Solved: Re: ESA 14.0.0-692 and Python

dbl · ‎05-19-2021

The Python that is installed, is on version 2.6.4, which is end of life and not supported anymore, so it flags in vulnerability scans. Is there any plans for the ESAs to use a supported or latest (3.8) version of Python?

SriramV · ‎05-19-2021

Currently planned Python 3.x in ESA 15.0, exact version details are still being worked out.

View solution in original post

Ken Stieers · ‎05-19-2021

Curious, which vuln scanner are you using?

dbl · ‎05-19-2021

Tenable.sc. The ESA is flagging on this plugin/vuln: https://www.tenable.com/plugins/nessus/148367

SriramV · ‎05-19-2021

Cisco continue to fix CVE that reported until the Python is upgrade to version 3.0

SriramV · ‎05-19-2021

Python upgrade to 3.0 is planned as part of 15.0 release

dbl · ‎05-19-2021

Do you mean 3.6? Anything before 3.6 is end of life.

SriramV · ‎05-19-2021

Currently planned Python 3.x in ESA 15.0, exact version details are still being worked out.

dbl · ‎05-19-2021

Thanks. Do you know when ESA 15.0 is expected to release?

SriramV · ‎05-20-2021

Not sure, based on previous releases, ESA15.0 expected to be released in Dec or Jan or Feb

JPW119922 · ‎07-13-2021

So just to be sure I'm understanding this correctly ... Cisco is running an outdated version of Python that is no longer supported (this fact should have been known for some time if SDLC principles were being applied) and is not planning on fixing this until December?

Robert Sherwin · ‎07-14-2021

I have posted the following Blog as well - https://community.cisco.com/t5/security-blogs/python-on-secure-email-vulnerability-concerns-july-2021/ba-p/4433037

Please see here for more information.

Cheers,
Robert Sherwin

svgeorgi · ‎05-20-2021

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx65163

dbl · ‎05-20-2021

Thank you