Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
8063
Views
70
Helpful
19
Replies

CSCwa47133 - Evaluation log4j CVE-2021-44228

Evelyn Riha
Level 1
Level 1

‎12-13-2021 04:52 AM

Are there any checks or verifications known to see if ISE was not infiltrated by someone using log4j?

8 people had this problem
Labels:
19 Replies 19

Kasun Bandara
VIP
VIP

‎12-13-2021 05:02 AM

Hi,

 

According to advisory, more details are yet to release. meanwhile check it below.

 

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd?emailclick=CNSemail

 

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB

sacristiano
Level 1
Level 1

‎12-13-2021 06:55 AM

Hi, in addition:

 

Which internal network hosts can exploit Cisco ISE? Any server? Or through some server that has a relationship of trust with it, but that has been compromised?

 

Thanks!

 

0 Helpful

Kasun Bandara
VIP
VIP

‎12-13-2021 07:53 AM

Hi,

This vulnerability makes it available for any user. anyone who have exploit can attack.

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB

Leo Laohoo
Hall of Fame
Hall of Fame

‎12-15-2021 08:05 PM

Patch can be found HERE.  

Release Notes (for the patch) can be found HERE.

NOTE:  Patch only apply to ISE 2.4, 2.6, 2.7 or 3.0.

AkshayKPIT8727
Level 1
Level 1
In response to Leo Laohoo

‎12-16-2021 09:28 AM

Thanks !!

0 Helpful

AnilKumar95946
Level 1
Level 1

‎12-16-2021 04:47 AM

Hi,

Do all the ISE services will be restarted as a result of this hotfix installation? Do we require a downtime to install this hotfix?. 

lisacoody
Level 1
Level 1
In response to AnilKumar95946

‎12-16-2021 07:31 AM

Great question. Following this thread for an answer.

0 Helpful

Mats Nilson
Level 1
Level 1
In response to AnilKumar95946

‎12-16-2021 07:32 AM

The server will not restart, but services will, so there will definitely be some downtime:

I got this advice from TAC:

Please keep in mind that installing the hotpatch will cause a restart of the ISE services, so you will need to do it in a maintenance window after working hours to avoid any network down situation.

Hope this answers your questions

lisacoody
Level 1
Level 1
In response to Mats Nilson

‎12-16-2021 07:35 AM

Thanks Mats! I appreciate the information!

0 Helpful

AnilKumar95946
Level 1
Level 1
In response to Mats Nilson

‎12-16-2021 07:49 AM

Thanks Mats

Got the same response from TAC.

andrew_cooper
Level 1
Level 1

‎12-16-2021 06:03 AM

Also would like to know if downtime will be required.  I have never installed a "hotpatch" for ISE nor loaded any patch via CLI.  Cannot find any documentation on an ISE hotpatch

0 Helpful

Mats Nilson
Level 1
Level 1
In response to andrew_cooper

‎12-16-2021 07:33 AM

Andrew.

Please se above:

 

//Mats

0 Helpful

AnilKumar95946
Level 1
Level 1

‎12-16-2021 11:56 PM

Hey Guys,

Anybody successfully installed the Hotfix yet. When i am installing giving me error "% Unable to unbundle the package. It should be in tar.gz file format". I am doing it correctly using command 

application install ise-apply-CSCwa47133_Ver_24_30_allpatches-SPA.tar.gz <Repository_Name>

0 Helpful

lisacoody
Level 1
Level 1
In response to AnilKumar95946

‎12-17-2021 06:58 AM

I haven't installed the patch yet (I'll do that tonight). There's some helpful notes here https://community.cisco.com/t5/network-access-control/ise-2-7-0-356/m-p/4519950#M571744

 

0 Helpful
Customers Also Viewed These Support Documents