topic Re: Cisco ISE 3.2 hotpatch installation to address CSCwk61938 OpenSSH in Network Access Control https://community.cisco.com/t5/network-access-control/cisco-ise-3-2-hotpatch-installation-to-address-cscwk61938/m-p/5162375#M591278 <P>I have not applied any hotpatches for CVE's since my ISE deployments are all intranet-facing devices. I will rather wait for the next regular patches and apply those. I reserve the use of hotpatches for things that fix a burning issue that can affect my users. Not saying it's wrong to apply an openssh patch - but this CVE IMHO does not warrant a hotpatch, And generally, applying a hotpatch should not break your ISE deployment, since they are only replacing a very small thing in ISE.&nbsp;</P> <P>If you're still unsure, patch one lab node (and then one production node) and then always test your services before proceeding to the next nodes. I use that methodology all the time and it's never let me down&nbsp;</P> Sun, 18 Aug 2024 20:32:13 GMT Arne Bier 2024-08-18T20:32:13Z Cisco ISE 3.2 hotpatch installation to address CSCwk61938 OpenSSH https://community.cisco.com/t5/network-access-control/cisco-ise-3-2-hotpatch-installation-to-address-cscwk61938/m-p/5161749#M591258 <P>Please confirm any reported issues with the hotpatch installed for fixing the&nbsp;CSCwk61938 (OpenSSH CVE-2024-6387 "regreSSHion" vulnerability). Our ISE version Cisco ISE 3.2 patch 5.</P> Fri, 16 Aug 2024 10:16:42 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-3-2-hotpatch-installation-to-address-cscwk61938/m-p/5161749#M591258 Gouthami Nair 2024-08-16T10:16:42Z Re: Cisco ISE 3.2 hotpatch installation to address CSCwk61938 OpenSSH https://community.cisco.com/t5/network-access-control/cisco-ise-3-2-hotpatch-installation-to-address-cscwk61938/m-p/5162375#M591278 <P>I have not applied any hotpatches for CVE's since my ISE deployments are all intranet-facing devices. I will rather wait for the next regular patches and apply those. I reserve the use of hotpatches for things that fix a burning issue that can affect my users. Not saying it's wrong to apply an openssh patch - but this CVE IMHO does not warrant a hotpatch, And generally, applying a hotpatch should not break your ISE deployment, since they are only replacing a very small thing in ISE.&nbsp;</P> <P>If you're still unsure, patch one lab node (and then one production node) and then always test your services before proceeding to the next nodes. I use that methodology all the time and it's never let me down&nbsp;</P> Sun, 18 Aug 2024 20:32:13 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-3-2-hotpatch-installation-to-address-cscwk61938/m-p/5162375#M591278 Arne Bier 2024-08-18T20:32:13Z