Hi Leo,
Our Support Compatibility Matrix doesn't mention any specific versions for Cisco devices, so I believe any should work. For Cisco specifically it is important to make sure you selected the correct radio button for version when you created the Target Application. Please check your Target Application to confirm that you have selected "IOS 12.4 or higher". Assuming that is correct, you may be able to slightly modify the defaults under the "Script Processor" to get this working in your version.
There are also a few options when creating Cisco Target Accounts that may be relevant. Please check the Target Account definition for additional settings like privileged user execution options, which may be important in your environment.
If you want to troubleshoot this yourself a bit, you can increase the CA PAM Tomcat Log level to Config, reproduce this issue, then use View Recent Entries button to see the results in the Tomcat log. This should give you more info on why the password change failed. You could also get more info from the Cisco device side by setting it's SSH into debug mode and monitoring the outputs there.
If you find that there is a security problem connecting to the Cisco device, you may need to change the Target Application's SSH-2 or Telnet settings to comply with your devices expectations.
If you are still unable to rotate passwords after checking theses, you should open a support ticket to have this better looked at.
Thanks,
Christian Lutz
Support Engineer
CA Technologies - North America