https://community.cisco.com/t5/network-access-control/cisco-ise-unauthenticated-remote-code-execution-vulnerabilities/m-p/5311613#M597373 <P>As per i know there is no need of fresh install&nbsp; you can just patch on top of the patch, patch 7 recent security fix.</P> <P>&nbsp;</P> Sun, 20 Jul 2025 21:36:53 GMT balaji.bandi 2025-07-20T21:36:53Z https://community.cisco.com/t5/network-access-control/cisco-ise-unauthenticated-remote-code-execution-vulnerabilities/m-p/5311595#M597368 <P><A href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-rce-ZAd2GnJ6" target="_blank">Cisco Identity Services Engine Unauthenticated Remote Code Execution Vulnerabilities</A></P><P>It stated that:&nbsp; "If Cisco ISE is running&nbsp;<STRONG>Release 3.3 Patch 6</STRONG>, additional fixes are available in&nbsp;<STRONG>Release 3.3 Patch 7</STRONG>, and the device must be upgraded".&nbsp; &nbsp;What the hell does this even mean "must be upgraded"?&nbsp;</P><P>I just patched my ISE system from 3.3 patch-4 to 3.3 patch-6 three days.&nbsp;&nbsp;</P><P>Can someone clarify this?&nbsp; TIA</P> Sun, 20 Jul 2025 19:32:12 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-unauthenticated-remote-code-execution-vulnerabilities/m-p/5311595#M597368 adamscottmaster2013 2025-07-20T19:32:12Z https://community.cisco.com/t5/network-access-control/cisco-ise-unauthenticated-remote-code-execution-vulnerabilities/m-p/5311603#M597369 <P>yes even you patched yesterday, you need to patch today to be secure. (i know its not a great practice, this what it is now a days).</P> <P>We all are in same boat.</P> <P>&nbsp;</P> Sun, 20 Jul 2025 20:01:29 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-unauthenticated-remote-code-execution-vulnerabilities/m-p/5311603#M597369 balaji.bandi 2025-07-20T20:01:29Z https://community.cisco.com/t5/network-access-control/cisco-ise-unauthenticated-remote-code-execution-vulnerabilities/m-p/5311609#M597371 <P>Hi&nbsp;<a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/286878">@balaji.bandi</a>:&nbsp; What does this statement mean "<SPAN>If Cisco ISE is running&nbsp;</SPAN><EM>Release 3.3 Patch 6</EM><SPAN>, additional fixes are available in&nbsp;</SPAN><EM>Release 3.3 Patch 7</EM><SPAN>, and <STRONG><EM>the device must be upgraded</EM></STRONG>."&nbsp; What does Cisco mean when it says "upgraded" as oppose to "fresh install"?</SPAN></P> Sun, 20 Jul 2025 20:34:54 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-unauthenticated-remote-code-execution-vulnerabilities/m-p/5311609#M597371 adamscottmaster2013 2025-07-20T20:34:54Z https://community.cisco.com/t5/network-access-control/cisco-ise-unauthenticated-remote-code-execution-vulnerabilities/m-p/5311613#M597373 <P>As per i know there is no need of fresh install&nbsp; you can just patch on top of the patch, patch 7 recent security fix.</P> <P>&nbsp;</P> Sun, 20 Jul 2025 21:36:53 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-unauthenticated-remote-code-execution-vulnerabilities/m-p/5311613#M597373 balaji.bandi 2025-07-20T21:36:53Z https://community.cisco.com/t5/network-access-control/cisco-ise-unauthenticated-remote-code-execution-vulnerabilities/m-p/5311614#M597374 <P>That is my understanding as well, but I question why Cisco put in that statement in the first place.&nbsp; Something doesn't seem right.</P> Sun, 20 Jul 2025 21:50:30 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-unauthenticated-remote-code-execution-vulnerabilities/m-p/5311614#M597374 adamscottmaster2013 2025-07-20T21:50:30Z https://community.cisco.com/t5/network-access-control/cisco-ise-unauthenticated-remote-code-execution-vulnerabilities/m-p/5311616#M597375 <P>They are just using the term upgrading in a sense of patching. In this case upgrade means installing patch 7 as patches are always installed.</P> <P>I know it's frustrating, but as <a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/286878">@balaji.bandi</a>&nbsp;also said.. it is what it is and we are all in the same boat.</P> <P>They found a new security breach and released a patch to fix it - that sometimes happens multiple times shortly after another..</P> Sun, 20 Jul 2025 22:20:05 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-unauthenticated-remote-code-execution-vulnerabilities/m-p/5311616#M597375 julian.bendix 2025-07-20T22:20:05Z https://community.cisco.com/t5/network-access-control/cisco-ise-unauthenticated-remote-code-execution-vulnerabilities/m-p/5311657#M597382 <P>I totally understand customer point of view, but being security product, they may have found later security vulnerability , they release patch, this what software industry, since as a consumer we expect fast phasing new feature every when and then.</P> <P>patch not much time to apply, but planning is takes time and if this is single node required small maintenance window, if the deployment is distributed&nbsp; then you have better options.</P> Mon, 21 Jul 2025 07:01:23 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-unauthenticated-remote-code-execution-vulnerabilities/m-p/5311657#M597382 balaji.bandi 2025-07-21T07:01:23Z https://community.cisco.com/t5/network-access-control/cisco-ise-unauthenticated-remote-code-execution-vulnerabilities/m-p/5311871#M597390 <P>No hotfix, just a patch upgrade.... sigh...</P> Mon, 21 Jul 2025 13:24:30 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-unauthenticated-remote-code-execution-vulnerabilities/m-p/5311871#M597390 WLRK.Infrastructure 2025-07-21T13:24:30Z