CSCvh25988 - Cisco Secure Access Control System Java Deserialization Vulnerability - 1
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-13-2018 07:08 AM - edited 03-20-2019 09:58 PM
Hi,
I would like to know if these bug just apply for ACS version 5.8.x.x or it also apply for ACS version 5.1.
Thank you in advance
Solved! Go to Solution.
- Labels:
-
Cisco Bugs
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-19-2018 02:54 AM
@avelino01 wrote:
should I upgrade my version 5.1 for 5.8.0.32.9?
Not my call.
We are in the same boat. Ours is at 5.4.
The Release Notes states that it is not an easy exercise to upgrade from 5.1 and then to 5.8.0.32.X. One must upgrade all the patches first before going to 5.2. Install the patches and upgrade to the next version, etc. etc. etc. So for us, we decided to migrate to ISE instead.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-13-2018 12:20 PM
Read this: Cisco Secure Access Control System Java Deserialization Vulnerability
The bug affects everything from 5.8 patch 9 and below/earlier. The fix is found in Cisco Secure ACS 5.8.0.32.9 Cumulative Patch.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-13-2018 12:39 PM - edited 03-13-2018 01:52 PM
Leo
Thank you
so, should I upgrade my version 5.1 for 5.8.0.32.9?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-19-2018 02:54 AM
@avelino01 wrote:
should I upgrade my version 5.1 for 5.8.0.32.9?
Not my call.
We are in the same boat. Ours is at 5.4.
The Release Notes states that it is not an easy exercise to upgrade from 5.1 and then to 5.8.0.32.X. One must upgrade all the patches first before going to 5.2. Install the patches and upgrade to the next version, etc. etc. etc. So for us, we decided to migrate to ISE instead.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-19-2018 02:17 AM
Hello all,
I have seen in previous post that the impacted equipment are all releases of Cisco Secure ACS prior to release 5.8 patch 9" but why in bug CSCvh25988 we only see "Cisco Secure Access Control Server Solution Engine 5.2(0.3)" is affected?
Thanks!
