cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

CSCwa47133 - ISE Evaluation log4j CVE-2021-44228

Network_Sarovani
Beginner
Beginner

We have below ISE version installed  , Can someone confirm if this is impacted ?

 

 

Version  : 2.6.0.156
ADE-OS Version  : 3.0.5.144




8 REPLIES 8

j.hammel
Beginner
Beginner

Yes.  According to https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47133, 2.6.0.156 is affected.  Syntax is a little different on the CSC page as it is listed as 002.006(000.156) but I'd assume this is the same as "2.6.0.156". 

We have a older version 2.2.0.470, Its not listed in affected products. Will that be affected as well ?

My guess is yes.  Anything on the 2.X version would be affected based on what I'm reading but please don't quote me on that.  Although Cisco does a great job researching and communicating this information, I've seen many bugs impact IOS versions that are not listed in the 'affected releases' section.  It is still too early to tell.  I'm watching hourly to see if/when there are some updates to this one.  Best of luck!

Thank you !!!

What's funny is that they have now locked down access to this bug id and you can not view it.

 

We have hotfix to fix log4j on the below version right ?

 

Version  : 2.6.0.156

 

2.4 - 3.0: https://software.cisco.com/download/home/283801620/type/283802505/release/Log4j2-fix-2.4-3.0


@Network_Sarovani wrote:

We have hotfix to fix log4j on the below version right ?

 

Version  : 2.6.0.156

 

2.4 - 3.0: https://software.cisco.com/download/home/283801620/type/283802505/release/Log4j2-fix-2.4-3.0


Yes.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: