cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
316
Views
2
Helpful
7
Replies

Cisco ISE Unauthenticated Remote Code Execution Vulnerabilities

Cisco Identity Services Engine Unauthenticated Remote Code Execution Vulnerabilities

It stated that:  "If Cisco ISE is running Release 3.3 Patch 6, additional fixes are available in Release 3.3 Patch 7, and the device must be upgraded".   What the hell does this even mean "must be upgraded"? 

I just patched my ISE system from 3.3 patch-4 to 3.3 patch-6 three days.  

Can someone clarify this?  TIA

7 Replies 7

balaji.bandi
Hall of Fame
Hall of Fame

yes even you patched yesterday, you need to patch today to be secure. (i know its not a great practice, this what it is now a days).

We all are in same boat.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Hi @balaji.bandi:  What does this statement mean "If Cisco ISE is running Release 3.3 Patch 6, additional fixes are available in Release 3.3 Patch 7, and the device must be upgraded."  What does Cisco mean when it says "upgraded" as oppose to "fresh install"?

As per i know there is no need of fresh install  you can just patch on top of the patch, patch 7 recent security fix.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

That is my understanding as well, but I question why Cisco put in that statement in the first place.  Something doesn't seem right.

They are just using the term upgrading in a sense of patching. In this case upgrade means installing patch 7 as patches are always installed.

I know it's frustrating, but as @balaji.bandi also said.. it is what it is and we are all in the same boat.

They found a new security breach and released a patch to fix it - that sometimes happens multiple times shortly after another..

I totally understand customer point of view, but being security product, they may have found later security vulnerability , they release patch, this what software industry, since as a consumer we expect fast phasing new feature every when and then.

patch not much time to apply, but planning is takes time and if this is single node required small maintenance window, if the deployment is distributed  then you have better options.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

No hotfix, just a patch upgrade.... sigh...