cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
8648
Views
70
Helpful
19
Replies

CSCwa47133 - Evaluation log4j CVE-2021-44228

Evelyn Riha
Level 1
Level 1

Are there any checks or verifications known to see if ISE was not infiltrated by someone using log4j?

19 Replies 19

Hi,

 

According to advisory, more details are yet to release. meanwhile check it below.

 

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd?emailclick=CNSemail

 

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB

sacristiano
Level 1
Level 1

Hi, in addition:

 

Which internal network hosts can exploit Cisco ISE? Any server? Or through some server that has a relationship of trust with it, but that has been compromised?

 

Thanks!

 

Hi,

This vulnerability makes it available for any user. anyone who have exploit can attack.

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB

Leo Laohoo
Hall of Fame
Hall of Fame

Patch can be found HERE.  

Release Notes (for the patch) can be found HERE.

NOTE:  Patch only apply to ISE 2.4, 2.6, 2.7 or 3.0.

Thanks !!

AnilKumar95946
Level 1
Level 1

Hi,

Do all the ISE services will be restarted as a result of this hotfix installation? Do we require a downtime to install this hotfix?. 

Great question. Following this thread for an answer.

The server will not restart, but services will, so there will definitely be some downtime:

I got this advice from TAC:

Please keep in mind that installing the hotpatch will cause a restart of the ISE services, so you will need to do it in a maintenance window after working hours to avoid any network down situation.

Hope this answers your questions

Thanks Mats! I appreciate the information!

Thanks Mats

Got the same response from TAC.

andrew_cooper
Level 1
Level 1

Also would like to know if downtime will be required.  I have never installed a "hotpatch" for ISE nor loaded any patch via CLI.  Cannot find any documentation on an ISE hotpatch

Andrew.

Please se above:

 

//Mats

AnilKumar95946
Level 1
Level 1

Hey Guys,

Anybody successfully installed the Hotfix yet. When i am installing giving me error "% Unable to unbundle the package. It should be in tar.gz file format". I am doing it correctly using command 

application install ise-apply-CSCwa47133_Ver_24_30_allpatches-SPA.tar.gz <Repository_Name>

I haven't installed the patch yet (I'll do that tonight). There's some helpful notes here https://community.cisco.com/t5/network-access-control/ise-2-7-0-356/m-p/4519950#M571744