| |
Bug Id: | CSCty42626 |
Title: | RSA operations fail with '(malloc) at interrupt level' msg |
|
Description: | Symptom:
Certificate enrollment fails for some of the Cisco routers due to
digital signature failure.
Conditions:
This symptom was initially observed when the Cisco 3945 router or
the Cisco 3945E router enrolls and requests certificates from a CA server.
This issue potentially impacts those platforms with HW crypto engine. Affected
platforms include (this is not a complete/exhaustive list)
c3925E, c3945E
c2951, c3925, c3945
c7200/VAM2+/VSA,
possibly VPNSPA on c7600/cat6K
819H
ISR G2 routers with ISM IPSec VPN accelerator
The issue is also seen on GetVPN Key Servers during the rekey process.
The issue can also be observed during the RSA key generation process on the router.
Workaround:
There is no workaround.
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 03-JUN-2015 |
|
Known Affected Releases: | 15.1(4)M3.10 |
|
Known Fixed Releases: | 15.0(1)M10, 15.0(1)M8.18, 15.0(1)M9, 15.0(2)EJ, 15.0(2)EJ1, 15.0(2)EX, 15.0(2)EX1, 15.0(2)EX3, 15.0(2)EX4, 15.0(2)EX5 |
|
|
| |
| |
Bug Id: | CSCut62573 |
Title: | Delay in ip sla start-time day by day |
|
Description: | Symptom:
Delay will happen on ip sla start-time day by day
Conditions:
1. The router is sync to a NTP server
2. ip sla is configured with another router
3. ip sla start-time is set
Workaround:
none
Further Problem Description:
|
|
Status: | Open |
|
Severity: | 2 Severe |
Last Modified: | 04-JUN-2015 |
|
Known Affected Releases: | 15.3(3)M4.2 |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCty80850 |
Title: | Layer 2 not coming up and SABME not being detected. |
|
Description: | Symptom:
3925 Gateway(VWIC-2MFT-E1/T1)---PRI---TELCO Switch.
Gateway sending SABME to TELCO, and TELCO replies to it. Replies not detected by the Controller.
Same behaviour with software loopback test and hardware loopback test. Atleast in Software loopback test using (loopback diag), the gateway should see the same SABME(sent by the controller) coming back to it.
ISDN status toggling between in "Awaiting Establishment" and "TEI_ASSIGNED".
Conditions:
Found in customer environment.
Intermittent.
3925 Router
IOS : c3900-universalk9-mz.SPA.151-4.M1.bin
Workaround:
Reload fixes the issue.
|
|
Status: | Terminated |
|
Severity: | 2 Severe |
Last Modified: | 06-JUN-2015 |
|
Known Affected Releases: | n/a |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCtj79480 |
Title: | High CPU due to interrupts in time_it |
|
Description: | Symptom:
High CPU usage due to time_it (in interrupts).
Conditions:
The conditions are undetermined at this time.
Workaround:
Reload the router and the CPU goes down for certain time.
Further Problem Description:
|
|
Status: | Terminated |
|
Severity: | 2 Severe |
Last Modified: | 08-JUN-2015 |
|
Known Affected Releases: | 15.1(1)T1 |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCut34058 |
Title: | Memory Fragment on SM-X-1T3/E3= with Serial Background process |
|
Description: | Symptom:
The following memory log start to appear again and again:
035167: Feb 17 10:01:13.316 CST: %SYS-2-MALLOCFAIL: Memory allocation of 10060 bytes failed from 0x358708, alignment 32
Pool: I/O Free: 1642352 Cause: Memory fragmentation
Alternate Pool: None Free: 0 Cause: No Alternate pool
-Process= "Serial Background", ipl= 4, pid= 43
-Traceback= 19E5889z 31B9D78z 31B9529z 358708z 354B50z 358D24z 36385Cz 3637D9z 2EFF3A3z
The process consuming the memory is Serial Background
After the decode of the traceback we noticed that the card "SM-X-1T3/E3=" appears on it:
0x36385C:__be_sm_1t3e3_serial_set_idle_character_mode(0x3637f4)+0x68
0x3637D9:__be_sm_1t3e3_serial_reset_wrapper(0x3637ba)+0x1f
Conditions:
The device must have the SM-X-1T3/E3= card.
Workaround:
None
Further Problem Description:
|
|
Status: | Open |
|
Severity: | 2 Severe |
Last Modified: | 09-JUN-2015 |
|
Known Affected Releases: | 15.3(3)M4 |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCus30128 |
Title: | RRI dynamic L2L after client change ip address Ipsec rekey lost routes |
|
Description: | Symptom:
Dynamic L2L IPsec VPN , client used PPPOE to connect to internet.
When the client PPPOE disconnect and got the new ip address .
In the hub when the old address SPI lifetime reached and delete it will delete the RRI route.
When the new SPI lifetime reached , IPsec rekey the RRI route be added and then very quickly be delete.
Conditions:
The issue is happened when remote router change the ip address , but in the hub still have the old SPI information.
Workaround:
Manually add an static route for the RRI entry.
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 10-JUN-2015 |
|
Known Affected Releases: | 15.2(4)M6.1 |
|
Known Fixed Releases: | 15.3(3)S5.16, 15.5(1)S1.1, 15.5(1)S2, 15.5(1)S2.1, 15.5(1)SN1, 15.5(1)T1, 15.5(2)S0.8, 15.5(2.14)S, 15.5(2.23)T |
|
|
| |
| |
Bug Id: | CSCtz22112 |
Title: | VXML gateway crash when trying to access a URL. |
|
Description: | Symptoms: A VXML gateway may crash while parsing through an HTTP packet that
contains the "HttpOnly" field:
//324809//HTTPC:/httpc_cookie_parse: * cookie_tag=' HttpOnly'
//324809//HTTPC:/httpc_cookie_parse: ignore unknown attribute: HttpOnly
Unexpected exception to CPU: vector D, PC = 0x41357F8
Note: The above log was captured with "debug http client all" enabled to
generate additional debugging output relevant to HTTP packet handling.
Conditions: The symptom is observed when an HTTP packet with the "HttpOnly"
field set is received.
Workaround: There is no workaround.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 10-JUN-2015 |
|
Known Affected Releases: | 15.1(3.22)T |
|
Known Fixed Releases: | 15.1(4)M5.14, 15.1(4)M6, 15.1(4)M7, 15.1(4)M8, 15.1(4)M9, 15.2(2.19)S0.7, 15.2(3.16)T, 15.2(3.30)PIP, 15.2(4)GC, 15.2(4)GC1 |
|
|
| |
| |
Bug Id: | CSCtq23960 |
Title: | ISR series routers using PPC or MIPS arch crash & gen empty crash files |
|
Description: | Symptoms: A Cisco ISRG2 3900 series platform using PPC architecture crashes and
generates empty crashinfo files:
show flash: all
-#- --length-- -----date/time------ path
<>
2 0 Mar 13 2011 09:40:36 crashinfo_
3 0 Mar 13 2011 12:35:56 crashinfo_
4 0 Mar 17 2011 16:14:04 crashinfo_
5 0 Mar 21 2011 05:50:58 crashinfo_
Conditions: The symptom is observed with a Cisco ISRG2 3900 series platform
using PPC architecture.
Workaround: There is no workaround.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 10-JUN-2015 |
|
Known Affected Releases: | 15.0(1)M5, 15.0(1)S5.1, 15.1(2)T2 |
|
Known Fixed Releases: | 15.1(4)M5.18, 15.1(4)M6, 15.1(4)M7, 15.1(4)M8, 15.1(4)M9, 15.2(1.2.3)PI22, 15.2(4)GC, 15.2(4)GC1, 15.2(4)GC2, 15.2(4)M2.5 |
|
|
| |
| |
Bug Id: | CSCud82278 |
Title: | DNLD: flex_dnld_dsp_msg_proc unexpected event 0, expected 1 received ons |
|
Description: | Symptom:
DNLD: flex_dnld_dsp_msg_proc unexpected event 0, expected 1 received ons
Conditions:
Though there is no ipsla configuration just with the presence of PVDM3-256 the error is spewed out and the cpu hit 99% dropping traffic.
