Cisco Discloses Self-sabotaging SSD Bug That Causes Rolling Outages For Some Firepower Appliances

Cisco has detailed a bug that causes 43 models in its Firepower security appliance range to stop passing traffic and perhaps also prevent logins to the devices’ management console.

A field notice dated May 18 explains that “due to a flaw in solid-state drive (SSD) firmware, the SSD that is internal to the FPR9300 Supervisor module and FPR4100 Series security appliances will no longer respond after approximately 3.2 years of cumulative operation.

“After the first unresponsive event occurs, every subsequent power-cycle allows the SSD to operate for approximately six weeks of cumulative operation before the SSD will no longer respond again.”

The networking giant said that after 28,224 hours of accumulated power-on time, “a memory buffer overrun condition occurs which triggers the firmware event in the SSD.” Turning the device off then on again fixes the problem. But the fix only lasts for 1,008 hours of powered-on operations before it recurs.

It gets worse: Cisco says “users with valid credentials might not be able to log in to the management console,” but doesn’t explain how users can tell if their boxen will freeze up and freeze out admins, or just freeze up.

• Cisco’s 'intuitive security' tool can’t handle MAC address randomization out-of-the-box
• Cisco restores evidence of its funniest FAIL – ethernet cable presses switch's reset button
• Here's why your Samsung Blu-ray player bricked itself: It downloaded an XML config file that broke the firmware
• Flash still works in China, but you need to ask Adobe nicely before running it

The flaw can be fixed with new firmware that Cisco has already made available, here. Switchzilla recommends applying the patch before your Firepower boxen run for 28,224 hours.

Self-sabotaging SSDs hit the headlines in 2019 when HPE warned of disks that gave up the ghost after 32,768 hours of operation.

Note that number, because 32,768 is 2¹⁵, and therefore a value of potential significance in digital systems.

The 28,224 hours at which this bug strikes has no similar significance The Register can immediately comprehend, but neither did the 40,000-hour-mark at which SSDs self-sabotaged for HPE and Cisco in March 2020. ®

PS: Cisco today emitted its fiscal Q3 financial figures. Revenues were up seven per cent year-on-year to $12.8bn, and net income was $2.9bn, up three per cent.