Re: CSCwa47133 - ISE Evaluation log4j CVE-2021-44228

Network_Sarovani · ‎12-14-2021

We have below ISE version installed , Can someone confirm if this is impacted ?

Version : 2.6.0.156
ADE-OS Version : 3.0.5.144

j.hammel · ‎12-14-2021

Yes. According to https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47133, 2.6.0.156 is affected. Syntax is a little different on the CSC page as it is listed as 002.006(000.156) but I'd assume this is the same as "2.6.0.156".

ganeshit03 · ‎12-14-2021

We have a older version 2.2.0.470, Its not listed in affected products. Will that be affected as well ?

j.hammel · ‎12-14-2021

My guess is yes. Anything on the 2.X version would be affected based on what I'm reading but please don't quote me on that. Although Cisco does a great job researching and communicating this information, I've seen many bugs impact IOS versions that are not listed in the 'affected releases' section. It is still too early to tell. I'm watching hourly to see if/when there are some updates to this one. Best of luck!

ganeshit03 · ‎12-14-2021

Thank you !!!

AdamF1 · ‎12-16-2021

What's funny is that they have now locked down access to this bug id and you can not view it.

Leo Laohoo · ‎12-14-2021

Network_Sarovani · ‎01-10-2022

We have hotfix to fix log4j on the below version right ?

Version : 2.6.0.156

2.4 - 3.0: https://software.cisco.com/download/home/283801620/type/283802505/release/Log4j2-fix-2.4-3.0

Leo Laohoo · ‎01-10-2022

@Network_Sarovani wrote:

We have hotfix to fix log4j on the below version right ?

Version : 2.6.0.156

2.4 - 3.0: https://software.cisco.com/download/home/283801620/type/283802505/release/Log4j2-fix-2.4-3.0

Yes.