Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3167
Views
10
Helpful
16
Replies

CSCwa47133 - ISE Evaluation log4j CVE-2021-44228

Groenigen
Level 1
Level 1

‎12-14-2021 01:58 AM

For a highly critical, severe issue, Cisco is not very responsive to the questions.

When can we expect to have a fix or workaround?

Please keep us customers informed about the progress.

3 people had this problem
Labels:
0 Helpful
16 Replies 16

Leo Laohoo
Hall of Fame
Hall of Fame

‎12-14-2021 02:24 AM

@Groenigen wrote:

Please keep us customers informed about the progress.

The security bulletin can be found here:  Vulnerability in Apache Log4j Library Affecting Cisco Products

Currently, the bulletin is updated three times daily.  

0 Helpful

Groenigen
Level 1
Level 1
In response to Leo Laohoo

‎12-14-2021 02:36 AM

Hi Leo, I know that. But on the affected product sites there are no updates and no replies to the customer questions.

 

0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame
In response to Groenigen

‎12-14-2021 02:40 AM - edited ‎12-14-2021 03:19 AM

@Groenigen wrote:

no replies to the customer questions.

If replies you want then you have but two choices:  Raise a TAC Case and/or reach out to your Cisco AM/SE.  

@Groenigen wrote:

But on the affected product sites there are no updates

Currently, this security bulletin is updated three times daily -- 1500 UTC/10:00 AM ET, 1900 UTC/2:00 PM ET, 2300 UTC/6:00 PM ET.

Next, scroll down to the bottom of the page to the Revision History section.  There list of changes to this security bulletin is listed.  

(We stood up a "crisis team" since Saturday.  We are in the same boat with everyone one board.  I would rather Cisco takes their time to address the fixes than rush an untested patch that could introduce more bugs or open more vulnerabilities.)

0 Helpful

Network_Sarovani
Level 3
Level 3

‎12-14-2021 10:11 AM

@Leo Laohoo does this impact all the version of Cisco ISE or to any specific versions only ? 

0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame
In response to Network_Sarovani

‎12-14-2021 06:37 PM

@Network_Sarovani wrote:

@Leo Laohoo does this impact all the version of Cisco ISE or to any specific versions only ? 

I am going to presume it will affect ALL Cisco ISE versions (regardless of patch number).  

For updated clarification, raise a TAC Case.

0 Helpful

engahmed1975
Level 1
Level 1

‎12-15-2021 09:10 AM - edited ‎12-15-2021 09:16 AM

I replied to main thread, sorry for the disturbance,

engahmed1975
Level 1
Level 1

‎12-15-2021 09:15 AM

Hi all,
Cisco confirmed that all ISE versions are affected and there are dates for the updates:
Hotfix for 2.4 (17 Dec 2021)
Hotfix for 2.6 (17 Dec 2021)
Hotfix for 2.7 (16 Dec 2021)
Hotfix for 3.0 (16 Dec 2021)
Hotfix for 3.1 (18 Dec 2021)

 

You can find dettails here:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd#vp

 

 

if you find it's helpfull, make it, so others can find it quickly.

 

Leo Laohoo
Hall of Fame
Hall of Fame
In response to engahmed1975

‎12-15-2021 08:02 PM - edited ‎12-15-2021 08:03 PM

Patch can be found HERE.  

Release Notes (for the patch) can be found HERE.

NOTE:  Patch only apply to ISE 2.4, 2.6, 2.7 or 3.0.

0 Helpful

adamscottmaster2013
Level 3
Level 3
In response to Leo Laohoo

‎12-16-2021 04:21 AM - edited ‎12-16-2021 04:31 AM

I opened a TAC case with Cisco regarding version 2.6 and 3.0.  The TAC engineer is absolutely clueless.  The TAC engineer told me that there is no ETA on the patch release, he didn't even know that Cisco released the patch for 2.4 - 3.0 this morning:

 

ise-apply-CSCwa47133_Ver_24_30_allpatches-SPA.tar.gz

ise-rollback-CSCwa47133_Ver_24_30_allpatches-SPA.tar.gz

 

Support from TAC is not very good

0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame
In response to adamscottmaster2013

‎12-16-2021 04:53 AM

@adamscottmaster2013 wrote:

I opened a TAC case with Cisco regarding version 2.6 and 3.0.  The TAC engineer is absolutely clueless.  The TAC engineer told me that there is no ETA on the patch release, he didn't even know that Cisco released the patch for 2.4 - 3.0 this morning:

Contact your Cisco AM/SE.

0 Helpful

adamscottmaster2013
Level 3
Level 3
In response to Leo Laohoo

‎12-16-2021 08:59 AM

I just applied the fix to my Cisco ISE 2.6 and the patch was successful installed but now I can no longer log into the ISE.  I typed in my username and password and it stuck at "loading".

 

This is not good.  You wonder how much QA has Cisco put into testing this thing.

0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame
In response to adamscottmaster2013

‎12-16-2021 01:56 PM

@adamscottmaster2013 wrote:

You wonder how much QA has Cisco put into testing this thing.

With all the panic happening around, there is not enough time to test the patches against some of the known installation variables.  

We did ours last night and we did not encounter any issues.

I recommend raising a TAC Case. 

0 Helpful

adamscottmaster2013
Level 3
Level 3
In response to Leo Laohoo

‎12-27-2021 06:11 AM

LOL... You must be working for Cisco. 

 

What you're saying is that rush out the patch and break customer systems and let the customers deal with them?

0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame
In response to adamscottmaster2013

‎12-27-2021 04:42 PM

@adamscottmaster2013 wrote:

What you're saying is that rush out the patch and break customer systems and let the customers deal with them?

No, that is not what I said. 

If the ISE cluster broke, raise a TAC Case.  

The patches did not break EVERYONE's deployment.  It only broke a few.  

@adamscottmaster2013 wrote:

You must be working for Cisco. 

No, I do not.

0 Helpful
Customers Also Viewed These Support Documents