Text only | Text with Images

Networking-Forums.com

Professional Discussions => Vendor Advisories => Topic started by: icecream-guy on March 15, 2019, 10:59:00 AM

Title: Cissco ASA 9.8.3 Train
Post by: icecream-guy on March 15, 2019, 10:59:00 AM
I recommend not going with the 9.8.3 train,   I have recently hit SEV2 bug identified as CSCvn65598,

seems one cannot save the configuration when this bug is hit.

Code Select

# wr
Building configuration...
Cryptochecksum: 6a45af93 55c465a5 d1bc201e ed8cacb5

334080 bytes copied in 0.810 secsThe flash device is in use by another task.
The flash device is in use by another task.

[OK]

# show start
The flash device is in use by another task.
No Configuration

# fsck disk0:

ERROR: There are one or more sw-modules running on the system. Please shut down the sw-modules before attempting to run fsck on disk0:


Title: Re: Cissco ASA 9.8.3 Train
Post by: SimonV on March 15, 2019, 11:09:23 AM
Amazing  :mrgreen:
Title: Re: Cissco ASA 9.8.3 Train
Post by: Dieselboy on March 16, 2019, 02:14:51 AM
nice. Have ranted about bugs like this for a while. I bore myself these days  :mrgreen:
Title: Re: Cissco ASA 9.8.3 Train
Post by: deanwebb on March 18, 2019, 10:07:44 AM
Wow, not able to save a config?

That's kind of a thing you want to do with a config... you know... *save* it.

:ivan:
Title: Re: Cissco ASA 9.8.3 Train
Post by: SimonV on March 18, 2019, 10:56:06 AM
It's a pretty standard feature with other vendors.
Title: Re: Cissco ASA 9.8.3 Train
Post by: icecream-guy on March 18, 2019, 11:24:21 AM
they've offered me the solution to copy the running config to a disk file, odd that this works. and then after the device reloads, I can copy the disk file to running configuration.   but they think that a reload will fix the issue.  I'm working on my CM for Wednesday next week.

Title: Re: Cissco ASA 9.8.3 Train
Post by: Otanx on March 18, 2019, 11:45:02 AM
/em quickly checks deployed ASA code versions...

Thanks for this. Think I will avoid this one. These are the bugs that drive me to get rid of gear. How do you not test saving a config before releasing code? I would give them a pass if there was some very specific configuration that triggers the bug, but based on the bug report it is just using ASDM.

-Otanx
Title: Re: Cissco ASA 9.8.3 Train
Post by: Dieselboy on March 18, 2019, 09:11:07 PM
Quote from: Otanx on March 18, 2019, 11:45:02 AM
/em quickly checks deployed ASA code versions...

Thanks for this. Think I will avoid this one. These are the bugs that drive me to get rid of gear. How do you not test saving a config before releasing code? I would give them a pass if there was some very specific configuration that triggers the bug, but based on the bug report it is just using ASDM.

-Otanx

I wrote a long reply something like what you just put. I feel exactly the same. I've had Cisco tell me before "oh we cannot predict every customer deployment". But WTF man it's just 'copy run start'
Title: Re: Cissco ASA 9.8.3 Train
Post by: icecream-guy on March 19, 2019, 06:13:01 AM
This is the one that started it all, CSCvi16029. Don't bother to look it up, there is no info available in the bug search tool, you can get more info by looking here.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-asaftd

Title: Re: Cissco ASA 9.8.3 Train
Post by: Dieselboy on March 19, 2019, 11:42:51 PM
Okay so this thread almost has all the things which annoy me about Cisco and their support. We're just missing this last one which is explained in my screenshot of a message between myself and TAC this morning.
Text only | Text with Images