https://community.cisco.com/t5/cisco-bug-discussions/cscvh25988-cisco-secure-access-control-system-java/m-p/3347606#M6773 <P>Hi,</P> <P>&nbsp;</P> <P>I would like to know if these bug just apply for ACS version 5.8.x.x or it also apply for ACS version 5.1.</P> <P>&nbsp;</P> <P>Thank you in advance</P> Thu, 21 Mar 2019 04:58:58 GMT avelino01 2019-03-21T04:58:58Z https://community.cisco.com/t5/cisco-bug-discussions/cscvh25988-cisco-secure-access-control-system-java/m-p/3347606#M6773 <P>Hi,</P> <P>&nbsp;</P> <P>I would like to know if these bug just apply for ACS version 5.8.x.x or it also apply for ACS version 5.1.</P> <P>&nbsp;</P> <P>Thank you in advance</P> Thu, 21 Mar 2019 04:58:58 GMT https://community.cisco.com/t5/cisco-bug-discussions/cscvh25988-cisco-secure-access-control-system-java/m-p/3347606#M6773 avelino01 2019-03-21T04:58:58Z https://community.cisco.com/t5/cisco-bug-discussions/cscvh25988-cisco-secure-access-control-system-java/m-p/3347869#M6780 <P>Read this:&nbsp; <A href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-acs2" target="_self">Cisco Secure Access Control System Java Deserialization Vulnerability</A></P> <P>The bug affects everything from 5.8 patch 9 and below/earlier.&nbsp; The fix is found in&nbsp;<A href="https://software.cisco.com/download/release.html?mdfid=286286338&amp;flowid=83475&amp;softwareid=282766937&amp;release=5.8.0.32&amp;relind=AVAILABLE&amp;rellifecycle=&amp;reltype=latest" target="_blank">Cisco Secure ACS 5.8.0.32.9 Cumulative Patch</A>.</P> Tue, 13 Mar 2018 19:20:38 GMT https://community.cisco.com/t5/cisco-bug-discussions/cscvh25988-cisco-secure-access-control-system-java/m-p/3347869#M6780 Leo Laohoo 2018-03-13T19:20:38Z https://community.cisco.com/t5/cisco-bug-discussions/cscvh25988-cisco-secure-access-control-system-java/m-p/3347884#M6781 <P>Leo</P> <P>Thank you&nbsp;</P> <P>&nbsp;</P> <P>so, should I upgrade my version 5.1 for 5.8.0.32.9?</P> Tue, 13 Mar 2018 20:52:39 GMT https://community.cisco.com/t5/cisco-bug-discussions/cscvh25988-cisco-secure-access-control-system-java/m-p/3347884#M6781 avelino01 2018-03-13T20:52:39Z https://community.cisco.com/t5/cisco-bug-discussions/cscvh25988-cisco-secure-access-control-system-java/m-p/3350673#M6825 <P>Hello all,</P> <P>&nbsp;</P> <P>I have seen in previous post that the impacted equipment are all releases of Cisco Secure ACS prior to release 5.8 patch 9" but why in bug CSCvh25988 we only see "Cisco Secure Access Control Server Solution Engine 5.2(0.3)" is affected?</P> <P>&nbsp;</P> <P>Thanks!</P> <P>&nbsp;</P> Mon, 19 Mar 2018 09:17:21 GMT https://community.cisco.com/t5/cisco-bug-discussions/cscvh25988-cisco-secure-access-control-system-java/m-p/3350673#M6825 seris 2018-03-19T09:17:21Z https://community.cisco.com/t5/cisco-bug-discussions/cscvh25988-cisco-secure-access-control-system-java/m-p/3350712#M6826 <BLOCKQUOTE><HR /><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/108421">@avelino01</a> wrote:<BR /> <P>should I upgrade my version 5.1 for 5.8.0.32.9?</P> <HR /></BLOCKQUOTE> <P>Not my call.&nbsp;</P> <P>We are in the same boat.&nbsp; Ours is at 5.4.&nbsp;&nbsp;</P> <P>The Release Notes states that it is not an easy exercise to upgrade from 5.1 and then to 5.8.0.32.X.&nbsp; One must upgrade all the patches first before going to 5.2.&nbsp; Install the patches and upgrade to the next version, etc. etc. etc.&nbsp; So for us, we decided to migrate to ISE instead.</P> Mon, 19 Mar 2018 09:54:30 GMT https://community.cisco.com/t5/cisco-bug-discussions/cscvh25988-cisco-secure-access-control-system-java/m-p/3350712#M6826 Leo Laohoo 2018-03-19T09:54:30Z