*Dec 20 19:51:16.303: DNLD: flex_dnld_dsp_msg_proc unexpected event 0, expected 1 received onslot 0 dsp 0 state 2
*Dec 20 19:51:16.303: pak len 20 0 14 0 0 0 82 0 0 0 0 0 21 0 1 0 0 0 2E 0 80
*Dec 20 19:51:16.303:
Workaround:
NA
|
|
Status: | Terminated |
|
Severity: | 2 Severe |
Last Modified: | 12-JUN-2015 |
|
Known Affected Releases: | 15.3(1.10)T, 15.3(1.4)T |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCtq78217 |
Title: | ISRG2: Router reloads due to Segv exception process: CCSIP_SPI_CONTROL |
|
Description: | Symptoms: A router crashes with the following information:
System returned to ROM by address error at PC 0xZZZZZZZZ, address 0xZZZZZZZZ
Conditions: The symptom is observed with CUBE + SIP.
Workaround: There is no workaround.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 12-JUN-2015 |
|
Known Affected Releases: | 15.1(3)T |
|
Known Fixed Releases: | 15.1(2)T5, 15.1(3)T3.1, 15.1(3)T4, 15.1(4)GC1, 15.1(4)GC2, 15.1(4)M1.6, 15.1(4)M2, 15.1(4)M3, 15.1(4)M4, 15.1(4)M5 |
|
|
| |
| |
Bug Id: | CSCut11714 |
Title: | Router crash on defaulting interface with CFM configuration |
|
Description: | Symptom:
AIS condition not successfully cleared on UUT Router
Conditions:
AIS condition not successfully cleared on UUT Router for the version 15.5(2.3)T
Workaround:
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 12-JUN-2015 |
|
Known Affected Releases: | 15.5(1.23)T, 15.5(1.23)T0.2 |
|
Known Fixed Releases: | 15.5(1.23)T0.6, 15.5(2)T, 15.5(2.7)T |
|
|
| |
| |
Bug Id: | CSCuu82082 |
Title: | Memory corruption crash due to cont_scan_display_session |
|
Description: | Symptom:
We see a lot of '%AP-1-AUTH_PROXY_AUTH_FAILURES_EXCEEDED' logs prior to the crash.
Not sure if they are related for now.
Conditions:
The crash is observed after the following CLI 'sh cws sess active ip-addr all' was executed.
However the crash is not consistently seen with the above CLI.
Workaround:
None
Further Problem Description:
|
|
Status: | Open |
|
Severity: | 2 Severe |
Last Modified: | 13-JUN-2015 |
|
Known Affected Releases: | 15.4(3)M1 |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCut85312 |
Title: | H245 accessing free chunk |
|
Description: | Symptom:
Hw sw
c3900-universalk9-mz.SPA.152-4.M7.bin
CISCO3925
Conditions:
None
Workaround:
None
Further Problem Description:
|
|
Status: | Open |
|
Severity: | 2 Severe |
Last Modified: | 15-JUN-2015 |
|
Known Affected Releases: | 15.2(4)M7.1 |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCuo00091 |
Title: | ISM: No Packets encrypted: IP PKT Exception increasing |
|
Description: | Symptom:
ISM does not encrypt data (encaps counter is 0 in "show crypto ipsec sa")
Issue is seen in post 15.2(4)M5.4 (including M6) versions.
Conditions:
ISM is used.
Workaround:
Use oboard crypto
Further Problem Description:
|
|
Status: | Other |
|
Severity: | 2 Severe |
Last Modified: | 15-JUN-2015 |
|
Known Affected Releases: | 15.2(4)M6 |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCus56153 |
Title: | Crash with MSRPC trf @ Firewall State,CCE dp policy feature object chunk |
|
Description: | Symptom:
IOS crash @CCE dp policy f
Conditions:
na
Workaround:
none at the moment
Further Problem Description:
|
|
Status: | Other |
|
Severity: | 2 Severe |
Last Modified: | 16-JUN-2015 |
|
Known Affected Releases: | 15.2(4)M6 |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCto48060 |
Title: | Router crashed by Unexpected exception to CPU: vector 1400 |
|
Description: | Symptoms: A Cisco 3900 series router may crash with the following error:
Unexpected exception to CPU: vector 1400
Conditions: The symptom is observed when the router is configured as a voice
gateway using H323 and H245 and connected to CUCM. If CUCM is sending a
MultiMediaSystemControl messages with no entry, the router may crash.
