Solved: ISE UPgrade for CSCvd49829

lnorman · ‎03-15-2017

Ok, WTH does this mean: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvd49829

Releases 1.2, 1.3, 1.4 and 2.x are affected. A hot patch for these releases will be provided by the 18th of March.
The hot patch will only work on the latest release for each train. Customers need to upgrade to the latest release before applying the patch

Customers run 2.0 patch 4, is that the ‘latest release for that train’? Or are they demanding 2.2? Or 2.0.1? Or, we have to wait until March 18^th to find out?

Charlie Moreton · ‎03-16-2017

This means that you have to be running the latest patch for your version.

ISE 2.0 Patch 4

ISE 2.0.1 Patch 3

ISE 2.1 Patch 3

ISE 2.2 No Current Patches

You do NOT have to upgrade your version of ISE to install the Hotfix.

View solution in original post

Charlie Moreton · ‎03-16-2017

This means that you have to be running the latest patch for your version.

ISE 2.0 Patch 4

ISE 2.0.1 Patch 3

ISE 2.1 Patch 3

ISE 2.2 No Current Patches

You do NOT have to upgrade your version of ISE to install the Hotfix.

lnorman · ‎03-16-2017

Thanks Charles!

Lou

gtilburg · ‎03-20-2017

Hi,

March 18 has passed, where can the hot patch be found?

Thanks

Gert

Jason Kunst · ‎03-20-2017

what version of ISE?

Jason Kunst · ‎03-20-2017

seems like multiple threads about this same defect

see this one

Re: CSCvd49829

hslai · ‎03-20-2017

No need to open TAC cases for this. The patches will be available at CCO. Please see the ISE entry @ Apache Struts2 Jakarta Multipart Parser File Upload Code Execution Vulnerability Affecting Cisco Products to track its availability.

peng083411147 · ‎03-22-2017

My customer uses ISE version 1.2.1.198 ,is that the ‘latest release for that train’?

and I haven't installed all patch Version ,Do I need to install the latest patch?

thank you

cheer

Jason Kunst · ‎03-23-2017

Yes you will need to update to latest patch.

http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/release_notes/ise12_rn.html#pgfId-637191

Also work with them to get off ISE 1.2

http://www.cisco.com/c/en/us/products/collateral/security/identity-services-engine/eos-eol-notice-c51-736297.html

peng083411147 · ‎03-23-2017

HI Jason,

My customer uses ISE version 1.2.1.198 ,is that the ‘latest release for that train’?

Do I need to upgrade the version before I install install the latest patch?

THANK YOU

Jason Kunst · ‎03-24-2017

As stated before please refer to the release notes, patch 8 is the latest patch and yes you will need to install that, 1.2.1.198 is the version of ISE not the patch version, please again read the release notes

http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/release_notes/ise12_rn.html#pgfId-637191

peng083411147 · ‎03-24-2017

OK,Thank you for your patience

Releases 1.2, 1.3, 1.4 and 2.x are affected. A hot patch for these releases will be provided by the 24th of March.

but I don't find the hot patch in cisco.com

hslai · ‎03-24-2017

Refresh the browser? They are under Struts2-CVE-Fixes.

peng083411147 · ‎03-25-2017

execuse me,My customer users ISE version 1.2.1.198

but, I don't find the hot patch for this version?

only have Ftruts2Fix-1.3to14. and Struts2Fix-2.0to2.2.

So ,do I need to upgrade to version 1.3 before installing the patch?

Thanks

hslai · ‎03-25-2017

To patch ISE 1.2.x needs Cisco TAC assistant. Please open a TAC case, if not already done.