cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

2257
Views
0
Helpful
5
Replies

Cisco Identity Services Engine

I need assistance understanding how Cisco patches work. I received information of vulnerable versions of ISE affected are 2.2(0.471), 2.2(0.905), 2.3, 2.4, and 2.5? If I am running version 2.7, I'm good? Don't want to assume that all product updates are the same.

1 ACCEPTED SOLUTION

Accepted Solutions
thomas
Cisco Employee

Patches are per-release and are very clearly labeled as such in the ISE software download area:

Cisco Identity Services Engine Software Patch Version 2.7.0.356-Patch1-20033115 Apply this patch to an existing ISE 2.7.0 installation.
ise-patchbundle-2.7.0.356-Patch1-20033115.SPA.x86_64.tar.gz

ISE patches are cumulative so if you install Patch #3, it includes the contents of Patch #1 and #2.

See the respective Release Notes for what is included in a given patch:

Resolved Caveats in Cisco ISE Release 2.7.0.356 - Cumulative Patch 1

There is no ISE 2.5.

View solution in original post

5 REPLIES 5
Marvin Rhoads
VIP Community Legend

(moved post to Network Access Control section)

Generally speaking If the bugID doesn't indicate your newer release is affected then it is not. On versions and patches earlier than those cited in the bugID or security advisory are affected.

Anurag Sharma
Cisco Employee

Hi @jfhq-dodin.meade.j3.mbx.j34- ,

Please check the bug details on the External link. For Example: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj62599

If it doesn't have enough information, please raise a TAC case or you can try your luck here.

Hope that helps!
Please 'RATE' and 'MARK ACCEPTED', if applicable.
thomas
Cisco Employee

Patches are per-release and are very clearly labeled as such in the ISE software download area:

Cisco Identity Services Engine Software Patch Version 2.7.0.356-Patch1-20033115 Apply this patch to an existing ISE 2.7.0 installation.
ise-patchbundle-2.7.0.356-Patch1-20033115.SPA.x86_64.tar.gz

ISE patches are cumulative so if you install Patch #3, it includes the contents of Patch #1 and #2.

See the respective Release Notes for what is included in a given patch:

Resolved Caveats in Cisco ISE Release 2.7.0.356 - Cumulative Patch 1

There is no ISE 2.5.

View solution in original post

Thank you, Thomas. I appreciate the prompt response and the helpful information provided. So to make sure I'm clear, if I am running this latest patch version and vulnerabilities are released affecting the versions I mentioned previously, I'm good right?

 

Bugs and vulnerabilities can affect multiple releases.

Generally, the later the version and patch, the greater the chance of these being fixed - especially security vulnerabilities.

Things fixed in patches of an older release are generally merged into a new release. This may not always happen when there are parallel releases. It can get complicated. ;-)

And, it is entirely possible that a bug/vulnerability found in 2.2 still exists in 2.7 and has never been fixed.

 

Create
Recognize Your Peers
Content for Community-Ad

ISE Webinars



Did you miss a previous ISE webinar?

CiscoISE YouTube Channel