Workaround: There is no workaround.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 17-JUN-2015 |
|
Known Affected Releases: | 15.1(1)T |
|
Known Fixed Releases: | 15.1(3)T2.3, 15.1(3)T3, 15.1(3)T4, 15.1(4)GC1, 15.1(4)GC2, 15.1(4)M1.4, 15.1(4)M2, 15.1(4)M3, 15.1(4)M4, 15.1(4)M5 |
|
|
| |
| |
Bug Id: | CSCuj23293 |
Title: | Memory leak in CCSIP_UDP_SOCKET |
|
Description: | <B>Symptom:</B>
A memory leak is seen in the MALLOCLITE process:
show processes memory ------------------
Processor Pool Total: 282793968 Used: 280754252 Free: 2039716
I/O Pool Total: 41943040 Used: 18560544 Free: 23382496
PID TTY Allocated Freed Holding Getbufs Retbufs Process
0 0 268189264 170950536 88785564 1354 634324 *Init*
0 0 0 0 141933756 0 0 *MallocLite*
409 0 451333208 202702788 40928844 83639 83639 CCSIP_UDP_SOCKET
299003084 Total
The memory continues to increase there.
<B>Conditions:</B>
This symptom is observed while parsing to header, Gateway gets errors as below:
Feb 26 12:07:28 EST: Parse Error: url_parseSipUrl: Received Bad Port
Feb 26 12:07:28 EST: //2765/000000000000/SIP/Error/sippmh_cmp_tags: Parse Error in request header
The correct response for the above should have been to send
400 Bad Request The request cannot be fulfilled due to bad syntax
The memory associated with the above is not getting released is the side effect of the above.
<B>Workaround:</B>
There is no workaround.
<B>Further Problem Description:</B>
This issue was not seen on versions earlier than 15.3X
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 18-JUN-2015 |
|
Known Affected Releases: | 15.3(1)T1.1, 15.3(2)T1.2 |
|
Known Fixed Releases: | 15.3(3)M2.4, 15.3(3)M3, 15.3(3)M4, 15.3(3)S2.8, 15.3(3)S3, 15.3(3)S4, 15.4(1)S2.2, 15.4(1)S3, 15.4(1)T1.2, 15.4(1)T2 |
|
|
| |
| |
Bug Id: | CSCui79745 |
Title: | Crash @ crypto_engine_packet_callback in IPSEC on ISR Codenomicon |
|
Description: | Symptom:
A vulnerability in IPSec processing of Cisco IOS Software could allow an authenticated, remote attacker to cause a reload of the affected device.
The vulnerability is due to improper processing of malformed IPSec packets. An attacker could exploit this vulnerability by sending malformed IPSec
packets to be processed by an affected device. An exploit could allow the attacker to cause a cause a reload of the affected device.
Conditions:
Cisco IOS device receiving malformed IPSec packets over an established IPSec SA, may crash.
Workaround:
None
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are
6.8/5.6:
https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:L/Au:S/C:N/I:N/A:C/E:F/RL:OF/RC:C
CVE ID CVE-2014-3299 has been assigned to document this issue.
Additional details about the vulnerability described here can be found at:
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3299
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 19-JUN-2015 |
|
Known Affected Releases: | 15.4(0.12)T |
|
Known Fixed Releases: | 15.2(1)SY1.13, 15.2(2)E, 15.2(2.2.73)ST, 15.2(2.2.93)EA, 15.2(2.3)PSR, 15.2(2.39)PSR, 15.2(2b)E, 15.2(3)E, 15.3(2)T4, 15.3(3)M3.2 |
|
|
| |
| |
Bug Id: | CSCur07571 |
Title: | Processor memory leak with MRCP_Client at cc_api_get_call_active_entry |
|
Description: | Symptom:
A VXML gateway router will see a memory leak with MRCP_CLIENT in processor memory. In some cases this can lead to the gateway crashing.
Conditions:
Seen with MRCPv1
Workaround:
Not seen MRCPv2
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 1 Catastrophic |
Last Modified: | 19-JUN-2015 |
|
Known Affected Releases: | 15.3(3)M3 |
|
Known Fixed Releases: | 15.3(3)M4.1, 15.3(3)M5, 15.3(3)S4.5, 15.3(3)S5, 15.4(1)S2.22, 15.4(1)S3, 15.4(1)T2.2, 15.4(1)T3, 15.4(2)S2.15, 15.4(2)S3 |
|
|
| |
| |
Bug Id: | CSCuq15237 |
Title: | GM hangs while applying show crypto gdoi command |
|
Description: | Symptom:
GM2 hangs after applying the command "show crypto gdoi | inc (POLICY|spi|remaining)"
Conditions:
This is seen in IPv6 IPSec scenarios.
Workaround:
Unknown
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 1 Catastrophic |
Last Modified: | 19-JUN-2015 |
|
Known Affected Releases: | 15.5(0.10)T, 15.5(0.11)T |
|
Known Fixed Releases: | 15.0(2)EA, 15.0(2)EB, 15.0(2)EC, 15.0(2)ED, 15.0(2)EH, 15.0(2)EJ, 15.0(2)EJ1, 15.0(2)EK, 15.0(2)EK1, 15.0(2)EX |
|
|
| |
| |
Bug Id: | CSCue20991 |
Title: | 3900 / MPLS MTU override does not work |
|
Description: | Symptom:
1) The "mpls mtu override" option does not work on the Cisco c3900. Packets are
dropped with the "%LINK-4-TOOBIG:" error.
2) The packet size printed in the "%LINK-4-TOOBIG:" error is wrong; it is
printing wrong parameter instead of the datagram size.
3) max_pak_size considered is 1518 even in the case of interface drivers
supporting up to 9576.
Conditions:
This symptom is observed with the Cisco c3900 running Cisco IOS Release 15.1(4)M.
Workaround:
Match MPLS MTU exactly with the interface MTU.
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 24-JUN-2015 |
|
Known Affected Releases: | 15.1(4)M |
|
Known Fixed Releases: | 15.1(4)M8, 15.1(4)M9, 15.3(3)M2.3, 15.3(3)M3, 15.3(3)M4, 15.4(1.7)T, 15.4(2)CG, 15.4(2)T, 15.4(2)T1, 15.4(3)M |
|
|
| |
| |
Bug Id: | CSCug38248 |
Title: | Watchdog Crash on "CFT Timer" When Unbinding & Deleting Child Flow |
|
Description: | Symptom: Watchdog crash is observed on "Common Flow Table" timer process. For example:
%SYS-2-WATCHDOG: Process aborted on watchdog timeout, process = CFT Timer Process.
Conditions: Error is raised due to a CPU loop while attempting to unbind and delete a child flow in the "CFT Timer" process.
Workaround: There is no workaround.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 25-JUN-2015 |
|
Known Affected Releases: | 15.3(2)T |
|
Known Fixed Releases: | 15.0(11.6)EMW, 15.1(1)ICA4.122, 15.2(1)IC273.5, 15.2(2)E, 15.2(4)JB, 15.2(4)JB1, 15.2(4)JB3, 15.2(4)JB3a, 15.2(4)JB3b, 15.2(4)JB3s |
|
|
| |
| |
Bug Id: | CSCty02015 |
Title: | %DSPRM-2-DSPALARM: Received alarm indication from dsp (0/1). Resetting t |
|
Description: | Symptom:
DSP crashes and resets under load combined with line impairments on fax channels.
Conditions:
Crashes can occur when (1) FAX calls are acitve, (2) there are impairments on the TDM side (loss, etc.). We strongly suspect that specifically impairments on FAX lines trigger the DSP Crashes.
Workaround:
None. As of this writing, there is a root cause and an engineering fix in test. Contact support for details.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 26-JUN-2015 |
|
Known Affected Releases: | 15.1(0.3)T |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCuu95673 |
Title: | CISCO3925 with 154-3.M1 may keep crashing |
|
Description: | Symptom:
Device kept crashing with same traces, and reporting:
Unexpected exception to CPU: vector 1400
Conditions:
Voice
The root cause and other condition is under investigation.
Workaround:
problem is not seen on 15.3(3)M5
Further Problem Description:
|
|
Status: | Open |
|
Severity: | 2 Severe |
Last Modified: | 29-JUN-2015 |
|
Known Affected Releases: | 15.4(3) |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCtr26373 |
Title: | PQ3_TSEC Gig interface hangs due to stuck Rx ring |
|
Description: | Symptom:
Interface experiences resource exhaustion and throttles. When coming out of the throttle condition the interface may get stuck and stop receiving traffic. All ingress traffic will then be counted as "input errors".
Conditions:
This has been observed on onboard GE interfaces of Cisco 39xx and
Cisco 2951 routers. It may be seen at random times. The interface will still
show "up/up" in the show interface output.
Workaround:
Reset the interface to restore connectivity.
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 29-JUN-2015 |
|
Known Affected Releases: | 15.1(2)T3 |
|
Known Fixed Releases: | 15.0(1)M10, 15.0(1)M8.3, 15.0(1)M9, 15.1(2)T4.1, 15.1(2)T4.2, 15.1(2)T5, 15.1(3)T1.6, 15.1(3)T2, 15.1(3)T3, 15.1(3)T4 |
|
|
| |
| |
Bug Id: | CSCus89791 |
Title: | g722-64 codec crash during dial tone with country code |
|
Description: | Symptom:
Router gateway may crash with the g722-64 codec when processing country codes.
Conditions:
g722-64 codec must be configured. This issue is still under investigation
Workaround:
Remove g722-64 if possible.
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 29-JUN-2015 |
|
Known Affected Releases: | 15.3(3)M4 |
|
Known Fixed Releases: | 15.3(3)S5.7, 15.4(3)M2.1, 15.4(3)M3, 15.4(3)S2.7, 15.4(3)S3, 15.5(1)S1.1, 15.5(1)S2, 15.5(1)S2.1, 15.5(1)T1.1, 15.5(1)T2 |
|
|
| |
| |
Bug Id: | CSCut78892 |
Title: | [PI28] Router crash while unconfiguring DMVPN tunnel |
|
Description: | Symptom:
Router crash and reload while unconfiguring
Conditions:
While unconfiguring DMVPN tunnel
Workaround:
NA
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 1 Catastrophic |
Last Modified: | 29-JUN-2015 |
|
Known Affected Releases: | 15.5(3)M |
|
Known Fixed Releases: | 15.4(3)M2.2, 15.4(3)M3, 15.5(2)T0.1, 15.5(2)T1, 15.5(2.14)T, 15.5(2.14.1)PIH28 |
|
|
| |
| |
Bug Id: | CSCup67654 |
Title: | ISM-VPN module crash due to memory leak;Traceback = 1000b8a0 or 1000b8c0 |
|
Description: | Symptom:
-ISM crashes on ISR G2 running 152-4.M6a
-ACE Crash Info file yields traceback of the following:
======== Stack Back Trace ========
-Traceback= 1000b8a0
or
-Traceback= 1000b8c0
-Logging buffer may show the following:
May 28 07:32:56.769: Reventon small chunk is not destroyable
May 28 07:32:56.769: Reventon medium chunk is not destroyable
May 28 07:32:56.769: Reventon big chunk is not destroyable
May 28 07:32:56.777: %VPN_HW-6-SHUTDOWN: shutting down
May 28 07:33:03.645: %CRYPTO-6-GDOI_ON_OFF: GDOI is OFF
May 28 07:33:03.645: Reventon small chunk is not destroyable
May 28 07:33:03.645: Reventon medium chunk is not destroyable
May 28 07:33:03.645: Reventon big chunk is not destroyable
May 28 07:33:03.645: %VPN_HW-6-SHUTDOWN: shutting down
Conditions:
-Have ISM-VPN module enabled and encrypting traffic in ISR G2 platform
-DMVPN may be a factor
Workaround:
-Disable ISM and use onboard crypto engine with command "no crypto engine slot 0"
-If ISM has crashed, the router must be reloaded to recover module
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 29-JUN-2015 |
|
Known Affected Releases: | 15.2(4)M3.11, 15.2(4)M6.1, 15.3(3)M3 |
|
Known Fixed Releases: | 15.2(4)M8, 15.3(3)M5.1, 15.4(3)M2.2 |
|
|
| |
| |
Bug Id: | CSCuh73594 |
Title: | c3900's ISM module crashed with traffic 1.5k DMVPN + EIGRP tunnels |
|
Description: | Symptom:
ISM-VPN card module crashes while handling high traffic for long hours
Conditions:
With high numbers of DMVPN tunnels under high volume of traffic.
Workaround:
Disable ISM-VPN module and use onboard encryption crupto-engine.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 29-JUN-2015 |
|
Known Affected Releases: | 15.3(2.25)M0.1 |
|
Known Fixed Releases: | 15.2(4)M7.1, 15.3(3)M5.1, 15.4(2.3)T, 15.4(3.6)PIB25 |
|
|
| |
| |
Bug Id: | CSCug61466 |
Title: | CUBE crashes @ sipSPI_ipip_cleanup_stream_channel_array |
|
Description: | Symptom:
Symptom:
CUBE crashes for DO-EO ReINV_HD call.
