06-08-2020 12:22 PM
I need assistance understanding how Cisco patches work. I received information of vulnerable versions of ISE affected are 2.2(0.471), 2.2(0.905), 2.3, 2.4, and 2.5? If I am running version 2.7, I'm good? Don't want to assume that all product updates are the same.
Solved! Go to Solution.
06-09-2020 07:44 AM - edited 06-09-2020 07:47 AM
Patches are per-release and are very clearly labeled as such in the ISE software download area:
Cisco Identity Services Engine Software Patch Version 2.7.0.356-Patch1-20033115 Apply this patch to an existing ISE 2.7.0 installation.
ise-patchbundle-2.7.0.356-Patch1-20033115.SPA.x86_64.tar.gz
ISE patches are cumulative so if you install Patch #3, it includes the contents of Patch #1 and #2.
See the respective Release Notes for what is included in a given patch:
Resolved Caveats in Cisco ISE Release 2.7.0.356 - Cumulative Patch 1
There is no ISE 2.5.
06-09-2020 05:56 AM
(moved post to Network Access Control section)
Generally speaking If the bugID doesn't indicate your newer release is affected then it is not. On versions and patches earlier than those cited in the bugID or security advisory are affected.
06-09-2020 06:28 AM
Hi @jfhq-dodin.meade.j3.mbx.j34- ,
Please check the bug details on the External link. For Example: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj62599
If it doesn't have enough information, please raise a TAC case or you can try your luck here.
06-09-2020 07:44 AM - edited 06-09-2020 07:47 AM
Patches are per-release and are very clearly labeled as such in the ISE software download area:
Cisco Identity Services Engine Software Patch Version 2.7.0.356-Patch1-20033115 Apply this patch to an existing ISE 2.7.0 installation.
ise-patchbundle-2.7.0.356-Patch1-20033115.SPA.x86_64.tar.gz
ISE patches are cumulative so if you install Patch #3, it includes the contents of Patch #1 and #2.
See the respective Release Notes for what is included in a given patch:
Resolved Caveats in Cisco ISE Release 2.7.0.356 - Cumulative Patch 1
There is no ISE 2.5.
06-09-2020 07:58 AM
Thank you, Thomas. I appreciate the prompt response and the helpful information provided. So to make sure I'm clear, if I am running this latest patch version and vulnerabilities are released affecting the versions I mentioned previously, I'm good right?
06-09-2020 04:49 PM
Bugs and vulnerabilities can affect multiple releases.
Generally, the later the version and patch, the greater the chance of these being fixed - especially security vulnerabilities.
Things fixed in patches of an older release are generally merged into a new release. This may not always happen when there are parallel releases. It can get complicated. ;-)
And, it is entirely possible that a bug/vulnerability found in 2.2 still exists in 2.7 and has never been fixed.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide