12-16-2021 07:30 AM - edited 12-16-2021 11:37 AM
ISE 3.1 ( 3.001(000.518) a/k/a 3.1.0.518) is listed as vulnerable, and the current patch that is available is showing for ISE 2.4-3.0. When will an ISE 3.1 patch become available?
Also, a public service announcement: the 3.0 patch doesn't work on ISE 3.1 in case you get impatient like me.
I attempted to install 2.4-3.0 patch on ISE 3.1, and the install worked, but ISE wouldn't start after the install with the following error:
PAN01/admin# application start ise % Error: ISE Integrity Check Failed! One or more ISE program files appears to % be tampered with. Check system log for specific error(s). % Application failed to start
ISE Started without issue after rollback of the patch.
Solved! Go to Solution.
12-17-2021 04:25 PM - edited 12-17-2021 04:31 PM
@rpmoyer93 wrote:
Getting pretty late in the day for the east coast here for a release of the patch for 3.1. Is this still expected today or should we be watching over the weekend?
ISE 3.1 Patch 1 is now available and can be found HERE.
ISE 3.1 Patch 1 Release Notes can be found HERE.
NOTE: Applying ISE 3.1 Patch 1 will restart the services.
12-16-2021 01:46 PM
In fairness to Cisco, they did say that the patch was for ISE 2.4 through 3.0 - perhaps it's already fixed in ISE 3.1? Or they have not yet got around to fixing it. Or perhaps ISE 3.1 doesn't use this Apache library? Who knows.
Nice try though
12-16-2021 03:04 PM - edited 12-16-2021 03:14 PM
Raise a TAC Case.
Latest update to the Vulnerabilities in Apache Log4j Library Affecting Cisco Products security bulletin (update 1.19) has stated hotfix for ISE 3.1 to be available on 17 December 2021.
12-17-2021 01:33 PM
Getting pretty late in the day for the east coast here for a release of the patch for 3.1. Is this still expected today or should we be watching over the weekend?
12-17-2021 04:25 PM - edited 12-17-2021 04:31 PM
@rpmoyer93 wrote:
Getting pretty late in the day for the east coast here for a release of the patch for 3.1. Is this still expected today or should we be watching over the weekend?
ISE 3.1 Patch 1 is now available and can be found HERE.
ISE 3.1 Patch 1 Release Notes can be found HERE.
NOTE: Applying ISE 3.1 Patch 1 will restart the services.
12-27-2021 05:56 AM
What order should I use to patch my ise deployment w/ the log4j fix. Admin nodes, then mnt, then psn, etc...?
12-27-2021 08:11 AM
- The order is not important , and or also check this thread :
M.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide