Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3156
Views
0
Helpful
5
Replies

Cisco Identity Services Engine

Go to solution
jfhq-dodin.meade.j3.mbx.j34-
Level 1
Level 1

‎06-08-2020 12:22 PM

I need assistance understanding how Cisco patches work. I received information of vulnerable versions of ISE affected are 2.2(0.471), 2.2(0.905), 2.3, 2.4, and 2.5? If I am running version 2.7, I'm good? Don't want to assume that all product updates are the same.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
thomas
Cisco Employee
Cisco Employee

‎06-09-2020 07:44 AM - edited ‎06-09-2020 07:47 AM

Patches are per-release and are very clearly labeled as such in the ISE software download area:

Cisco Identity Services Engine Software Patch Version 2.7.0.356-Patch1-20033115 Apply this patch to an existing ISE 2.7.0 installation.
ise-patchbundle-2.7.0.356-Patch1-20033115.SPA.x86_64.tar.gz

ISE patches are cumulative so if you install Patch #3, it includes the contents of Patch #1 and #2.

See the respective Release Notes for what is included in a given patch:

Resolved Caveats in Cisco ISE Release 2.7.0.356 - Cumulative Patch 1

There is no ISE 2.5.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎06-09-2020 05:56 AM

(moved post to Network Access Control section)

Generally speaking If the bugID doesn't indicate your newer release is affected then it is not. On versions and patches earlier than those cited in the bugID or security advisory are affected.

0 Helpful

Go to solution
Anurag Sharma
Cisco Employee
Cisco Employee

‎06-09-2020 06:28 AM

Hi @jfhq-dodin.meade.j3.mbx.j34- ,

Please check the bug details on the External link. For Example: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj62599

If it doesn't have enough information, please raise a TAC case or you can try your luck here.

Hope that helps!
Please 'RATE' and 'MARK ACCEPTED', if applicable.
0 Helpful

Go to solution
thomas
Cisco Employee
Cisco Employee

‎06-09-2020 07:44 AM - edited ‎06-09-2020 07:47 AM

Patches are per-release and are very clearly labeled as such in the ISE software download area:

Cisco Identity Services Engine Software Patch Version 2.7.0.356-Patch1-20033115 Apply this patch to an existing ISE 2.7.0 installation.
ise-patchbundle-2.7.0.356-Patch1-20033115.SPA.x86_64.tar.gz

ISE patches are cumulative so if you install Patch #3, it includes the contents of Patch #1 and #2.

See the respective Release Notes for what is included in a given patch:

Resolved Caveats in Cisco ISE Release 2.7.0.356 - Cumulative Patch 1

There is no ISE 2.5.

0 Helpful

Go to solution
jfhq-dodin.meade.j3.mbx.j34-
Level 1
Level 1
In response to thomas

‎06-09-2020 07:58 AM

Thank you, Thomas. I appreciate the prompt response and the helpful information provided. So to make sure I'm clear, if I am running this latest patch version and vulnerabilities are released affecting the versions I mentioned previously, I'm good right?

 

0 Helpful

Go to solution
thomas
Cisco Employee
Cisco Employee
In response to jfhq-dodin.meade.j3.mbx.j34-

‎06-09-2020 04:49 PM

Bugs and vulnerabilities can affect multiple releases.

Generally, the later the version and patch, the greater the chance of these being fixed - especially security vulnerabilities.

Things fixed in patches of an older release are generally merged into a new release. This may not always happen when there are parallel releases. It can get complicated. ;-)

And, it is entirely possible that a bug/vulnerability found in 2.2 still exists in 2.7 and has never been fixed.

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents