Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1875
Views
5
Helpful
5
Replies

How to confirm whether Log4j patch is installed or not on ISE

Go to solution
Lucas Woo
Level 1
Level 1

‎04-19-2022 02:59 AM

Hello.


As a title, I want to know the command for confirming the Log4j patch, which is installed on Cisco Identity Services Engine(ISE).

What kind of command can achieve that ?

I need to check above status after powering on and constructing ISE appliance.


# show ???

log4j.jpg

ISE.jpg

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎04-19-2022 03:26 AM

@Lucas Woo Login to ISE CLI run the command "show logging application hotpatch.log"

It should show that 'CSCwa47133_3.1.0.518_patch1' is installed, this will confirm that the hot patch was successfully installed.

 

https://www.cisco.com/web/software/283802505/159629/README_Hotpatch_CSCwa47133_Log4j2-fix-3.1-Patch-1.txt

 

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Rob Ingram
VIP
VIP

‎04-19-2022 03:26 AM

@Lucas Woo Login to ISE CLI run the command "show logging application hotpatch.log"

It should show that 'CSCwa47133_3.1.0.518_patch1' is installed, this will confirm that the hot patch was successfully installed.

 

https://www.cisco.com/web/software/283802505/159629/README_Hotpatch_CSCwa47133_Log4j2-fix-3.1-Patch-1.txt

 

0 Helpful

Go to solution
Lucas Woo
Level 1
Level 1
In response to Rob Ingram

‎04-19-2022 03:37 AM

Hi Rob Ingram.

 

I could solve this problem with the way you told.

Thank you

0 Helpful

Go to solution
Marcelo Morais
VIP
VIP

‎04-19-2022 03:40 AM

Hi @Lucas Woo ,

 beyond what @Rob Ingram said ... please take a look at your ISE version, the CSCwa47133 ISE Evaluation log4j CVE-2021-44228 was already solved on ISE 2.7 P7 and 3.0 P5

 

Hope this helps !!!

Go to solution
Lucas Woo
Level 1
Level 1
In response to Marcelo Morais

‎04-19-2022 03:59 AM

Hi @Marcelo Morais 

Thank you for additional comment.

 

ISE version I will set up is 2.7.0 and [CSCwa47133] was already installed.
I will check whether I have to install additional patch or not.

 

Your advice helps me a lot!

0 Helpful

Go to solution
Marcelo Morais
VIP
VIP
In response to Lucas Woo

‎04-19-2022 04:09 PM

Hi @Lucas Woo ,

 remember that Patch 7 is the latest patch for ISE 2.7 (ISE Software Download) and please take a look at ISE 2.7 EoL.

 

Hope this helps !!!

0 Helpful
Customers Also Viewed These Support Documents