Solved: Re: CSCvh25988 - Cisco Secure Access Control System Java Deserialization Vulnerability - 1

avelino01 · ‎03-13-2018

Hi,

I would like to know if these bug just apply for ACS version 5.8.x.x or it also apply for ACS version 5.1.

Thank you in advance

Leo Laohoo · ‎03-19-2018

@avelino01 wrote:

should I upgrade my version 5.1 for 5.8.0.32.9?

Not my call.

We are in the same boat. Ours is at 5.4.

The Release Notes states that it is not an easy exercise to upgrade from 5.1 and then to 5.8.0.32.X. One must upgrade all the patches first before going to 5.2. Install the patches and upgrade to the next version, etc. etc. etc. So for us, we decided to migrate to ISE instead.

View solution in original post

Leo Laohoo · ‎03-13-2018

Read this: Cisco Secure Access Control System Java Deserialization Vulnerability

The bug affects everything from 5.8 patch 9 and below/earlier. The fix is found in Cisco Secure ACS 5.8.0.32.9 Cumulative Patch.

avelino01 · ‎03-13-2018

Leo

Thank you

so, should I upgrade my version 5.1 for 5.8.0.32.9?

Leo Laohoo · ‎03-19-2018

@avelino01 wrote:

should I upgrade my version 5.1 for 5.8.0.32.9?

Not my call.

We are in the same boat. Ours is at 5.4.

The Release Notes states that it is not an easy exercise to upgrade from 5.1 and then to 5.8.0.32.X. One must upgrade all the patches first before going to 5.2. Install the patches and upgrade to the next version, etc. etc. etc. So for us, we decided to migrate to ISE instead.

seris · ‎03-19-2018

Hello all,

I have seen in previous post that the impacted equipment are all releases of Cisco Secure ACS prior to release 5.8 patch 9" but why in bug CSCvh25988 we only see "Cisco Secure Access Control Server Solution Engine 5.2(0.3)" is affected?

Thanks!