MAY-2015 Known Affected Releases: 11.0(2h) Known Fixed Releases: 11.0(2.893) Bug Id: CSCus81230 Title: epmc_delete_ep epmc core after deleting multiple tenants Description: Symptom: epmc process may core on a tor switch on delete and add of tenants and hence Bridge Domains. Conditions: Deleting/adding multiple tenants simultaneously. Workaround: Switch reload is needed to recover the device. Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 05-MAY-2015 Known Affected Releases: 11.1(0.145) Known Fixed Releases: 11.0(2.919), 11.0(3.924), 11.0(3g), 11.1(0.148), 11.1(0.153) Bug Id: CSCut84711 Title: VxLAN functions don't happen when LACP port-channel members in I State Description: Symptom: VxLAN functionality stops when port-channel members go into an "I" state. Conditions: N9K access port in an I state. Workaround: . Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 05-MAY-2015 Known Affected Releases: 6.1(2)I3(1), 6.1(2)I3(4), 7.0(3)I1(1b) Known Fixed Releases: 7.0(3)I1(1.205), 7.0(3)I1(2) Bug Id: CSCut07151 Title: VxLAN EVPN DHCP Offer not sent to client Description: Symptom: DHCP fails when client and server are on VXLAN VRF Conditions: Client is connected to a leaf switch and the DHCP server is connected to another switch (VTEP) in the topology. Issue is not seen when client and server is on the same switch. Workaround: none Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 05-MAY-2015 Known Affected Releases: 7.0(3)I1(0.269), 7.0(3)I1(1) Known Fixed Releases: 7.0(3)I1(1a) Bug Id: CSCut80792 Title: APIC using obsolete security crypto for message authentication (SHA-1) Description: Symptom: WebServer uses ciphers which use SHA1. Web browsers (like chrome) report a warning indicating that SHA1 is obsolete and that a stronger hashing algorithm should be used. (as shown in the attached enclosure) Conditions: The warning can be seen when logging into APIC and inspecting the browser lock icon. Workaround: None. This is fixed in 1.1(1) image. Further Problem Description: SHA/1 is vulnerable and is deprecated and considered obsolete. Status: Fixed Severity: 2 Severe Last Modified: 05-MAY-2015 Known Affected Releases: 1.1(0.797) Known Fixed Releases: 1.1(0.825a), 1.1(0.827) Bug Id: CSCuu15700 Title: N9k: Service "bcm_usd" crash on VTEP switch. Description: Symptom: syslog: N9396-9(config-router)# 2015 Apr 30 16:45:21.257885 N9396-9 16:45:20 %KERN-2-SYSTEM_MSG: [884800.420979] usd process 6518, uuid 779 (0x30b) failed to send heartbeat - kernel 2015 Apr 30 16:45:20.661816 N9396-9 %SYSMGR-SLOT1-2-SERVICE_CRASHED: Service "bcm_usd" (PID 6518) hasn't caught signal 6 (core will be saved). 2015 Apr 30 16:45:20.686840 N9396-9 %SYSMGR-SLOT1-2-LAST_CORE_BASIC_TRACE: fsm_action_become_offline: PID 4955 with message Could not turn off console logging on vdc 1 error: mts req-response with syslogd in vdc 1 failed (0xFFFFFFFF) . 2015 Apr 30 16:45:25.117614 N9396-9 %SYSMGR-SLOT1-2-LAST_CORE_BASIC_TRACE: core_client_main: PID 14481 with message filename = 0x102_bcm_usd_log.6518.tar.gz . 2015 Apr 30 16:45:25.228198 N9396-9 %MODULE-2-MOD_DIAG_FAIL: Module 1 (Serial number: SAL1814PTGX) reported failure due to Service on linecard had a hap-reset in device DEV_SYSMGR (device error 0x30b) 2015 Apr 30 16:45:25.302341 N9396-9 16:45:25 %KERN-0-SYSTEM_MSG: [884805.183683] [1430426725] writing reset reason 4, System manager - kernel Conditions: Reload of Router leaf nodes on other Data Center. Workaround: none Further Problem Description: Status: Fixed Severity: 1 Catastrophic Last Modified: 06-MAY-2015 Known Affected Releases: 7.0(3)I1(1a) Known Fixed Releases: Bug Id: CSCut08582 Title: N9000 snmp crash with snmpbulkget and role configuration Description: Symptom: Snmpd crashed when user issue snmpgetbulk request with multiple oid. Problem exists in 6.1.2.I1.1. Fix had been integrated into 7.03.I1.2. Conditions: 1. The role only has deny oid rule. 2. The role has deny oid rule and permit oid rule but both are not overlap. Workaround: snmpgetbulk with single oid. Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 07-MAY-2015 Known Affected Releases: 6.1(2)I3(3a) Known Fixed Releases: 7.0(3)I1(1.213), 7.0(3)I1(2), 7.0(3)ISH1(2), 7.0(3)ISH1(2.13) Bug Id: CSCut91831 Title: FIB Not Updated on Altering Bridge Domain Subnet Sharing Status or SVI Description: Symptom:An administrator finds that routing does not occur as intended after making modifications to a Bridge Domain's subnets. Conditions:A Bridge Domain subnet's sharing status or configured subnet address (SVI) is altered. Show commands to display the routing table appear to hold the correct routes to subnets but traffic is not properly routed. Verification can be made by performing traffic captures on the egress interface of the affected leaf switch and observing that desired traffic is not properly exiting that interface. Workaround:Perform reload on affected hardware. setup-clean-config.sh setup-bootvars.sh reload More Info: Status: Fixed Severity: 2 Severe Last Modified: 09-MAY-2015 Known Affected Releases: 11.0(2m), 11.0(3.922) Known Fixed Releases: 11.0(3.923), 11.1(0.198), 11.1(0.199) Bug Id: CSCut98894 Title: Nexus 9396PX in ACI mode has performance issue Description: Symptom: Running version 11.0(3n) on the Nexus 9396PX leaf switches and the Nexus 9336PQ Spine switches, we do not pass KPI numbers to the netapp storage. We have 2 VPC's from the 9396PX Leaf switches to the netapp NFS storage each having 4 10GB links to each controller. With this same configuration on the same hardware in NX-OS standalone mode, we pass the throughput numbers. Conditions: Issue is seen in ACI mode only. Standalone passes the necessary KPI numbers. Also, we are seeing better KPI results when configuring the environment in a single EPG rather than multiple EPG's for the testing. Workaround: No workarounds found so far Further Problem Description: Status: Terminated Severity: 2 Severe Last Modified: 10-MAY-2015 Known Affected Releases: 7.3(0)ZN(0.3) Known Fixed Releases: Bug Id: CSCur63227 Title: Traffic drop for BGP RNH routes during switchover Description: Symptom: Temporary traffic loss during switchover Conditions: When BGP prefixes have the Nexthop learnt over BGP itself and in the presence of a default route in the system then during switchover BGP prefixes can have some temporary traffic drop. This will get fixed up after BGP convergence is done post switchover. Workaround: None Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 11-MAY-2015 Known Affected Releases: 6.1(2)I3(1.53) Known Fixed Releases: 7.0(3)I1(0.185), 7.0(3)I1(0.190), 7.0(3)I1(0.225), 7.0(3)I1(1), 7.0(3)I1(1.20), 7.0(3)I1(1.214), 7.0(3)I1(1.216), 7.0(3)I1(2), 7.0(3)ISH1(2), 7.0(3)ISH1(2.13) Bug Id: CSCuu09561 Title: interface-vlan crash while configuring no mtu under SVI Description: Symptom: The interface-vlan will crash and a core will be generated while configuring "no mtu" under a SVI. Conditions: Configuring "no mtu" under a SVI. Workaround: If MTU needs to be changed use the 'mtu ' cli instead, of doing 'no mtu'. To go to default MTU, use 'mtu 1500' instead of 'no mtu.' Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 11-MAY-2015 Known Affected Releases: 6.1(2)I3(4), 7.0(3)I2(0.275) Known Fixed Releases: 6.1(2)I3(4a), 7.0(3)I1(1.225), 7.0(3)I1(2), 7.0(3)ISH1(2), 7.0(3)ISH1(2.13) Bug Id: CSCut68375 Title: STP BLK and forward change when one of VPC peer is down Description: Symptom: When using a Nexus 9508 and vPC peer-links created on different modules, the STP status of the vPCs change to BLK and then FWD when one of the modules is shut down. - Nexus 9508 N9K-1 ======= N9K-2 | | ----vpc---------- N9372 VPC peer-link : 1/35,1/36,2/35,2/36 on both N9Ks With the above topology, if the customer shutdown module 2 in N9508#1, N9508#2's Po212 STP status is changed BLK and then remained as BLK. > > Po212 Desg BLK 1 128.4307 (vPC) P2p To recover this, partner tried to do following thing on N9508#1. > > - no spanning-tree vlan 16 > > - spanning-tree vlan 16 Additionally, after recovering this issue, partner tried to do shutdown the slot2 in N9508#1 several times.. then the #2 chassis port-channel STP status was changed BLK and then FWD by itself in short. Conditions: - Version : n9000-dk9.7.0.3.I1.1.bin - Hardware : cisco Nexus9000 C9508 - Nexus 9508 N9K-1 ======= N9K-2 | | ----vpc---------- N9372 VPC peer-link : 1/35,1/36,2/35,2/36 on both N9Ks Workaround: None Further Problem Description: N/A Status: Fixed Severity: 2 Severe Last Modified: 12-MAY-2015 Known Affected Releases: 6.1(2)I3(2), 6.1(2)I3(4), 7.0(3)I1(1) Known Fixed Releases: 6.1(2)I3(4.3), 6.1(2)I3(4a), 6.1(2)I3(5), 7.0(3)I1(1b) Bug Id: CSCut75751 Title: VPC convergence Vxlan delay in traffic restore after peer-link shut down Description: Symptom: When secondary vPC switch's MAC address is used as Vxlan MAC address, the traffic restore took very long upon peer-links failure. We saw the remote VTEP took very long (more than 120s) to update its MAC address for the new vPC MAC address. Conditions: None Workaround: Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 13-MAY-2015 Known Affected Releases: 7.0(3)I1(1a), 7.0(3)I1(1b) Known Fixed Releases: 7.0(3)I1(1.209), 7.0(3)I1(2), 7.0(3)ISH1(2), 7.0(3)ISH1(2.13) Bug Id: CSCut85959 Title: Shared-svc-Inter-vrf traffic getting dropped due of wrong Xr learning Description: Symptom: Inter-vrf traffic within a tenant can be dropped in a scenario where endpoints from a destination VRF get learned in a source VRF on an ingress leaf. Conditions: This is a timing related issue and can happen on following triggers- vpc leaf reload vpc leaf clean boot shared service contract delete/add Shared service tenant add/delete Policy upgrade Workaround: - Delete shared services prefix and re-add it - Let the remote endpoint age out Further Problem Description: Status: Terminated Severity: 2 Severe Last Modified: 14-MAY-2015 Known Affected Releases: 11.0(3.921) Known Fixed Releases: Bug Id: CSCur53478 Title: AAA requests from switch takes OOB even though inband is specified Description: Symptom: AAA requests from switch takes OOB even though inband is specified Conditions: Workaround: Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 14-MAY-2015 Known Affected Releases: 11.0(1.884) Known Fixed Releases: 1.0(2.155), 1.0(2.68a), 1.0(2.74), 1.0(3f), 1.1(0.518), 1.1(0.649a), 1.1(0.655a), 1.1(0.660a), 1.1(0.662a), 1.1(0.667) Bug Id: CSCus61617 Title: Kernel panic - not syncing: Unexpected SERR Description: Symptom: N9K Switch experienced a kernel panic crash saying "SERR" Conditions: This issue was first observed on 6.1(2)I3. Workaround: Replace hardware. Further Problem Description: The SERR was due to bad DIMMs or DIMMs not being properly placed on the board. The code to handle SERR now properly displays this error message giving out the details of the location on DIMM which has the problem. Status: Fixed Severity: 2 Severe Last Modified: 15-MAY-2015 Known Affected Releases: 6.1(2)I3(2) Known Fixed Releases: 6.1(2)I3(3.73), 6.1(2)I3(3.81), 6.1(2)I3(4), 7.0(3)I1(1.100), 7.0(3)I1(2) Bug Id: CSCuu37466 Title: [BBC Fex]: RX packet drops in eth0 in the FEX Description: Symptom: Conditions: Workaround: Further Problem Description: From Satish: To debug issue, I have made changes in satmgr to keep the FEX from timing out. This is what I see: 1) fex# ifconfig eth0 eth0 Link encap:Ethernet HWaddr BC:16:F5:AB:75:40 UP BROADCAST RUNNING PROMISC MULTICAST MTU:2200 Metric:1 RX packets:256215 errors:0 dropped:33692 overruns:0 frame:0 TX packets:849138 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:75416608 (71.9 MiB) TX bytes:842237034 (803.2 MiB) Base address:0x2000 fex# ifconfig inb0 inb0 Link encap:Ethernet HWaddr BC:16:F5:AB:75:40 inet addr:127.1.1.119 Bcast:127.1.1.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1408 Metric:1 RX packets:256231 errors:0 dropped:0 overruns:0 frame:0 TX packets:849209 errors:0 dropped:2316 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:68245452 (65.0 MiB) TX bytes:842307910 (803.2 MiB) 2) The drops keep incrementing in eth0, but not in inb0. 3) There are no incrementing drops in the ASIC as far as I can see: tib> show new_ints all |---------------------------------------------------------------------------------------| | ASIC_ID: 0 | |---------------------------------------------------------------------------------------| tib> loss +-------+-------------------------------------+------------+-+-----------------------------------+---------------------------------------+ | | | | | | | | | | | | | frm_to | | | |Port Extra | | +---------------------------------------| | | RMON | Drop |S| SS Loss Counters | COS | XOFF | | +------------+-----------+------------+------------|S|-----------+-----------+-----------+---------------------------------------| | Port | Tx Pause | Rx Pause | Errors | Counters |x| RX SS | Tx SS | SS Total |0 |1 |2 |3 |4 |5 |6 |7 |0 |1 | +-------+------------+-----------+------------+------------+-+-----------+-----------+-----------+---+---+---+---+---+---+---+---+---+---+ tib> rate +--------++------------+-----------+------------++------------+-----------+------------+-------+-------+---+ | Port || Tx Packets | Tx Rate | Tx Bit || Rx Packets | Rx Rate | Rx Bit |Avg Pkt|Avg Pkt| | | || | (pkts/s) | Rate || | (pkts/s) | Rate | (Tx) | (Rx) |Err| +--------++------------+-----------+------------++------------+-----------+------------+-------+-------+---+ | 0-CI || 8 | 1 | 2.83Kbps || 43 | 8 | 72.25Kbps | 203 | 1036 | | | 0-NI20 || 43 | 8 | 72.28Kbps | Status: Open Severity: 2 Severe Last Modified: 16-MAY-2015 Known Affected Releases: 11.1(0.208) Known Fixed Releases: Bug Id: CSCus50713 Title: UCSC-PSU-930WDC PSU is not detected in N9K-9396PQ spine Description: Symptom: When UCSC-PSU-930WDC PSU is inserted in N9K-9396PQ, the switch could be shutdown automatically with the console logs below. ifav23-spine2# [ 164.963283] nvram_klm wrote rr=104 rr_str=eqpt PSU type incompatibility detected to nvram [ 164.971931] obfl_klm writing reset reason 104, eqpt PSU type incompatibility detected [ 164.987002] Collected 8 ext4 filesystems [ 164.991006] Freezing filesystems [ 165.118513] Collected 1 ubi filesystems [ 165.122431] Freezing filesystems [ 165.125826] Done freezing filesystems [ 165.129648] Putting SSD in stdby [ 165.636764] Done putting SSD in stdby 0 [ 165.640683] Done offlining SSD Conditions: N9K-9396PQ with UCSC-PSU-930WDC Workaround: 1.Use N9K-PAC-1200W if there is one nearby 2.Break during the boot process, and upgrade to 11.0(3i) Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 18-MAY-2015 Known Affected Releases: 11.0(2.905) Known Fixed Releases: 11.0(2.906), 11.1(0.139) Bug Id: CSCus26627 Title: Scale: Slow policymgr causing remote user logins vis ssh to fail Description: Symptom: On large scale setups, some login requests are taking more than 30 seconds. Conditions: This can happen when the system is busy deploying policies to the leaves. Workaround: None. Retry login Further Problem Description: When a remote user logs in, it results in policy push of a few objects to all the leafs and spines. The MIT from which the objects to be pushed are selected, is very very large due to the scale. We go over this huge tree for each destination where the config needs to be pushed. As this search is very expensive, the transaction takes more than 30s and this results in slow responsiveness. The fix is to reuse the config across destinations. Status: Fixed Severity: 2 Severe Last Modified: 19-MAY-2015 Known Affected Releases: 1.0(2m), 1.1(0.747a) Known Fixed Releases: 1.1(0.594), 1.1(0.619a), 1.1(0.768b), 1.1(0.779a), 1.1(0.784) Bug Id: CSCuu14962 Title: [Internal-loop][arp uni][unk mac]: Arp with unicast dst mac to know ip Description: Symptom: With configuration of ARP optimized flooding on ACI and ARP optimized refresh on servers we can run into bandwidth starvation on a Node in a scenario where IP changes its MAC binding and server is still sending ARP request with unicast destination MAC of ip's previous MAC binding information Conditions: bandwidth starvation on the Nodes internal links between 2 chipsets Workaround: perform ARP flooding in the fabric for such BD's. 1. GARP notification will fix servers ARP cache 2. Flood behavior will not induce loop inside nodes fabric Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 19-MAY-2015 Known Affected Releases: 11.0(3.935) Known Fixed Releases: 11.1(0.206) Bug Id: CSCus83690 Title: NTP prov config not getting pushed after leaf stateful reload 145a image Description: Symptom: NTP provider configuration may get removed from switch after stateful reload Conditions: This can happen after a switch reboot Workaround: Disassociate / reassociate the pod group to the date time policy. Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 19-MAY-2015 Known Affected Releases: 11.1(0.145) Known Fixed Releases: 1.0(3.34), 1.1(0.668), 1.2(0.4) Bug Id: CSCut68368 Title: Scale:Traffic not hitting the proper rule after del/re-add of contract Description: Symptom: Traffic between application endpoint groups and external Layer 3 networks on different leafs is dropped if multiple external Layer 3 networks are configured in the same context. Conditions: This can happen when multiple L3Out are deployed in the same private network (fvCtx) in the following scenario: Application EPG A deployed on leaf1, in contract with L3Out A on leaf 2 L3Out B deployed on leaf1. Due to implicit deny rules for this L3Out, this will drop traffic on the same context between the application EPG and the other L3Out. Workaround: If multiple L3Out are deployed for the same private network, then change the private network to policy unenforced. This bug is on top of original issue fixed under bug id CSCut25657. Further Problem Description: Status: Fixed Severity: 1 Catastrophic Last Modified: 19-MAY-2015 Known Affected Releases: 1.1(0.185) Known Fixed Releases: 1.1(0.784a), 1.1(0.788a), 1.1(0.797), 1.1(0.797a) Bug Id: CSCuu11619 Title: Remote EP not aging on one Tor after upgrade to 1.4b Description: Symptom: The remote learned endpoint may not age out on one leaf of the vPC domain. Conditions: When one of the nodes in a vPC domain is reloaded and coming up, some endpoints synced from the vPC peer node may be ignored because remote tunnel interfaces are not up or created yet. Later when that vPC peer tries to delete that endpoint due to aging, the node that is just reloaded will not acknowledge as it had dropped the endpoint request before and has no state for that endpoint in the current state. Due to this, the other leaf will continue retaining the endpoint forever waiting for positive acknowledgement. Workaround: Reload the Leaf where remote EP didn't ageout. Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 19-MAY-2015 Known Affected Releases: 11.0(4) Known Fixed Releases: 11.1(0.204) Bug Id: CSCuu21167 Title: Policymgr is non-responsive for any new policy update after upgrade Description: Symptom: Policymgr is non-responsive for any new policy update and times out with error after upgrade from a prior version to 104h Conditions: vnsRsLIfCtxToBD (Device selection policy) relation from non-common tenant pointing to Bridge Domain (BD) in tenant common was created in a lower version and Policy-based upgrade was done from lower version to 104h Workaround: Please run the script cleanupRsLIfCtxToBD.py "after upgrade" by pointing it at your APIC ip address. Script can be obtained from AS folks or attached to this bug. To run the command you will need to set the PYTHONPATH pointing to egg files of the specific version. You will need python 2.7 PYTHONPATH=/tmp/867h/acicobra-1.1_0.867h-py2.7.egg:/tmp/867h/acimodel-1.1_0.867h-py2.7.egg /opt/cisco/aci/python2.7/bin/python cleanupRsLIfCtxToBD.py -H -P 443 -u admin -p -S This script will delete and readd all the vnsRsLIfCtxToBD relations in your system. GraphInst might go to fault state and recover but no traffic disruption is expected. After running the script, monitor the CPU utilization of PolicyMgr process to ensure it doesn't stay at a high value for sustained period of time. Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 21-MAY-2015 Known Affected Releases: 1.0(4) Known Fixed Releases: 1.0(4i), 1.1(0.873) Bug Id: CSCuu45570 Title: Install fails to set to boot variable Description: Symptom: Installer fails to install Build 313 on OSLO and Redmond for setting up boot variable. Conditions: NA Workaround: NA Further Problem Description: Install is in progress, please wait. Performing runtime checks. [####################] 100% -- SUCCESS Setting boot variables. [# ] 0% -- FAIL. Return code -1. Install has failed. Return code 0x4093000C (Setting boot variables failed). Please identify the cause of the failure, and try 'install all' again. Status: Open Severity: 2 Severe Last Modified: 21-MAY-2015 Known Affected Releases: 7.0(3)I2(0.313) Known Fixed Releases: Bug Id: CSCus38227 Title: Config with EPG/L2Out/L3Out as providers doesn't get deployed Description: Symptom: When a Layer 2 (l2extInstP) or Layer 3 (l3extInstP) external instance profile is specified as a provider to a contract, and a collection of endpoint groups within a context (vzAny) is specified as the consumer, the provider will be skipped. This can result in the graph not get deployed. Conditions: The issue happens when vzAny is specified as consumer, and l2extInstP or l3extInstP is specified as provider for a contract that will be used for deploying a service graph. The fix corrected the issue, and now when vzAny is consumer, l2extInstP or l3extInstP can be used as provider, to deploy a service graph. Workaround: Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 22-MAY-2015 Known Affected Releases: 1.1(0.566a) Known Fixed Releases: 1.1(0.599a), 1.1(0.603) Bug Id: CSCut32421 Title: Handle vzAny in tn-common with EPg in Tn Description: Symptom: Static routes are not installed when an endpoint group collection for a context (vzAny) is deployed in a tenant common, and the endpoint group is in a specific tenant. Conditions: This occurs when vzAny is deployed in tenant common and EPG is in a specific tenant. Workaround: Create explicit contracts between the EPGs. Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 22-MAY-2015 Known Affected Releases: 1.1(0.730) Known Fixed Releases: 1.0(3.34), 1.0(3k), 1.1(0.739a), 1.1(0.741a), 1.1(0.743a), 1.1(0.745) Bug Id: CSCuq38080 Title: Multiple Vulnerabilities in OpenSSL - August 2014 Description: Symptom: This product includes a version of OpenSSL that could be affected by the vulnerabilities identified by the following Common Vulnerability and Exposures (CVE) IDs: * Information leak in pretty printing functions (CVE-2014-3508) * Crash with SRP ciphersuite in Server Hello message (CVE-2014-5139) * Race condition in ssl_parse_serverhello_tlsext (CVE-2014-3509) * Double Free when processing DTLS packets (CVE-2014-3505) * DTLS memory exhaustion (CVE-2014-3506) * DTLS memory leak from zero-length fragments (CVE-2014-3507) * OpenSSL DTLS anonymous EC(DH) denial of service (CVE-2014-3510) * OpenSSL TLS protocol downgrade attack (CVE-2014-3511) * SRP buffer overrun (CVE-2014-3512) This bug has been opened to investigate and address the potential impact on this product. Conditions: Device with default configuration. Workaround: Not currently available. Further Problem Description: Additional details about the vulnerabilities listed above can be found at http://cve.mitre.org/cve/cve.html PSIRT Evaluation: The Cisco PSIRT has assessed these vulnerabilities using the Base and Temporal CVSS scores from the National Vulnerability Database (NVD). Details about the third-party software vulnerabilities listed above, as well as their CVSS score can be found at the following URL: http://web.nvd.nist.gov/view/vuln/search Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html Status: Fixed Severity: 2 Severe Last Modified: 22-MAY-2015 Known Affected Releases: 6.1(2)I1(2.68), 6.1(2)I2(2b) Known Fixed Releases: 6.1(2)I3(0.164), 6.1(2)I3(1), 7.0(3)I1(0.61), 7.0(3)I1(1) Bug Id: CSCuq92077 Title: APIC vulnerable to DDOS reflection attack Description: Symptom: APIC is vulnerable to NTP DDoS reflection attacks. Conditions: Prior to the fix described in Cisco bug ID CSCuo97759, the APIC without an NTP provider configured/applied, the ntpd service starts in server mode. After the fix, the APIC without any NTP provider configured/applied, will not have the NTPd service started. Workaround: None. More Info: Further Problem Description: Additional details about the vulnerabilities listed above can be found at http://cve.mitre.org/cve/cve.html PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 5/4.5: http://tools.cisco.com/security/center/cvssCalculator.x?version=2.0&vector=AV:N/AC:L/Au:N/C:N/I:N/A:P/E:F/RL:W/RC:C/ The Cisco PSIRT has assigned this score based on information obtained from multiple sources. This includes the CVSS score assigned by the third-party vendor when available. The CVSS score assigned may not reflect the actual impact on the Cisco Product. CVE ID CVE-2013-5211 has been assigned to document this issue. Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html Status: Fixed Severity: 2 Severe Last Modified: 22-MAY-2015 Known Affected Releases: 1.0(1e) Known Fixed Releases: 1.0(1.202a), 1.0(1.206a), 1.0(1.217b), 1.0(1.223a), 1.0(1.226a), 1.0(1.233), 1.0(1n), 1.1(0.319) Bug Id: CSCuq92240 Title: N9K / Denial of Service Vulnerability in service Platform Manager Description: Symptom: Cisco Nexus 9000 Software reloads unexpectedly. After reload ''show version'' reports ---snip--- Last reset at [...] Reason: Reset triggered due to HA policy of Reset System version: 6.1(2)I2(3) Service: Platform Manager hap reset ---snip--- ''show core will also show two core file in ''platform'' process Conditions: Running 6.1(2)I2(3) while conducting an SNMP polling on the device. Workaround: None. Further Problem Description: The SNMP subsystem of Cisco Nexus 9000 Software contains a vulnerability that would allow a remote, authenticated attacker to trigger a reload on an affected system. This vunlnerabiliy only affects Nexus 9K platforms. PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 6.8/5.6: https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:L/Au:S/C:N/I:N/A:C/E:F/RL:OF/RC:C CVE ID CVE-2015-0686 has been assigned to document this issue. Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html Status: Fixed Severity: 2 Severe Last Modified: 22-MAY-2015 Known Affected Releases: 6.1(2)I2(3) Known Fixed Releases: 6.1(2)I3(0.209), 6.1(2)I3(1) Bug Id: CSCuq38091 Title: Multiple Vulnerabilities in OpenSSL - August 2014 (waiting for buildenv) Description: Symptom: This product includes a version of OpenSSL that could be affected by the vulnerabilities identified by the following Common Vulnerability and Exposures (CVE) IDs: * Information leak in pretty printing functions (CVE-2014-3508) * Crash with SRP ciphersuite in Server Hello message (CVE-2014-5139) * Race condition in ssl_parse_serverhello_tlsext (CVE-2014-3509) * Double Free when processing DTLS packets (CVE-2014-3505) * DTLS memory exhaustion (CVE-2014-3506) * DTLS memory leak from zero-length fragments (CVE-2014-3507) * OpenSSL DTLS anonymous EC(DH) denial of service (CVE-2014-3510) * OpenSSL TLS protocol downgrade attack (CVE-2014-3511) * SRP buffer overrun (CVE-2014-3512) This bug has been opened to investigate and address the potential impact on this product. Conditions: Device with default configuration. Workaround: Not currently available. Further Problem Description: Additional details about the vulnerabilities listed above can be found at http://cve.mitre.org/cve/cve.html PSIRT Evaluation: The Cisco PSIRT has assessed these vulnerabilities using the Base and Temporal CVSS scores from the National Vulnerability Database (NVD). Details about the third-party software vulnerabilities listed above, as well as their CVSS score can be found at the following URL: http://web.nvd.nist.gov/view/vuln/search Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html Status: Fixed Severity: 2 Severe Last Modified: 22-MAY-2015 Known Affected Releases: 1.0(1e) Known Fixed Releases: 1.0(1.114) Bug Id: CSCum58876 Title: RPF change is not updated correct or mfdm/ipfib crash if oifl > 40 svis Description: <B>Symptom:</B> The QA-tested scalability limit for multicast on the Nexus 9500 is 40 outgoing interfaces (OIFs) per multicast route (i.e. per (*,G) or (S,G) entry). When this is exceeded, unexpected behavior has been observed, such as: - RPF update failure - if the RPF path for a multicast source moves from a L3 interface to a VLAN interface (SVI), this is not correctly updated in the FIB and in hardware programming. As a result, streams from this source are punted to the supervisor due to RPF failure. - The 'mfdm' service may crash on the supervisor, causing a HAP reset of one or both supervisors. - The 'ipfib' service may crash on any or all line cards and/or fabric modules, causing a HAP reset of the affected module(s). - MTS exhaustion may be observed. <B>Conditions:</B> The noted issues are known to occur when the OIF list (OIFL) exceeds 40 entries for one or more multicast routes. The device is not guaranteed to experience these crashes or programming failures once in this state. However, once in this state, multicast churn (any actions that would require reprogramming of multiple OIF lists in hardware) can cause the aforementioned issues to appear. <B>Workaround:</B> Limit the size of the OIFL for any given multicast route to 40 entries or fewer. <B>Further Problem Description:</B> This issue is caused by the current N9K multicast software architecture. Large OIF lists exceed the capacity of the messages used to communicate between MFDM on the supervisor and IPFIB on the line cards, and this causes corruption which directly leads to the programming failures and crashes. There is a two-part plan to address this: - In the next major release (Bronte) a preventative fix will be implemented to prevent crashes and warn a user if a given OIFL exceeds 40 entries. - In the following major release (Camden) there will be significant code re-design to increase the verified OIFL scalability numbers above 40 OIFs per group. Status: Fixed Severity: 2 Severe Last Modified: 22-MAY-2015 Known Affected Releases: 6.1(2)I1(1.149) Known Fixed Releases: 6.1(2)I3(3.74), 6.1(2)I3(4), 7.0(3)I1(0.209), 7.0(3)I1(1), 7.0(3)I1(1.54), 7.0(3)I1(2) Bug Id: CSCuu48859 Title: N9k:ECMP load-sharing hashing is not randomized Description: Symptom: Post insertion of 2 C9516 running Ash_3.4 as CS03-04 into NetApp's Data Center, uplinks of CS03-04 hashing algorithm is not distributing the traffic across all 4 links where there is 4-way ECMP learned via OSPF in routing hash. 2 out 4 uplinks on each CS03-04 is not being used. These uplinks are going to CS01-02 on 40GB EC links. Conditions: Workaround: Further Problem Description: Status: Open Severity: 2 Severe Last Modified: 23-MAY-2015 Known Affected Releases: 6.1(2)I3(3.4) Known Fixed Releases: Bug Id: CSCut56639 Title: dscp marking not happening for AEpg to l3instP rule Description: Symptom: When dscp marking is configured on external Epg, it is not copied to filter rule on node. Conditions: Configure external Epg with dscp marking. Workaround: None Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 23-MAY-2015 Known Affected Releases: 1.1(0.766d) Known Fixed Releases: 1.1(0.807a), 1.1(0.816a), 1.1(0.825a), 1.1(0.827), 1.1(0.877a), 1.1(0.878) Bug Id: CSCuu18910 Title: VRF Ctx is in Delete-Pending State Because of BGP Description: Symptom: A Cisco Nexus 9000 running in ACI made may get into a stats where an administrator finds that a context is not deployed onto one or more fabric nodes with endpoints attached. Other contexts in the same Tenant deploy properly. This failed deployment causes routing in the fabric to fail. Conditions: Cisco Nexus 9000 running in ACI mode under rare conditions may get into a state where a tenant private network (also know as a context and vrf) may not be programmed on the fabric node. The condition may occur if the problematic context has been removed in the past and re-added to the configuration with the same name. The Logical Model of the fabric shows that the problematic context is properly associated to a particular Bridge Domain. A fabric node in this state will show "Delete Pending" for the context with the output of "show vrf" as shown in this example: node102#show vrf VRF-Name VRF-ID State Reason Test_Tenant:Test_vrf1 32 Down Delete Pending If the context is added back in again before clearing from this state, The context will not display at all with the command output "show vrf". Instead, check the output of "cat /mit/sys/ctx-[vxlan-2490368]/summary | grep operStQual". Note, substitute the context scope ID in the vxlan- directory for the system in question. operStQual will have a value of delete-pending when in this state. Workaround: Reloading affected Leaf switches has shown to clear this issue. Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 23-MAY-2015 Known Affected Releases: 11.0(4) Known Fixed Releases: 11.0(3.938) Bug Id: CSCuu49949 Title: policymgr cores in fv::DomContMo::resolveFvDomDef Description: Symptom: An APIC service may produce a core file if a service graph is deployed. Conditions: Unknown Workaround: None Further Problem Description: N/A Status: Fixed Severity: 2 Severe Last Modified: 24-MAY-2015 Known Affected Releases: 1.1(0.867h) Known Fixed Releases: Bug Id: CSCup22625 Title: Multiple Vulnerabilities in OpenSSL - June 2014 Description: Symptoms: This Cisco products include a version of openssl that may be affected by one or more of the vulnerabilities identified by the following Common Vulnerability and Exposures (CVE) IDs: CVE-2010-5298 - SSL_MODE_RELEASE_BUFFERS session injection or denial of service CVE-2014-0076 - Fix for the attack described in the paper "Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack" CVE-2014-0195 - DTLS invalid fragment vulnerability CVE-2014-0198 - SSL_MODE_RELEASE_BUFFERS NULL pointer dereference CVE-2014-0221 - DTLS recursion flaw CVE-2014-0224 - SSL/TLS MITM vulnerability CVE-2014-3470 - Anonymous ECDH denial of service This bug has been opened to address the potential impact to the product. Conditions: Not applicable Workaround: Not applicable Further Problem Description: Additional details about those vulnerabilities can be found at http://cve.mitre.org/cve/cve.html PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 10/8.3: https://intellishield.cisco.com/security/alertmanager/cvss?target=new&version=2.0&vector=AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C The Cisco PSIRT has assigned this score based on information obtained from multiple sources. This includes the CVSS score assigned by the third-party vendor when available. The CVSS score assigned may not reflect the actual impact on the Cisco Product. Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html Status: Fixed Severity: 2 Severe Last Modified: 24-MAY-2015 Known Affected Releases: 1.0(0.880), 1.0(0.911a) Known Fixed Releases: 1.0(0.488) Bug Id: CSCur01249 Title: APIC evaluation for CVE-2014-6271 and CVE-2014-7169 Description: Symptom: The following Cisco product Cisco Application Policy Infrastructure Controller, Release 1.0(1e) includes a version of Bash that may be affected by the vulnerabilities identified by the following Common Vulnerability and Exposures (CVE) IDs: CVE-2014-6271 CVE-2014-6277 CVE-2014-6278 CVE-2014-7169 CVE-2014-7186 CVE-2014-7187 Cisco has analyzed this vulnerability and concluded that while the previously listed products may run a vulnerable version of Bash, there are no exploitation vectors present - therefore, those products are not impacted. Conditions: Not applicable Workaround: Not applicable Further Problem Description: Even though no exploitation vectors are present in the product, release 1.0(1k) (available 2014/10/06) contains a patched Bash that is not affected by the listed vulnerabilities. Additional details about those vulnerabilities can be found at http://cve.mitre.org/cve/cve.html PSIRT Evaluation: The Cisco PSIRT has evaluated those issues and they do not meet the criteria for PSIRT ownership or involvement. Those issues will be addressed via normal resolution channels. If you believe that there is new information that would cause a change in the severity of those issues, please contact psirt@cisco.com for another evaluation. Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html Status: Fixed Severity: 2 Severe Last Modified: 24-MAY-2015 Known Affected Releases: 1.0(1h) Known Fixed Releases: 1.0(1k), 1.1(0.319) Bug Id: CSCus68764 Title: Nexus 9k: assess GHOST vulnerability in glibc (CVE-2015-0235) Description: Symptom: On January 27, 2015, a buffer overflow vulnerability in the GNU C library (glibc) was publicly announced. This vulnerability is related to the various gethostbyname functions included in glibc and affect applications that call these functions. This vulnerability may allow an attacker to obtain sensitive information from an exploited system or, in some instances, perform remote code execution with the privileges of the application being exploited. This vulnerability is documented in CVE-2015-0235. A Cisco Security Advisory has been published to document this vulnerability at: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-ghost This bug has been opened to address the potential impact on this product. Conditions: Under normal conditions the D9036 does not take hostnames as an input parameter. This vulnerability is not exploitable remotely Workaround: Not available. Further Problem Description: PSIRT Evaluation: All previously released versionsand NX-OS software are affected. The fix will be delivered for currently supported releases as follows: NX-OS 7.0 release - first fixed release is 7.0.3 which is available on CCO NX-OS 6.1 release - is scheduled to be available in April 2015 The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are: 10/7.8 https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C/CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND The Cisco PSIRT has assigned this score based on information obtained from multiple sources. This includes the CVSS score assigned by the third-party vendor when available. The CVSS score assigned may not reflect the actual impact on the Cisco Product. Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html Status: Fixed Severity: 2 Severe Last Modified: 24-MAY-2015 Known Affected Releases: 6.1(2)I3(3) Known Fixed Releases: 6.1(2)I3(3.61), 6.1(2)I3(4), 7.0(3)I1(0.274), 7.0(3)I1(1), 7.0(3)I2(0.83), 7.0(3)I2(1) Bug Id: CSCus42784 Title: JANUARY 2015 OpenSSL Vulnerabilities Description: Symptom: This product includes a version of OpenSSL that is affected by the vulnerability identified by the Common Vulnerability and Exposures (CVE) IDs: CVE-2014-3569, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205, CVE-2015-0206 This bug has been opened to address the potential impact on this product. Conditions: N9K is not vulnerable to the two DTLS issues: - (CVE-2014-3571) DTLS segmentation fault in dtls1_get_record - (CVE-2015-0206) DTLS memory leak in dtls1_buffer_record N9k is vulnerable to fourCVEs: - (CVE-2015-0205) is from an old protocol which is not used in most (we have to see if it is used by any if at all) of existing nxos application - (CVE-2014-3570) is a bug with very low probability of occurring. - (CVE-2014-3572) and (CVE-2015-0204). N9K is not vulnerable to CVEs: - (CVE-2014-3569) ssl23_get_client_hello function does not properly handle attempts to use unsupported protocols - (CVE-2015-0205) DH client certificates accepted without verification [Server] Workaround: None. Further Problem Description: PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are: 5.0/3.7 http://tools.cisco.com/security/center/cvssCalculator.x?version=2.0&vector=AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C The Cisco PSIRT has assigned this score based on information obtained from multiple sources. This includes the CVSS score assigned by the third-party vendor when available. The CVSS score assigned may not reflect the actual impact on the Cisco Product. Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html Status: Fixed Severity: 2 Severe Last Modified: 24-MAY-2015 Known Affected Releases: 7.0(3)I1(1.1) Known Fixed Releases: 7.0(3)I1(1.168), 7.0(3)I1(2), 7.0(3)I2(0.177), 7.0(3)I2(1) Bug Id: CSCut77409 Title: APRIL 2015 NTPd Vulnerabilities Description: Symptom: This product includes a version of ntpd that is affected by the vulnerability identified by the Common Vulnerability and Exposures (CVE) IDs: CVE-2015-1798 and CVE-2015-1799 This bug has been opened to address the potential impact on this product. Conditions: Using symmetric keys for the peers increases vulnerability. Affected Versions 1.0(2m) 1.0(3k) Expected Fixed Version 1.1(1) Workaround: Not available. Further Problem Description: PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are: 4.3/3.2 https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C The Cisco PSIRT has assigned this score based on information obtained from multiple sources. This includes the CVSS score assigned by the third-party vendor when available. The CVSS score assigned may not reflect the actual impact on the Cisco Product. Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html Status: Open Severity: 2 Severe Last Modified: 24-MAY-2015 Known Affected Releases: 1.0(3m) Known Fixed Releases: Bug Id: CSCur28092 Title: Nexus 9000 : evaluation of SSLv3 POODLE vulnerability Description: Symptom: This product includes a version of SSL that is affected by the vulnerability identified by the Common Vulnerability and Exposures (CVE) IDs: CVE-2014-3566 This bug has been opened to address the potential impact on this product. Conditions: Web based HTTPS interface is provided in Nexus 9000 only when "feature nxapi" is enabled. This feature is disabled by default. When this feature is not enabled, Nexus 9000 is not vulnerable. Workaround: Disable 'feature nxapi' by doing 'no feature nxapi' in global config mode, if the feature is enabled. Further Problem Description: PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are: 2.6/2.5 https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:H/Au:N/C:P/I:N/A:N/E:F/RL:U/RC:C The Cisco PSIRT has assigned this score based on information obtained from multiple sources. This includes the CVSS score assigned by the third-party vendor when available. The CVSS score assigned may not reflect the actual impact on the Cisco Product. Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html Status: Fixed Severity: 2 Severe Last Modified: 24-MAY-2015 Known Affected Releases: 6.1(2)I3(1) Known Fixed Releases: 6.1(2)I3(1.25), 6.1(2)I3(2), 6.1(2)I3(2.5), 6.1(2)I3(3), 6.1(2)I3(3.87), 6.1(2)I3(4) Bug Id: CSCup24057 Title: Multiple Vulnerabilities in OpenSSL - June 2014 Description: Symptom: The following Cisco products Nexus 9300 Nexus 9500 Nexus 3164 include a version of openssl that is affected by the vulnerabilities identified by the Common Vulnerability and Exposures (CVE) IDs: CVE-2014-0076 - Fix for the attack described in the paper "Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack" CVE-2014-0224 - SSL/TLS MITM vulnerability CVE-2014-3470 - Anonymous ECDH denial of service This bug has been opened to address the potential impact on this product. Conditions: "Devices with default configuration." Workaround: Not available. Further Problem Description: CVE-2014-0076 can only occur when a malicious third party app is running on the device. As such there are no such malicious third party app running on the device. The devices allows any other third party app to be run though. So administrator(s) would need to make sure that any third party app/tool added by the dev-op team has no such malicious content PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 7.1/6.3: https://intellishield.cisco.com/security/alertmanager/cvss?target=new&version=2.0&vector=AV:N/AC:M/Au:N/C:N/I:N/A:C/E:F/RL:U/RC:C The Cisco PSIRT has assigned this score based on information obtained from multiple sources. This includes the CVSS score assigned by the third-party vendor when available. The CVSS score assigned may not reflect the actual impact on the Cisco Product. Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html Status: Fixed Severity: 2 Severe Last Modified: 24-MAY-2015 Known Affected Releases: 6.1(2)I2(2a), 6.2(8)IA(1), 7.2(0.1)VB(0.1) Known Fixed Releases: 6.1(2)I3(0.164), 6.1(2)I3(1), 7.0(3)I1(0.61), 7.0(3)I1(1) Bug Id: CSCus68928 Title: Ghost Vulnerability for APIC CVE-2015-0235 Description: Symptom: On January 27, 2015, a buffer overflow vulnerability in the GNU C library (glibc) was publicly announced. This vulnerability is related to the various gethostbyname functions included in glibc and affect applications that call these functions. This vulnerability may allow an attacker to obtain sensitive information from an exploited system or, in some instances, perform remote code execution with the privileges of the application being exploited. This vulnerability is documented in CVE-2015-0235. A Cisco Security Advisory has been published to document this vulnerability at: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-ghost This bug has been opened to address the potential impact on this product. Conditions: Default configuration Workaround: Not available Further Problem Description: PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are: 10/7.8 https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C/CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND The Cisco PSIRT has assigned this score based on information obtained from multiple sources. This includes the CVSS score assigned by the third-party vendor when available. The CVSS score assigned may not reflect the actual impact on the Cisco Product. Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html Status: Fixed Severity: 1 Catastrophic Last Modified: 24-MAY-2015 Known Affected Releases: 1.0(2.117), 1.0(2m) Known Fixed Releases: 1.0(2.145a), 1.0(2.146), 1.0(3f), 1.1(0.647) Bug Id: CSCur04948 Title: Product evaluation for CVE-2014-6271 and CVE-2014-7169 Description: Symptom: Symptoms: The includes a version of bash that is affected by the vulnerabilities identified by the Common Vulnerability and Exposures (CVE) IDs: CVE-2014-6271 CVE-2014-7169 This bug has been opened to address the potential impact on this product. Conditions: Conditions: Devices with default configuration. Workaround: Workaround: Not available. Further Problem Description: Further Problem Description: PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 7.5/7.5: https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:U/RC:C The Cisco PSIRT has assigned this score based on information obtained from multiple sources. This includes the CVSS score assigned by the third-party vendor when available. The CVSS score assigned may not reflect the actual impact on the Cisco Product. Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html Status: Other Severity: 2 Severe Last Modified: 24-MAY-2015 Known Affected Releases: 7.2(0.1)VB(0.1) Known Fixed Releases: Bug Id: CSCur04945 Title: Product evaluation for CVE-2014-6271 and CVE-2014-7169 Description: Symptom: Symptoms: The includes a version of bash that is affected by the vulnerabilities identified by the Common Vulnerability and Exposures (CVE) IDs: CVE-2014-6271 CVE-2014-7169 This bug has been opened to address the potential impact on this product. Conditions: Conditions: Devices with default configuration. Workaround: Workaround: Not available. Further Problem Description: Further Problem Description: PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 7.5/7.5: https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:U/RC:C The Cisco PSIRT has assigned this score based on information obtained from multiple sources. This includes the CVSS score assigned by the third-party vendor when available. The CVSS score assigned may not reflect the actual impact on the Cisco Product. Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html Status: Other Severity: 2 Severe Last Modified: 24-MAY-2015 Known Affected Releases: 7.2(0.1)VB(0.1) Known Fixed Releases: Bug Id: CSCus29415 Title: NTPd Vulnerabilities Description: Symptom: The following Cisco products Cisco Nexus 9000 Switches include a version of NTPd that is affected by the vulnerabilities identified by the Common Vulnerability and Exposures (CVE) IDs: CVE-2014-9293, CVE-2014-9294, CVE-2014-9295 and CVE-2014-9296 This bug has been opened to address the potential impact on this product. Please consult http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd for further information. Conditions: feature ntp Workaround: Block NTP query requests: ntp access-group query-only query-only-acl Further Problem Description: PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 7.5/7.5: https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:U/RC:C The Cisco PSIRT has assigned this score based on information obtained from multiple sources. This includes the CVSS score assigned by the third-party vendor when available. The CVSS score assigned may not reflect the actual impact on the Cisco Product. Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html Status: Fixed Severity: 2 Severe Last Modified: 24-MAY-2015 Known Affected Releases: 7.0(3)I1(0.197) Known Fixed Releases: 11.1(0.174), 6.1(2)I3(3.99), 6.1(2)I3(4), 7.0(3)I1(0.227), 7.0(3)I1(1), 7.0(3)I2(0.101), 7.0(3)I2(0.97T), 7.0(3)I2(1) Bug Id: CSCut45880 Title: MARCH 2015 OpenSSL Vulnerabilities Description: Symptom: This product includes a version of OpenSSL that is affected by the vulnerability identified by the Common Vulnerability and Exposures (CVE) IDs: CVE-2015-0286, CVE-2015-0287, CVE-2015-0289, CVE-2015-0292, CVE-2015-0293, CVE-2015-0209, CVE-2015-0288 This bug has been opened to address the potential impact on this product. Conditions: Exposure is not configuration dependent. APIC Controller Version 1.0(1X), 1.0(2X),1.0(3X) Workaround: Not available. Further Problem Description: PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are: 7.1/6.9 https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:H/Au:N/C:P/I:N/A:N/E:F/RL:U/RC:C The Cisco PSIRT has assigned this score based on information obtained from multiple sources. This includes the CVSS score assigned by the third-party vendor when available. The CVSS score assigned may not reflect the actual impact on the Cisco Product. Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html Status: Fixed Severity: 2 Severe Last Modified: 24-MAY-2015 Known Affected Releases: 1.0(2m), 1.0(3f) Known Fixed Releases: 1.0(3.49), 1.1(0.797), 1.1(0.797a) Bug Id: CSCur28114 Title: Fabric Switch : evaluation of SSLv3 POODLE vulnerability Description: Symptom: This product includes a version of SSL that is affected by the vulnerability identified by the Common Vulnerability and Exposures (CVE) IDs: CVE-2014-3566 This bug has been opened to address the potential impact on this product. Conditions: Exposure is not configuration dependent Workaround: Fix for this is available in NX-11.0(1d) or later releases of Nexus 9000 ACI Mode Switches. Further Problem Description: PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are: 2.6/2.5 https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:H/Au:N/C:P/I:N/A:N/E:F/RL:U/RC:C The Cisco PSIRT has assigned this score based on information obtained from multiple sources. This includes the CVSS score assigned by the third-party vendor when available. The CVSS score assigned may not reflect the actual impact on the Cisco Product. Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html Status: Fixed Severity: 2 Severe Last Modified: 24-MAY-2015 Known Affected Releases: 11.0(1d) Known Fixed Releases: 11.0(1.881), 11.0(1.882), 11.0(1d) Bug Id: CSCur28110 Title: APIC : evaluation of SSLv3 POODLE vulnerability Description: Symptom: This product includes a version of SSL that is affected by the vulnerability identified by the Common Vulnerability and Exposures (CVE) IDs: CVE-2014-3566 This bug has been opened to address the potential impact on this product. Conditions: Exposure is not configuration dependent Workaround: Not Available Further Problem Description: PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are: 2.6/2.5 https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:H/Au:N/C:P/I:N/A:N/E:F/RL:U/RC:C The Cisco PSIRT has assigned this score based on information obtained from multiple sources. This includes the CVSS score assigned by the third-party vendor when available. The CVSS score assigned may not reflect the actual impact on the Cisco Product. Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html Status: Fixed Severity: 2 Severe Last Modified: 24-MAY-2015 Known Affected Releases: 1.0(1k) Known Fixed Releases: 1.0(1.259), 1.0(1.266a), 1.0(1.269a), 1.0(1.273a), 1.0(1.280), 1.0(1n), 1.0(2j), 1.1(0.379) Bug Id: CSCus39019 Title: Internal MO leak in eventmgr store on switch causes crash Description: Symptom: Cisco Nexux 9000 switches running in ACI mode may experience eventmgr process crash. When faultable MOs are created, some internal objects are created in eventmgr data store. If the faultable MOs are created without faults, the internal objects do not get released properly. Common symptom is an eventmgr process crash followed by continuous failed restart attempts. Conditions: Affected versions: 1.0(2m) [Switch 11.0(2m)] and earlier. On a long-running system with new MOs being constantly created/deleted (example MOs representing test results running in the background) the eventmgr data store can eventually fill up, rendering eventmgr inoperable. This has more of an impact on C9508 and C9504 switches. Workaround: Once the eventmgr process is in this state, the workaround to recover from this is to reload the switch. To reduce the resource leak, reduce the frequency of the diagnostics tests on spine switches with the following CLI command: switch# cd /aci/fabric/fabric-policies/monitoring-policies/monitoring-policy-default/diagnostics-policies/ switch# cd line-module-\(eqpt.lc\)/eqptdiagp-sptshllc-default switch# moset health-diag-test-frequency every-1-day switch# cd ../.. switch# cd supervisor-module-\(eqpt.supc\)/eqptdiagp-sptshlsc-default switch# moset health-diag-test-frequency every-1-day switch# cd ../.. switch# cd fabric-module-\(eqpt.fc\)/eqptdiagp-sptshlfc-default/ switch# moset health-diag-test-frequency every-1-day switch# cd ../.. switch# cd system-controller-module-\(eqpt.sysc\)/eqptdiagp-sptshlscc-default/ switch# moset health-diag-test-frequency every-1-day switch# cd ../.. switch# moconfig commit You can also make the changes in the APIC GUI under: Fabric > Fabric Policies > Monitoring Policies > default > Diagnostics Policies For each of the following Monitoring Objects, change the Test Frequency to 'Every 1 day': Fabric Module (eqpt.FC) - Ongoing policy default Line Module (eqpt.LC) - Spine ongoing policy default Supervisor Module (eqpt.SupC) - Spine ongoing policy default System Controller Module (eqpt.SysC) - Ongoing policy default Further Problem Description: User with administrative privileges can use the following switch CLI command to check the current size of the data store: ls -l /dev/shm/lpssmu/ifc_eventmgr-1_ud1 the issue manifests itself when the file size reaches approximately 1 GB Status: Fixed Severity: 2 Severe Last Modified: 25-MAY-2015 Known Affected Releases: 1.0(2j), 1.0(2m) Known Fixed Releases: 1.0(2.104a), 1.0(2.106), 1.0(2.98a), 1.0(3f), 1.1(0.619a) Bug Id: CSCus71452 Title: N9300 - ADJMGR and FIB Next Hop Interface Out Of Sync Description: Symptom: Certain IP's are unreachable when sending traffic through a Nexus 9300 Conditions: Following a loop in the network Workaround: Clear ip arp x.x.x.x force-delete Further Problem Description: This is due to a disconnect in the state between ADJMGR and the FIB: N9K-1# sh ip arp detail Flags: * - Adjacencies learnt on non-active FHRP router + - Adjacencies synced via CFSoE # - Adjacencies Throttled for Glean IP ARP Table for context default Total number of entries: 2 Address Age MAC Address Interface Physical Interface 1.1.1.250 00:00:52 0000.0000.0001 Vlan1 port-channel3 <---------------- SW points to Po3 N9K-1# sh forwarding adjacency platform slot 1 ======= IPv4 adjacency information next_hop:1.1.1.250 rewrite_info:0000.0000.0001 interface:Vlan1 (Phy 0x16000001) <------ FIB points to Po2 HH:0x7 Refcount:2 Flags:0x800 Holder:0x1 pbr_cnt:0 wccp_cnt:0 BCM adj: unit-0:100011 unit-1:0 unit-2:0, cmn-index: 7, LIF:1 Upd 3 BCM NVE adj: unit-0:0 unit-1:0 unit-2:0, cmn-index: 7, LIF:1 Upd 3 N9K-1# sh int snmp-ifindex | i 0x16000001 Po2 369098753 (0x16000001) <------------------------------------------------- SNMP IFindex for Po2 Status: Fixed Severity: 2 Severe Last Modified: 25-MAY-2015 Known Affected Releases: 6.1(2)I2(1), 6.1(2)I2(2), 6.1(2)I2(2a), 6.1(2)I2(2b), 6.1(2)I2(3), 6.1(2)I3(1), 6.1(2)I3(2), 6.1(2)I3(3.50), 6.1(2)I3(3a) Known Fixed Releases: 6.1(2)I3(3.56), 6.1(2)I3(4), 7.0(3)I1(1) Bug Id: CSCur02102 Title: Nexus 9k Fabric-sw evaluation for CVE-2014-6271 and CVE-2014-7169 Description: Symptom: The Cisco Nexus 9K includes a version of bash that is affected by the vulnerabilities identified by the Common Vulnerability and Exposures (CVE) IDs: CVE-2014-6271 CVE-2014-7169 This bug has been opened to address the potential impact on this product. Conditions: A user must first successfully log in and authenticate via SSH to trigger this vulnerability. Workaround: Cisco Nexus 93128TX Switch : Release 11.x First fixed release is 11.0(1d) Available 06/10/2014 Cisco Nexus 9336PQ ACI Spine Switch : Release 11.x - First fixed release is 11.0(1d) Available 06/10/2014 Cisco Nexus 9396PX Switch : Release 11.x - First fixed release is 11.0(1d) Available 06/10/2014 Cisco Nexus 9508 Switch : Release 11.x - First fixed release is 11.0(1d) Available 06/10/2014 Further Problem Description: PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 7.5/7.5: https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:U/RC:C The Cisco PSIRT has assigned this score based on information obtained from multiple sources. This includes the CVSS score assigned by the third-party vendor when available. The CVSS score assigned may not reflect the actual impact on the Cisco Product. Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html Status: Fixed Severity: 2 Severe Last Modified: 26-MAY-2015 Known Affected Releases: 11.0(1b), 11.0(1c) Known Fixed Releases: 11.0(1.867), 11.0(1d) Bug Id: CSCur02700 Title: Nexus 9000 evaluation for CVE-2014-6271 and CVE-2014-7169 Description: Symptom: The Cisco Nexus 9000 includes a version of bash that is affected by the vulnerabilities identified by the Common Vulnerability and Exposures (CVE) IDs: CVE-2014-6271 CVE-2014-7169 This bug has been opened to address the potential impact on this product. Conditions: A user must first successfully log in and authenticate via SSH to trigger this vulnerability. Workaround: Not available. Further Problem Description: PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 7.5/7.5: https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:U/RC:C The Cisco PSIRT has assigned this score based on information obtained from multiple sources. This includes the CVSS score assigned by the third-party vendor when available. The CVSS score assigned may not reflect the actual impact on the Cisco Product. Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html The following CVE's are fixed in 6.1(2)I3(1). CVE-2014-6271 CVE-2014-7169 6.1(2)I3(2) release will have the fix for the above two CVEs, and the additionally reported CVEs of CVE-2014-7186, CVE-2014-7187,CVE-2014-6277, CVE-2014-6278 Hot patch that includes fixes for all the above 6 x CVEs for existing releases are now available for download. Status: Fixed Severity: 2 Severe Last Modified: 26-MAY-2015 Known Affected Releases: 6.1(2)I2(2b), 7.2(0.1)VB(0.1) Known Fixed Releases: 6.1(2)I1(3a), 6.1(2)I3(1) Bug Id: CSCul57047 Title: nx-api private key file is world readable Description: Symptom: The default private key used for NX-API on the Nexus 9000 has insecure permissions. Conditions: Default configuration. If bash is enabled (default is disabled), then any authenticated user with the appropriate roles can access the Bash shell, and be able to view the default private key. User accounts that are associated with the Cisco NX-OS dev-ops, network-admin or vdc-admin roles, have permission to access the Bash shell. The key is used for communicating with the NX-API, via the feature nxapi Workaround: The workaround is to change the permissions set on the private key. However in order to accomplish this any customer would have to contact Cisco TAC for assistance. Disabling bash access with the command no feature bash-shell will prevent access to the bash shell. Cisco recommends upgrading to a fixed release of code when released, which assigns the correct permissions to the private key. More-Info PSIRT-Evaluation The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 2.1/2: https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dis patch=1&version=2&vector=AV:L/AC:L/Au:N/C:P/I:N/A:N/E:F/RL:U/RC:C No CVE ID has been assigned to this issue. Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html Status: Fixed Severity: 2 Severe Last Modified: 26-MAY-2015 Known Affected Releases: 6.1(2)I1(1) Known Fixed Releases: 6.1(2)I2(1) Bug Id: CSCut54322 Title: Wizard shouldn't be L3Out as cons Firewall Routed and ADC Two-Arm mode Description: Symptom: The GUI wizard for a Layer 3 external network used as a consumer does not support the Two Nodes - Firewall in Routed and ADC in Two-Arm mode template. Conditions: Workaround: Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 26-MAY-2015 Known Affected Releases: 1.1(0.766d) Known Fixed Releases: 1.1(0.787), 1.1(0.884a), 1.1(0.887a), 1.1(0.890a), 1.1(0.892a), 1.1(0.895a), 1.1(0.897) Bug Id: CSCuo02489 Title: Deny traffic with log keyword is permitted through Description: Symptom: During testing of Cisco Nexus 9000 Series Switches, it was found that when an ACE entry in a deny ACL has the log keyword present, packets are rate-limited and sent to software for logging purposes. These logged packets should be dropped by software ACL. However, they get forwarded to the final destination although the ACL applied denies the traffic. Conditions: This was observed on Cisco Nexus 9000 Series Switches only running versions prior to this bugfix. Workaround: Using the hardware rate limiter using the following configuration to drop all packets sent to software for logging purposes: hardware rate-limiter access-list-log 0 The other option is to not use logging of deny ACL. Please note that both these options are basically disabling the logging feature. Further Problem Description: PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 5/4.1: https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:L/Au:N/C:P/I:N/A:N/E:F/RL:OF/RC:C CVE ID CVE-2014-3330 has been assigned to document this issue. Additional details about the vulnerability described here can be found at: http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3330 Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html Status: Fixed Severity: 2 Severe Last Modified: 26-MAY-2015 Known Affected Releases: 6.1(2)I2(1) Known Fixed Releases: 6.1(2)I2(1.18), 6.1(2)I2(1.21), 6.1(2)I2(2), 6.1(2)I2(2a), 6.1(2)I2(2c) Bug Id: CSCuu23954 Title: Leaf sending ARP with 0000.0000.0000 Smac on L3 out Description: Symptom: ACI leaf sending ARP reply with source mac being 0000.0000.0000 instead of ACI mac. This is seen only on l3 outside interface Conditions: Workaround: a static arp on the connected devices work-around the issue Further Problem Description: Status: Terminated Severity: 2 Severe Last Modified: 26-MAY-2015 Known Affected Releases: 11.0(3m) Known Fixed Releases: 11.1(0.215) Bug Id: CSCut51929 Title: Traffic drop after change of provider EPG Description: Symptom: Traffic destined to shared service provider EPG picks incorrect class Id (PcTag) instead of the EPGs class id and gets dropped. Conditions: 1. BD is associated to shared service provider epgs. 2. BD has a subnet defined under it. In such cases, if the shared provider EPgs also becomes consumer of some contract then we configure static routes for the subnets defined under the BD and it may lead to incorrect traffic behavior. Everything will work fine as long as shared provider epgs are not consuming any contract. Workaround: Do not configure any fvSubnet under a BD which is getting used by a shared service provider EPg. Further Problem Description: Status: Terminated Severity: 2 Severe Last Modified: 26-MAY-2015 Known Affected Releases: 1.1(0.764b) Known Fixed Releases: Bug Id: CSCuo97578 Title: APIC is vulnerable to XSS (cross-site scripting) attacks Description: Symptoms: The APIC UI should contain more measures to prevent cross site scripting attacks. Conditions: None Workaround: None Further Problem Description: PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 4.3/3.6: https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:M/Au:N/C:N/I:P/A:N/E:F/RL:OF/RC:C No CVE ID has been assigned to this issue. Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html Status: Fixed Severity: 1 Catastrophic Last Modified: 26-MAY-2015 Known Affected Releases: 1.0(0.160f) Known Fixed Releases: 1.0(0.238), 1.0(0.240), 1.0(0.246), 1.0(0.248), 1.0(0.254), 1.0(0.265), 1.0(0.275j), 1.0(0.287), 1.0(0.318), 1.0(0.352) Bug Id: CSCuq17978 Title: SNMPset to community strings with special characters cause hap reset Description: Symptom: NX-OS SNMPd process crashes with HAP reset. Conditions: Community string has leading ''%'' and ends with a number. (however some other combination of special characters may cause this problem, we haven't seen them yet but can't exclude) Workaround: don't use leading % as a character. Better to avoid using special characters in RW communities or at least not as a leading characters Further Problem Description: PSIRT Evaluation: The Cisco PSIRT has evaluated this issue and does not meet the criteria for PSIRT ownership or involvement. This issue will be addressed via normal resolution channels. If you believe that there is new information that would cause a change in the severity of this issue, please contact psirt@cisco.com for another evaluation. Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html Status: Fixed Severity: 2 Severe Last Modified: 26-MAY-2015 Known Affected Releases: 6.1(2)I2(2a), 6.1(2)I2(2b) Known Fixed Releases: 6.0(2)A3(2.68), 6.0(2)A3(3), 6.0(2)U3(2.68), 6.0(2)U3(3), 6.1(2)I1(2.65), 6.1(2)I1(3), 6.1(2)I2(2b), 6.1(2)I2(2c), 6.1(2)I3(0.133), 6.1(2)I3(0.155) Bug Id: CSCut32029 Title: Switch upgrade fails from 2m to 3i with slot error Description: Symptom: Upgrade will not complete successfully. Conditions: The upgrade was started via APIC GUI or CLI Workaround: reboot the switch Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 27-MAY-2015 Known Affected Releases: 11.0(3f) Known Fixed Releases: 11.0(3.921), 11.1(0.173) Bug Id: CSCuu05108 Title: On Vmotion the EP still has the previous Hv ID based useg applied Description: Symptom: The Hypervisor based ( Host Matching) microsegment EPG for Source Host still applied on the Endpoint VM after vmotion to a different Host . Conditions: Vmotion of a VM between 2 hosts with Source Host having a Hypervisor ID based EPG policy applied . Workaround: None Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 26-MAY-2015 Known Affected Releases: 7.3(0)ZN(0.8) Known Fixed Releases: 1.1(0.882a), 1.1(0.884a), 1.1(0.887a), 1.1(0.890a), 1.1(0.892a), 1.1(0.895a), 1.1(0.897) Bug Id: CSCut25121 Title: OSPF crash seen while executing "show ip ospf router" command Description: Symptom: OSPFv2 crashes Conditions: If routes are churning when "show ip ospf route" is issued, OSPFv2 may crash. Workaround: None Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 27-MAY-2015 Known Affected Releases: 7.0(3)I1(1.124), 7.0(3)I1(2) Known Fixed Releases: 7.0(0)HSK(0.433), 7.0(3)I1(1.140), 7.0(3)I1(2), 7.0(3)IEF1(2), 7.0(3)IEF1(2.7), 7.1(0)AV(0.74), 7.1(0)IB(120), 7.2(0)D1(0.481), 7.2(0)VZD(0.26) Bug Id: CSCuu38701 Title: [1M32IP][Migrate][FexPc-FexVpc][Sme-Dom][LrnTrig=Data]:seeing ~2-3m loss Description: Symptom: When an EP with multiple ips move from orphan port on one TOR to fex straight through vPC, traffic loss may be observed for some IP's in that EP for ~3 mins. Conditions: When this move happen and ip learns are distributed between 2 TOR's this case can happen Workaround: no work around Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 27-MAY-2015 Known Affected Releases: 11.1(0.208) Known Fixed Releases: Bug Id: CSCuu45392 Title: BCM Inconsistently Dropping Traffic to Different IPs in same EPG/BD/VRF Description: Symptom: An administrator observes that they are unable to ping certain endpoints located in an EPG but are able to ping other endpoints without issue over an L3 Out. All endpoints are using the same VRF and Bridge Domain with the only difference being the endpoint's IP address. For Example: Can ping 172.16.0.20 Cannot ping 172.16.0.21 Can ping 172.16.0.22 Conditions: The environment is using an L3 Out using an SVI. Endpoints are in the same EPG, VRF and Bridge Domain. Host firewalls are confirmed to not be the cause. Workaround: No consistent workaround is known at this time. Reloading the Border Leaf switch may or may not alleviate symptoms. Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 28-MAY-2015 Known Affected Releases: 11.0(3k) Known Fixed Releases: 11.1(0.223) Bug Id: CSCus79275 Title: bcm_usd crash/ N9K-X9564PX, fix Incorrect SER Parity Error correction Description: Incorrect handling of parity error correction mechanism can lead to traffic drops and some cases the ASIC not responding to route add/delete and can print syslogs similar to the below: IPFIB-SLOT1-4-UFIB_ROUTE_DESTROY: Unicast route destroy failed for VRF: x, 1, flags:0x0, intf:0x0, Error: Internal error(-1) A parity error crash on N9K-X9564PX Line card could also be the result of the incorrect handling of parity error correction mechanism. Symptom: Conditions: Workaround: This issue is fixed in 6.1(2)I3(4) Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 28-MAY-2015 Known Affected Releases: 6.1(2)I3(2), 6.1(2)I3(3a) Known Fixed Releases: 6.1(2)I3(3.64), 6.1(2)I3(4) Bug Id: CSCus63207 Title: Nexus 9k Kernel Panic Due Watchdog Timeout During Interrupt Storm Description: Symptom: A Nexus 9k switch may experience a kernel panic due to a high volume of interrupt events, possibly due to link flaps seen over an attached FEX module. `show logging onboard module 1 stack-trace` Dumping interrupt statistics CPU0 CPU1 CPU2 CPU3 intrs/last_sec max_intrs/sec 60: 1 3851542938 0 0 122 12430 PCI-MSI-edge linux-kernel-bde Conditions: High amount of interrupts are being sent to one of the switch's CPUs. Possible trigger could be a high rate of interface flaps. Workaround: None known. Further Problem Description: Status: Other Severity: 2 Severe Last Modified: 28-MAY-2015 Known Affected Releases: 6.1(2)I2(3), 7.0(3)I1(2) Known Fixed Releases: Bug Id: CSCuq09078 Title: Hsrp move active/standby from vpc domain to another leaves gmac Description: Symptom: Two different symptoms have been seen: 1) Traffic destined to VIP is looped on a backup/ listening/ standby switch 2) VMAC is programmed in hardware as a gateway MAC on backup/ listening/ standby switch Conditions: Two vPC pairs are L2 adjacent to each other, each pair is enabled for FHRP in the same group. Traffic destined to VIP is received on backup/ listening/ standby which has gateway MAC configured in hardware, at this point the traffic will loop in software. No operational impact. Workaround: Remove second HSRP pair and flap SVI. Further Problem Description: This design is not supported on the Nexus 9000 at this time. Status: Open Severity: 2 Severe Last Modified: 28-MAY-2015 Known Affected Releases: 6.1(2)I2(2b), 6.1(2)I3(0.178), 7.0(3)I1(1) Known Fixed Releases: Bug Id: CSCut77413 Title: APRIL 2015 NTPd Vulnerabilities Description: Symptom:This product includes a version of ntpd that is affected by the vulnerability identified by the Common Vulnerability and Exposures (CVE) IDs: CVE-2015-1798 and CVE-2015-1799 Conditions:Device configured with NTP and NTP Key authentication. ntp authenticate ntp authentication-key 1234 md5 104D000A0618 7 ntp trusted-key 1234 ntp peer 1.2.3.4 key 1234 Affected version: 7.0(3)I1(1) Fixed version: 7.0(3)I1(2) estimated CCO date 4/30/2015 Workaround:Not available. More Info:PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are: 4.3/3.2 https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C The Cisco PSIRT has assigned this score based on information obtained from multiple sources. This includes the CVSS score assigned by the third-party vendor when available. The CVSS score assigned may not reflect the actual impact on the Cisco Product. Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html Status: Fixed Severity: 2 Severe Last Modified: 29-MAY-2015 Known Affected Releases: 6.1(2)I3(3a) Known Fixed Releases: 7.0(3)I1(1.211), 7.0(3)I1(1.213), 7.0(3)I1(2), 7.0(3)ISH1(2), 7.0(3)ISH1(2.13), 7.0(3)ITI2(1), 7.0(3)ITI2(1.6) Bug Id: CSCut19696 Title: PM core on 2 IFCs after posting config Description: Symptom: The policy manager cores on 2 IFCs after posting a configuration. Conditions: This may happen during upgrade from an older release and if a message with unknown config is received. Workaround: None Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 29-MAY-2015 Known Affected Releases: 1.1(0.706a), 1.1(0.766m) Known Fixed Releases: 1.0(3.34), 1.1(0.726) Bug Id: CSCul56483 Title: Not able to route between vlans for traffic traversing peer link twice Description: Symptom: On the Nexus 9000 switch if traffic ingressing on peer link on one vlan, and egress out on different vlan via the same vpc peer link ports, then the hairpin traffic will be dropped. BFD echo mode is one example where BFD enabled on SVI will not establish in echo mode. Conditions: Issue happens when switch is enabled for VPC. Issue does not happen in non vpc environments. Workaround: 1. Use peer-gateway under vpc domain. 2. Use of FHRP based protocols with vpc (which is a more common configuration) will not see this issue. Further Problem Description: This is vpc limitation on the nexus 9000 switch and hence behavior cannot be changed. Status: Terminated Severity: 2 Severe Last Modified: 29-MAY-2015 Known Affected Releases: 6.1(2)I2(0.53) Known Fixed Releases: Bug Id: CSCuu58601 Title: PO member are disabled or suspended by LACP Description: Symptom: ALL PO are down, because no operational member. Conditions: NA Workaround: NA Further Problem Description: Status: Open Severity: 2 Severe Last Modified: 29-MAY-2015 Known Affected Releases: 7.0(3)I2(0.333) Known Fixed Releases: Bug Id: CSCut96930 Title: nginx terminates when trust point is deleted Description: Symptom: Nginx terminates when the trust point is deleted. Conditions: Nginx terminates when the trust point is deleted. Workaround: None Further Problem Description: Status: Fixed Severity: 1 Catastrophic Last Modified: 29-MAY-2015 Known Affected Releases: 1.0(3.46a) Known Fixed Releases: 1.0(3.52) Bug Id: CSCup97505 Title: EPC heartbeat failure seen on increasing glean traffic via copp Description: Symptom: When sending a large amount of ARPs or other control plane traffic over a long period, fabric modules could reload due to EPC heartbeat failure. Conditions: When sending a large amount of ARPs or other control plane traffic over a long period, fabric modules could reload due to EPC heartbeat failure. Workaround: none Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 29-MAY-2015 Known Affected Releases: 6.1(2)I2(2a) Known Fixed Releases: 7.0(3)I1(0.171), 7.0(3)I1(0.180), 7.0(3)I1(1), 7.0(3)I1(1.20), 7.0(3)I1(2), 7.0(3)I2(0.54), 7.0(3)I2(1) Bug Id: CSCuu45622 Title: Installer fails can't find srgcheck lib for fexes Description: Symptom: Installer fails 2015 May 19 20:54:51 N9508_111_2019-VTEP-1 %$ VDC-1 %$ %HMM-3-RWSEM_LOCK_FAIL: -Traceback: librsw.so+0xeb46c librsw.so+0xecd71 librsw.so+0xef216 liburib.so+0x117a3 liburib.so+0x11ef7 libu6rib.so+0xd3ca 0x80a6587 0x80b2726 0x80b5c39 0x8085e86 librsw.so+0xac76b libpthread.so.0+0x6b75 libc.so.6+0xece1e 2015 May 19 20:54:51 N9508_111_2019-VTEP-1 %$ VDC-1 %$ %HMM-3-TSP_LOCK_RELEASE_ORDER: Lock release out of order 2015 May 19 20:54:51 N9508_111_2019-VTEP-1 %$ VDC-1 %$ %HMM-3-LOCK_RELEASE_ORDER: -Traceback: librsw.so+0xec484 librsw.so+0xef297 liburib.so+0x117e3 liburib.so+0x11f17 libu6rib.so+0xd518 0x80a6587 0x80b2726 0x80b5c39 0x8085e86 librsw.so+0xac76b libpthread.so.0+0x6b75 libc.so.6+0xece1e Conditions: NA Workaround: Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 29-MAY-2015 Known Affected Releases: 7.0(3)I2(0.313) Known Fixed Releases: 7.0(3)I2(0.332), 7.0(3)I2(1), 7.0(3)ITI2(1), 7.0(3)ITI2(1.6) Bug Id: CSCus11097 Title: Power shutdown and recovery ntpd not running on IFCs Description: Symptom: ntpd configuration is wiped out on a power shutdown. Conditions: unexpected power outage Workaround: reapply the configs for ntp Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 29-MAY-2015 Known Affected Releases: 1.0(2m) Known Fixed Releases: 1.0(3.34), 1.1(0.508a), 1.1(0.518) Bug Id: CSCut83360 Title: [VPC] rsvpcConf relation unformed after switch profile delete/add Description: Symptom: VPCs failed to get created on one side of a VPC pair causing a "Peer does not have corresponding vPC" failure and then traffic loss. Conditions: Conditions under which the bug shows up: 1. 2 Leaves in a VPC pair 2. Remove the switch profile that covers the infra::AccBndlGroup representing the VPC 3. Wait for 300 seconds 4. Re-add the same switch profile Workaround: Delete and recreate the infra::AccBndlGroup representing that VPC. Further Problem Description: Status: Open Severity: 2 Severe Last Modified: 29-MAY-2015 Known Affected Releases: 11.1(0.180) Known Fixed Releases: 1.1(0.816a), 1.1(0.825a), 1.1(0.827) Bug Id: CSCuu60820 Title: EPG not deployed on leaf if static EPG is created on leaf. Description: Symptom: vNIC placed in a vCenter portgroup on AVS will be blocked for traffic Conditions: This vNIC has to be the first port (endpoint) in an EPG on an AVS host behind a leaf where the EPG is not deployed currently. Workaround: A script will be provided and attached to this bug which has the following steps. 0)Enable testapi on the apic 1)create this Mo under infraInfra using testapi https:///testapi/policymgr/mo/uni.xml Status: Fixed Severity: 2 Severe Last Modified: 30-MAY-2015 Known Affected Releases: 1.0(4h) Known Fixed Releases: Bug Id: CSCuu51335 Title: 9464PX Ports 14 & 16 doesnt work with GLC-T Transcievers Description: Symptom: Link doesnt come up with Port 14 or Port 16 on 9464PX card with GLC-T Transceivers Conditions: 9464PX card with GLC-T Transceivers on port 14 or port 16 Workaround: Insert GLC-TC transceivers on port 13 and 15 and configure them to be same speed as that of what is desired for port 14 and port 16. Now, port 14/16 should start working. Further Problem Description: Disabling auto-neg through bcm-shell might bring up the link, but actual traffic doesnt go through. Not specific to 3.4 software version, even older software versions have the problem. Status: Open Severity: 2 Severe Last Modified: 30-MAY-2015 Known Affected Releases: 6.1(2)I3(4), 7.0(3)I1(1.251), 7.0(3)I2(0.333) Known Fixed Releases: 6.1(2)I3(4b) Bug Id: CSCuu58696 Title: reload with Camden build 333 cause bcm_usd core Description: Symptom: System crashed after reload Conditions: Workaround: Further Problem Description: Status: Open Severity: 2 Severe Last Modified: 30-MAY-2015 Known Affected Releases: 7.0(3)I2(0.333) Known Fixed Releases: Bug Id: CSCuu52394 Title: ISIS PDU from tenant space dropped in leaf Description: Symptom: ACI leaf do drop ISIS hello when received from an epg in a user tenant Conditions: Workaround: none Further Problem Description: Status: Fixed Severity: 1 Catastrophic Last Modified: 30-MAY-2015 Known Affected Releases: 11.0(4) Known Fixed Releases: 11.1(0.230) Bug Id: CSCuu27351 Title: Unable to change the PN to 'Unenforced' Description: Symptom: Command fails with error "Configuration is invalid due to GraphInst does not have any configuration parameters" after a policy based upgrade. Conditions: Policy-based upgrade was done from 867d or earlier image to a latter version Workaround: Please run the script cleanupRsLIfCtxToBD.py by pointing it at your APIC ip address. Script can be obtained from AS folks Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 31-MAY-2015 Known Affected Releases: 1.1(0.867b), 1.1(0.872a) Known Fixed Releases: 1.0(4i), 1.1(0.904), 1.1(0.906) Bug Id: CSCuu45269 Title: [Tib Fex]: policyelem core observed during fex hw regression Description: Symptom: Conditions: Workaround: Further Problem Description: Program terminated with signal 11, Segmentation fault. #0 0xf70d76ed in nw::PathEpBI::getFabricPathEpDnFromNwPathEpDn(mo::DnBuffer const&, mo::DnBuffer&, bool) () from /isan/lib/libsvc_ifc_policyelem.so (gdb) bt #0 0xf70d76ed in nw::PathEpBI::getFabricPathEpDnFromNwPathEpDn(mo::DnBuffer const&, mo::DnBuffer&, bool) () from /isan/lib/libsvc_ifc_policyelem.so #1 0xf6eb59f2 in ifc_policyelem::Svc::taskNwPathEpUpdatePathEpContextFormatCb(meta::ActionHandler const*, mo::Mo*, mo::Mo*) () from /isan/lib/libsvc_ifc_policyelem.so #2 0xf6831475 in meta::TaskHandler::trigger(mo::Mo*, mo::Mo&, bool) const () from /isan/lib/libcore.so #3 0xf68352f1 in meta::TaskHandler::trigger(mo::Mo&, unsigned int) () from /isan/lib/libcore.so #4 0xf70d93a0 in nw::PathEpBI::postExplicitCb(mo::Mo&) const () from /isan/lib/libsvc_ifc_policyelem.so #5 0xf674f2b8 in ?? () from /isan/lib/libcore.so #6 0xf6758a92 in mo::Changer::processObjects(void (*)(mo::Mo*), bool, proc::Transactor::State) const () from /isan/lib/libcore.so #7 0xf674db8a in mo::Transactor::explicitEndCb() () from /isan/lib/libcore.so #8 0xf67cfd9b in proc::Doer::bulk(std::vector >&) () from /isan/lib/libcore.so #9 0xf67d0d3c in proc::Doer::tryBulk(std::vector >&) () from /isan/lib/libcore.so #10 0xf67d0f61 in proc::Doer::process(std::vector >&) () from /isan/lib/libcore.so #11 0xf67d21b2 in proc::Doer::react(std::array const&, unsigned int) () from /isan/lib/libcore.so #12 0xf66f953c in core_queue::BsqReader::process(core_queue::BatchServiceQueue&, unsigned char) () from /isan/lib/libcore.so #13 0xf66f02bc in core_queue::BatchServiceQueue::consume(unsigned char) () from /isan/lib/libcore.so #14 0xf66ef54e in boost::asio::detail::completion_handler, unsigned char>, boost::_bi::list2*>, boost::_bi::value > > >::do_complete(boost::asio::detail::task_io_service*, boost::asio::detail::task_io_service_operation*, boost::system::error_code const&, unsigned int) () from /isan/lib/libcore.so #15 0xf62f087f in boost::asio::detail::strand_service::do_complete(boost::asio::detail::task_io_service*, boost::asio::detail::task_io_service_operation*, boost::system::error_code const&, unsigned int) () from /isan/lib/libosiris.so #16 0xf62ee836 in boost::asio::detail::task_io_service::run(boost::system::error_code&) () from /isan/lib/libosiris.so #17 0xf62eac66 in core_thread::WorkDispatcher::onThreadCreation() () from /isan/lib/libosiris.so #18 0xf62ec40d in boost::detail::thread_data, boost::_bi::list1 > > >::run() () from /isan/lib/libosiris.so #19 0xf2dd58ec in ?? () from /usr/lib/libboost_thread.so.1.49.0 #20 0xf2db69ab in start_thread (arg=0xf11cfb40) at pthread_create.c:309 #21 0xf2ad Status: Fixed Severity: 2 Severe Last Modified: 31-MAY-2015 Known Affected Releases: 1.1(0.902a) Known Fixed Releases: 1.1(0.910a), 1.1(0.911) Find additional information in Bug Search index.   2013 Cisco and/or its affiliates. All rights reserved. Terms & Conditions | Privacy Statement | Cookie Policy | Trademarks