Hello Experts !
I see that the Cisco ISE has been added to the Vulnerable products from Products under investigation.
Will there be any problem on Cisco ISE due to this so called log4j ?
Probably yes. So you need to make sure that your ISE gets patched as quickly as possible, once a patch is out. I do hope for a workaround alternatively. I can't tell you how bad this is, but I guess if you have the guest-portal active, that any person reaching this portal can take over the ISE (in the worst case).
Fix for the Log4J vulnerability is now available for Version 2.4, 2.6, 2.7, 3.0. you can get by your CCO ID.
I see the patch for ISE 2.4 was released on 17th December.
But looking at the timeline in the advisory, log4j version 2.16 has since been disclosed as vulnerable on 18th December.
Anyone know if this means we are waiting for another patch to be released?
answering my own question;
I just found the patch removes the JndiLookup class from the classpath, which also satisfies the fix in 2.17 for CVE-2021-45046
No need to patch again, yet
I noticed this thread and wanted to provide additional details about the impact of the Log4j RCE (Log4Shell) Vulnerability in Cisco Identity Services Engine (ISE) and other Cisco products.
Cisco released hotfixes that address this vulnerability in December 2021. The hotfix completely removes the JndiLookup.class from the code. In addition, Log4j will be upgraded to 2.17.0 in the next release Cisco ISE software.
Refer to the following FAQ for additional information about the hotfixes and affected ISE versions:
The Cisco Event Response page includes additional frequently asked questions about the investigation of all Cisco products and services: https://tools.cisco.com/security/center/resources/prod_svc_info_log4j.html
The Cisco Security Advisory includes the list of all Cisco products affected and is available at the following link:
Hope this helps!