cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4363
Views
150
Helpful
12
Replies

Cisco ISE 2.7 Patch upgrade

alinbabyy
Level 1
Level 1

Hi All - Currently we are running on ISE v2.7 patch 3 and due the latest RADIUS vulnerability need perform a patch upgrade to 6 or 7. Did anyone here installed patch 7 on ISE 2.7 version. Please let me know if any issues are reported and is it recommended to go for patch 7 or patch 6? 

12 Replies 12

I have gone through this. But there is no confirmation that the vulnerability (CVE-2022-20756) is fixed in patch 7. Also considering that patch 7 was released very recently and open & resolved caveats in patch 6 and 7 i am trying to figure out which patch would be the best option.  

Hi @alinbabyy ,

 ISE 2.7 P6 is a good patch, using it for the last 3 months.

 ISE 2.7 P7 was released on Mar 2nd, still testing in a LAB.

 

Hope this helps !!!

My Environment we are using stable patch 6 with 2.7 and ISE 3.0 patch 4 i guess

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

alinbabyy
Level 1
Level 1

Hi @Marcelo Morais and @balaji.bandi - thanks for the response. Have you observed any bugs in patch 6 so far? Because i could see many resolved caveats in patch 7. 

Not really impacting one we see, but it all depends on the features you using and the kind of deployment.

 

If you really concerned, worth opening a TAC, they can suggest you look at your deployment and config.

 

Some bugs you may encounter as cisco TAC said they fixed, so we need to bear that in mind, and you have the option to roll back patches.

 

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Okay. Thanks. 

Hi @alinbabyy ,

 for 2.7 P6 I`m using RADIUS (no TACACS+), the bugs that I observed are related to:

. RBAC Policy

CSCwa19573 - Catalina.out file is huge because of SSL audit events (solved on 2.7 P7) ... this one I opened a TAC Case months ago to solve the issue

CSCwa47133 - ISE Evaluation log4j CVE-2021-44228 (solved on 2.7 P7) ... this one I applied a Hot Patch.

 

Hope this helps !!!

What was the symptoms for the bug related to RBAC? Was that causing any impact in production? 

Hi @alinbabyy ,

 please take a look at this post Access Right in ISE.

 

Hope this helps !!!

imanv
Level 1
Level 1

Currently I have Cisco ISE 2.7 patch 6 and all features working fine.

Log4j bug also patched with Cisco instruction here :

https://www.cisco.com/web/software/283802505/159582/README_Hotpatch_CSCwa47133_Log4j2-fix-2.4-3.0.txt

 

Janne K.
Level 1
Level 1

Went on our 2.7 install with patch 3 to patch 7 two weeks ago, and everything runs smoothly.