Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
515
Views
5
Helpful
5
Replies

Can anyone provide me details and fix for Shell Shock vulnerability for Cisco ASA version 5?

Go to solution
jamesfluker01
Level 1
Level 1

‎03-25-2015 08:14 PM - edited ‎03-10-2019 10:35 PM

We came to know frm our compliance team that we are running into shell shock vulnerabity therefore wanted to know the fix and document..

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Tushar Bangia
Level 1
Level 1

‎03-25-2015 08:16 PM

Hi James,

 

We do have a PSIRT filed for shell shock vulnerability, please refer details below:

 

CSCur00511    ACS evaluation for CVE-2014-6271 and CVE-2014-7169

https://tools.cisco.com/bugsearch/bug/CSCur00511/?reffering_site=dumpcr

 

Here is the fixed code information for individual versions:

 

Fixed Code:
Patch for DDTS CSCur00511 is ready and available on CCO.
The patch is included in all cumulative patches from version 5.4.0.46.7/5.5.0.46.6/5.6.0.22.1 and later. We recommend that you download the latest cumulative patches.

Download from: CCO / Support / Download Software http://www.cisco.com/cisco/pub/software/portal/select.html?i=!y
Select: Security / Identity Management / Cisco Secure Access Control System / Cisco Secure Access Control System 5.4 / 5.4.0.46.0

Patch filename: 5-4-0-46-.tar.gpg
Readme and installaion instructions: Acs-5-4-0-46--Readme.txt

Download from: CCO / Support / Download Software http://www.cisco.com/cisco/pub/software/portal/select.html?i=!y
Select: Security / Identity Management / Cisco Secure Access Control System / Cisco Secure Access Control System 5.5 / 5.5.0.46

Patch filename: 5-5-0-46-.tar.gpg
Readme and installaion instructions: Acs-5-5-0-46--Readme.txt

Download from: CCO / Support / Download Software http://www.cisco.com/cisco/pub/software/portal/select.html?i=!y
Select: Security / Identity Management / Cisco Secure Access Control System / Cisco Secure Access Control System 5.6 / 5.6.0.22

Patch filename: 5-6-0-22-.tar.gpg
Readme and installaion instructions: Acs-5-6-0-22--Readme.txt

Download from: CCO / Support / Download Software http://www.cisco.com/cisco/pub/software/portal/select.html?i=!y
Select: Security / Identity Management / Cisco Secure Access Control System / Cisco Secure Access Control System 5.3 / 5.3.0.40

Patch filename: 5-3-0-40-.tar.gpg
Readme and installaion instructions: Acs-53-Readme.txt

 

Regards,

 

Tushar Bangia

 

Please do rate the post if you find it helpful!!

 

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Tushar Bangia
Level 1
Level 1

‎03-25-2015 08:16 PM

Hi James,

 

We do have a PSIRT filed for shell shock vulnerability, please refer details below:

 

CSCur00511    ACS evaluation for CVE-2014-6271 and CVE-2014-7169

https://tools.cisco.com/bugsearch/bug/CSCur00511/?reffering_site=dumpcr

 

Here is the fixed code information for individual versions:

 

Fixed Code:
Patch for DDTS CSCur00511 is ready and available on CCO.
The patch is included in all cumulative patches from version 5.4.0.46.7/5.5.0.46.6/5.6.0.22.1 and later. We recommend that you download the latest cumulative patches.

Download from: CCO / Support / Download Software http://www.cisco.com/cisco/pub/software/portal/select.html?i=!y
Select: Security / Identity Management / Cisco Secure Access Control System / Cisco Secure Access Control System 5.4 / 5.4.0.46.0

Patch filename: 5-4-0-46-.tar.gpg
Readme and installaion instructions: Acs-5-4-0-46--Readme.txt

Download from: CCO / Support / Download Software http://www.cisco.com/cisco/pub/software/portal/select.html?i=!y
Select: Security / Identity Management / Cisco Secure Access Control System / Cisco Secure Access Control System 5.5 / 5.5.0.46

Patch filename: 5-5-0-46-.tar.gpg
Readme and installaion instructions: Acs-5-5-0-46--Readme.txt

Download from: CCO / Support / Download Software http://www.cisco.com/cisco/pub/software/portal/select.html?i=!y
Select: Security / Identity Management / Cisco Secure Access Control System / Cisco Secure Access Control System 5.6 / 5.6.0.22

Patch filename: 5-6-0-22-.tar.gpg
Readme and installaion instructions: Acs-5-6-0-22--Readme.txt

Download from: CCO / Support / Download Software http://www.cisco.com/cisco/pub/software/portal/select.html?i=!y
Select: Security / Identity Management / Cisco Secure Access Control System / Cisco Secure Access Control System 5.3 / 5.3.0.40

Patch filename: 5-3-0-40-.tar.gpg
Readme and installaion instructions: Acs-53-Readme.txt

 

Regards,

 

Tushar Bangia

 

Please do rate the post if you find it helpful!!

 

0 Helpful

Go to solution
jamesfluker01
Level 1
Level 1
In response to Tushar Bangia

‎03-25-2015 08:17 PM

Thanks for info man!!

 

This is helpful..

0 Helpful

Go to solution
jamesfluker01
Level 1
Level 1
In response to Tushar Bangia

‎03-25-2015 08:19 PM

Please do share the link for patch!!

0 Helpful

Go to solution
Tushar Bangia
Level 1
Level 1
In response to jamesfluker01

‎03-25-2015 08:22 PM

Here is the link for ACS 5.5!!

 

https://software.cisco.com/download/release.html?mdfid=285954966&flowid=73107&softwareid=282766937&release=5.5.0.46&relind=AVAILABLE&rellifecycle=&reltype=latest

Go to solution
jamesfluker01
Level 1
Level 1
In response to Tushar Bangia

‎03-25-2015 08:23 PM

Thx mayte!!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents