Preview Tool

Cisco Bug: CSCul18059 - Object Group Search may cause ACL to be matched incorrectly

Last Modified

Apr 16, 2020

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases

8.4(6) 8.4(7)

Description (partial)

If object-group search is enabled, an ACL line with an Object-group that has overlapping networks may not be matched appropriately resulting in traffic being denied or permitted as expected.

This issue only occurs if object-group search is enabled with the command 'object-group-search access-control

This has been seen on ASA code version 8.4(6) as well as ASA code version 8.4(7). It may exist on other versions as well. Please check the bug details for fixed version.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.