Conditions:
Conditions:
CUBE crashes for DO-EO ReINV_HD call.
Workaround:
Workaround:
Issue fixed and committed
Further Problem Description:
None
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 29-JUN-2015 |
|
Known Affected Releases: | 15.3(2)S0.6, 15.3(2)T1.2, 15.3(2.12)T, 15.3(2.12.1)T, 15.3(2.16)T, 15.3(2.9)T |
|
Known Fixed Releases: | 15.2(1.2.41)PI22, 15.3(2)T1, 15.3(2)T1.3, 15.3(2)T2, 15.3(2)T3, 15.3(2)T4, 15.3(2.19)S0.6, 15.3(2.23)T, 15.3(3)M, 15.3(3)M1 |
|
|
| |
| |
Bug Id: | CSCut66144 |
Title: | VXML GW fails to handoff call to VXML Application on second VRU leg |
|
Description: | Symptom:
Call comes in to VXML GW and the TCL script for bootstrap comes up but VXML does not.
HTTP Get is never sent to CVP Server so then CVP Server times out and disconnects the call as never got any HTTP get from GW.
15.3.3.M5
Conditions:
High volume on the GW.
Workaround:
no workaround.
Further Problem Description:
GW is showing this.
9931429: Mar 26 14:22:21.839: //873876//MSM :/ms_handle_stream_timer: >>ms_start_play()
9931430: Mar 26 14:22:21.839: //873876//MSM :/ms_start_play: 1w4d, Tstart(ply: num 22 max 196 StDly 10)
Message should be.
ms_start_play: 1w4d mgdTstop(ply)
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 30-JUN-2015 |
|
Known Affected Releases: | 15.3(0.1) |
|
Known Fixed Releases: | 15.3(3)M5.2, 15.3(3)S5.12, 15.4(3)S3.3, 15.5(2)S0.9, 15.5(2)T0.1, 15.5(2)T1, 15.5(2.12)T, 15.5(2.14.1)PIH28, 15.5(2.16.5)PIH28, 15.5(2.19)S |
|
|
| |
| |
Bug Id: | CSCur01171 |
Title: | Memory leak in MRCP_CLIENT in add_to_hoststatus_table |
|
Description: | Symptom:
SIP calls caused MRCP_CLIENT to leak memory
Conditions:
these 3 processes steadily increase memory holding
C3925MCCUBE1#sh proc mem sorted
PID TTY Allocated Freed Holding Getbufs Retbufs Process
379 0 141675176 3712923352 49236032 0 0 CCSIP_SPI_CONTRO
400 0 53990776 304432952 15530048 0 0 MRCP_CLIENT
295 0 2278473520 1587812972 10569436 0 0 http client proc
Workaround:
none
Further Problem Description:
Engineering believes the fix in CSCur07571 might have addressed this issue. The fix of CSCur07571 now available in 152-4-M6 or newer.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 30-JUN-2015 |
|
Known Affected Releases: | 15.2(4)M3.11, 15.2(4)M6 |
|
Known Fixed Releases: | 15.3(3)M5.2, 15.3(3)S5.17, 15.5(2.14)T, 15.5(2.14.1)PIH28, 15.5(2.16.5)PIH28, 15.5(2.21)S |
|
|
| |
| |
Bug Id: | CSCuu98027 |
Title: | onepk memory corrupt crash when repeating sh policy-map |
|
Description: | Symptom:
onePK application results in router crash with memory corruption when repeatedly running show policy-map command.
Conditions:
Using a onePK application that polls the router for information every 320ms
Workaround:
unknown at this point
Further Problem Description:
|
|
Status: | Open |
|
Severity: | 2 Severe |
Last Modified: | 30-JUN-2015 |
|
Known Affected Releases: | 15.4(3)M1a |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCuq80985 |
Title: | Traceback seen at AFW_Snr_IsSipSnr |
|
Description: | Symptom:
CME crashes intermittently
Conditions:
SNR configured on SIP CME
Workaround:
NONE
Further Problem Description:
NONE
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 30-JUN-2015 |
|
Known Affected Releases: | 15.2TPI19 |
|
Known Fixed Releases: | 15.3(3)M5.2, 15.3(3)S5.9, 15.5(1.10.1)GB, 15.5(1.13)S, 15.5(1.7)T, 15.5(2)S |
|
|
| |
| |
Bug Id: | CSCul52326 |
Title: | L2TP/IPsec with NAT-T to ISR-G2 with ISM-VPN module fails |
|
Description: | Symptom:
IKE Phase 1 and Phase 2 establishes, but we only see few packets decrypted (none encrypted). After couple of seconds both phases get cleared.
Traceback seen on ISM-VPN shim layer debug:
debug crypto engine ism shim
Conditions:
This symptom is observed under the following condition:
- ISR-G2 [1900/2900/3900] with active ISM-VPN module acting as L2TP over IPSec Server.
- L2TP PC is behind a NAT device, triggering NAT-traversal in IKE.
Workaround:
Perform the following workarounds:
- PCs that do not get NAT'ed can connect fine.
- switch to onboard crypto engine using the command, no crypto engine slot 0
Further Problem Description:
To see if ISM-VPN module is active:
1. show crypto engine brief
crypto engine name: Virtual Private Network (VPN) Module
crypto engine type: hardware
State: Enabled
Location: slot 0
Product Name: ISM VPN Accelerator
or
2. show crypto eli
Hardware Encryption : ACTIVE
Number of hardware crypto engines = 1
CryptoEngine ISM VPN details: state = Active
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 30-JUN-2015 |
|
Known Affected Releases: | 15.3(3)M |
|
Known Fixed Releases: | 15.2(4)M8, 15.3(3)M5.2, 15.4(3)M2.2, 15.4(3)M3, 15.5(1.11)T |
|
|
| |
| |
Bug Id: | CSCuu19587 |
Title: | Tracebacks and TFO frame errors seen with WAAS-Ex, ISM-VPN and GetVPN |
|
Description: | Symptom:
Tracebacks and TFO errors seen. ftp-data not getting optimized.
Conditions:
WAAS-Ex and ISM-VPN enabled in GetVPN environment.
Workaround:
None
Further Problem Description:
|
|
Status: | Open |
|
Severity: | 2 Severe |
Last Modified: | 30-JUN-2015 |
|
Known Affected Releases: | 15.2(4)M, 15.4(3)M, 15.5(2)T, 15.5(2.13)T, 15.5(2.14)T |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCta20040 |
Title: | Device crashes when receiving invalid SIP message |
|
Description: | Summary
Multiple vulnerabilities exist in the Session Initiation Protocol (SIP) implementation in Cisco IOS Software that could allow an unauthenticated, remote attacker to cause a reload of an affected device when SIP operation is enabled.
Cisco has released free software updates that address these vulnerabilities. There are no workarounds for devices that must run SIP; however, mitigations are available to limit exposure to the vulnerabilities.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20100922-sip.shtml.
Note: The September 22, 2010, Cisco IOS Software Security Advisory bundled publication includes six Cisco Security Advisories. Five of the advisories address vulnerabilities in Cisco IOS Software, and one advisory addresses vulnerabilities in Cisco Unified Communications Manager. Each advisory lists the releases that correct the vulnerability or vulnerabilities detailed in the advisory. The table at the following URL lists releases that correct all Cisco IOS Software vulnerabilities that have been published on September 22, 2010, or earlier:
http://www.cisco.com/warp/public/707/cisco-sa-20100922-bundle.shtml
Individual publication links are in "Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication" at the following link:
http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep10.html
Cisco Unified Communications Manager (CUCM) is affected by the vulnerabilities described in this advisory. Two separate Cisco Security Advisories have been published to disclose the vulnerabilities that affect the Cisco Unified Communications Manager at the following locations:
http://www.cisco.com/warp/public/707/cisco-sa-20090826-cucm.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20100922-cucm.shtml
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 30-JUN-2015 |
|
Known Affected Releases: | 12.4(24.6)PI11i |
|
Known Fixed Releases: | 12.4(15)T12, 12.4(15)T13, 12.4(15)T14, 12.4(15)T16, 12.4(15)T17, 12.4(22)T4, 12.4(22)T5, 12.4(24)MDA13, 12.4(24)MDB13, 12.4(24)MDB14 |
|
|
| |
:
没有评论:
发表评论