cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
156
Views
0
Helpful
1
Replies
Beginner

Failed upgrade CISCO IOS XE version 16.06.06 to 16.09.04 on #CISCO CSR 1000v

We are leveraging 2 CISCO CSRs 1000V in a transit VPC setting to support our VPNs connection. Our Nessus scanner is reporting the following vulnerability: Cisco REST API Container for IOS XE Software Authentication Bypass Vulnerability , the suggested solution is to upgrade the CISCO IOS XE from our actual version 16.06.06 Everest to the version 16.09.04 Fuji  and the API container to the version 16.09.03 which seems to be fixed version. We attempted the upgrade from version 16.06.06 Everest to the version 16.09.04 Fuji, and it failed; after multiple reload, our systems remained unreachable through the VPNs, and the REST API container package was not updated,so we rolled back the upgrade, and this  restored VPNs activity. 

1. What is the upgrade path from the CISCO IOS XE version 16.06.06 Everest to the version 16.09.04 Fuji ?

2. The vulnerability is still being reported, and after running the cmd # show virtual-interface detail ; the csr_mgmt state appears to be "Activate Failed" which lead us to believe that we might not actually need it. We would like to know what would be the impact if we decided to get rid of this vulnerable module ( .ova file located in the bootflash directory). Also what will be the impact if we upgraded only the  csr_mgmt (.ova file) and did not upgrade the CISCO IOS software. Thanks.

1 REPLY 1
VIP Advisor

Re: Failed upgrade CISCO IOS XE version 16.06.06 to 16.09.04 on #CISCO CSR 1000v

For upgrade path its best to read the release notes of the version you want to go to. This will tell you if the upgrade is stepped or not
Please remember to rate useful posts, by clicking on the stars below.

CreatePlease to create content
Content for Community-Ad
August's Community Spotlight Awards