Cisco Bug: CSCul18059 - Object Group Search may cause ACL to be matched incorrectly
Apr 16, 2020
- Cisco ASA 5500-X Series Firewalls
Known Affected Releases
Symptom: If object-group search is enabled, an ACL line with an Object-group that has overlapping networks may not be matched appropriately resulting in traffic being denied or permitted as expected. Conditions: This issue only occurs if object-group search is enabled with the command 'object-group-search access-control '. This has been seen on ASA code version 8.4(6) as well as ASA code version 8.4(7). It may exist on other versions as well. Please check the bug details for fixed version.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases