12-13-2021 12:04 AM
Hello Experts !
I see that the Cisco ISE has been added to the Vulnerable products from Products under investigation.
Will there be any problem on Cisco ISE due to this so called log4j ?
12-13-2021 12:52 AM
The list of affected products can be found here: Vulnerability in Apache Log4j Library Affecting Cisco Products
Fixes are not yet out.
12-13-2021 05:01 AM
Probably yes. So you need to make sure that your ISE gets patched as quickly as possible, once a patch is out. I do hope for a workaround alternatively. I can't tell you how bad this is, but I guess if you have the guest-portal active, that any person reaching this portal can take over the ISE (in the worst case).
12-16-2021 10:54 AM
Fix for the Log4J vulnerability is now available for Version 2.4, 2.6, 2.7, 3.0. you can get by your CCO ID.
12-19-2021 08:47 PM
We are version 2.0 of the ISE model SNS-3415.
2.0 version not support patching to resolve vulnerabilities?
12-19-2021 09:34 PM
@Louis-B wrote:
2.0 version not support patching to resolve vulnerabilities?
No, it does not.
12-21-2021 08:36 AM
I see the patch for ISE 2.4 was released on 17th December.
But looking at the timeline in the advisory, log4j version 2.16 has since been disclosed as vulnerable on 18th December.
Anyone know if this means we are waiting for another patch to be released?
12-21-2021 08:55 AM
answering my own question;
I just found the patch removes the JndiLookup class from the classpath, which also satisfies the fix in 2.17 for CVE-2021-45046
No need to patch again, yet
01-27-2022 11:55 AM
Hello,
I noticed this thread and wanted to provide additional details about the impact of the Log4j RCE (Log4Shell) Vulnerability in Cisco Identity Services Engine (ISE) and other Cisco products.
Cisco released hotfixes that address this vulnerability in December 2021. The hotfix completely removes the JndiLookup.class from the code. In addition, Log4j will be upgraded to 2.17.0 in the next release Cisco ISE software.
Refer to the following FAQ for additional information about the hotfixes and affected ISE versions:
https://www.cisco.com/c/dam/en/us/products/se/2021/12/Collateral/ise-log4j-faq.pdf
The Cisco Event Response page includes additional frequently asked questions about the investigation of all Cisco products and services: https://tools.cisco.com/security/center/resources/prod_svc_info_log4j.html
The Cisco Security Advisory includes the list of all Cisco products affected and is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd
Hope this helps!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide