I do not believe that Cisco

Christian Jorge · ‎11-01-2016

Gentlemen

Need your help, because it's not clear the affected ASA version.

ASA 5540 we take care has asa917-k8.bin.

Bug informs only affected 9.1(2) and 9.2. Last release for 9.1.x available in Cisco site is asa917-11-k8.bin.

Should I upgrade ASA version or 9.1(7) is clean for this bug?

Regards

Christian

ramccutc · ‎11-01-2016

I do not believe that Cisco has released a new IOS version to address this vulnerability.

IBMintdev · ‎11-03-2016

Hi Christian,

I have contact TAC and this was the reply:

Yes dear ,all the release of 9.2 is affected .And as you know until now there is no workaround or fix releases but the developer team still working on it. You can subscribe the bug by clicking on the save button so you will receive this bug updates.

Christian Jorge · ‎11-04-2016

Any information regarding 9.1(7) or any 9.1.x?

IBMintdev · ‎11-07-2016

The same, IOS not released yet

Ming Keat Pang · ‎11-28-2016

Good day sirs, do you guys have any update regarding the fixed version? seems the fixed release is not relevant from the download portal. Thanks

MK

IBMintdev · ‎11-29-2016

Hi Ming,

This was the last reply from Cisco, days ago, about this issue .. So still no fixed release yet

Regarding bug # CSCvb48640 the fix releases that exist in the advisory link are an engineer releases and it used to test the fix and once the fix is verified, it will be introduced in the latest releases.

Ming Keat Pang · ‎11-29-2016

Hi IBMintdev

Thanks for your reply and much appreciated.

MK

Ming Keat Pang · ‎12-22-2016

Hi IBMintdev

Wondering if you have any update from TAC regarding the release? understand from bug notes the fix is not release yet.

Merry Christmas!

Thank you

Ming Keat

IBMintdev · ‎12-23-2016

Hi Ming,

Yes, Not released yet

Marcela Rosales Aymerich · ‎01-13-2017

Hello Christian,

Software version 9.1(7.12) is available on the website and contains a fix for bug ID CSCvb48640.

An upgrade is recommended to fix this vulnerability.

You may download 9.1(7.12) version from the website:

Adaptive Security Appliance (ASA) Software

Show your appreciation by rating content and mark question as answered if it is.

Regards,

- Marcela.

Ming Keat Pang · ‎01-13-2017

Hi Marcela

We're using for version 9.4, any news for the release of 9.4.x to fix this vulnerability?

Thank you

Regards,

Ming Keat

Marcela Rosales Aymerich · ‎01-13-2017

Hi Ming,

Version 9.4.4 was released January 10th and it includes a fix for the vulnerabilities described on Bug Id CSCvb48640.

You may find the image under "Firewalls" section in Software Download for Security Products page:

https://software.cisco.com/download/navigator.html?mdfid=268438162&flowid=22661

Show your appreciation by rating content and mark question as answered if it is.

Regards,

-Marcela.

IBMintdev · ‎01-16-2017

Thank you Marcela,

below update about 9.2 and 9.6 from Cisco

This software defect is not integrated in 9.2 version yet.

It will be resolved in software version 9.2.4.19

9.2.4.19 Will be release around 03/27/2017. Or you can upgrade to version 9.6.2.8 which is expected to release around 01/30/2017

CSCvb48640 - Evaluation of pix-asa for Openssl September 2016