Re: CSCwa47745 - Evaluation of vmanage for Log4j RCE

mohamad.masri · ‎12-12-2021

Hi Team ,

Anyone know if these fixed releases have been published yet ? Can't find 20.7* in software downloads , latest seems to be 20.6Cisco Bug Discussions

mohamad.masri · ‎12-12-2021

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47745

Ciscouserz · ‎12-13-2021

Im running vManage 20.6.2 (the latest release) and it affected byt vulnerability, I can send an exploit successful to vManage.

cdipietro · ‎12-13-2021

According to TAC, the BU stated that fixed releases will be published by end of this week.

20.7.1

20.6.2.1

20.5.1.1

20.4.2.1

20.3.4.1

Take that with a grain of salt, things may change, but this is what I was told.

mwhisen · ‎12-13-2021

We all want patched software, but if you are on 20.3 or I think the post is 20.6 I would not increase the second point level to fix the log4j. While some of these are not yet posted on CCO. They are in flight and if you open a TAC case and escalate if it is ready then they can make it available as special file access. If you have not run into challenges on moving up point releases on vManage please be extremely careful and read the release notes.