Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
24615
Views
95
Helpful
38
Replies

ISE 2.7.0.356

Go to solution
ganeshwaree.ramburruth
Level 1
Level 1

‎12-12-2021 07:59 PM

Hello, 

Could someone please advise which version of ISE is not affected by the log4j vulnerability?

What is the workaround if any ?

 

Cheers, 

Gan

 

5 people had this problem
0 Helpful
38 Replies 38

Go to solution
AigarsK
Level 1
Level 1
In response to DennisTX

‎12-16-2021 04:27 AM - edited ‎12-16-2021 04:34 AM

It took me 15 min for installation to complete.

For those who are experiencing issues, I highly advice to make sure that file hash match the one on Cisco download page. I had issues where downloaded file had discrepancy. I ended up downloading from alternative computer and file MD5 hash finally matched.

On Windows you can use following cmd to check file MD5 hash: certutil -hashfile c:\temp\ise-apply-CSCwa47133_Ver_24_30_allpatches-SPA.tar.gz MD5 (of course file path is as per where you stored the file)

Linux command: md5sum ise-apply-CSCwa47133_Ver_24_30_allpatches-SPA.tar.gz MD5

 

Go to solution
ganeshwaree.ramburruth
Level 1
Level 1

‎12-16-2021 02:54 AM

Hello Guys,

I am having trouble to install the patch. 

I get an error incorrect file format. I have tried to unzip and upload the tar file, i get the same error. 

I have open a tac case meanwhile. 

0 Helpful

Go to solution
Marcelo Morais
VIP
VIP
In response to ganeshwaree.ramburruth

‎12-16-2021 03:57 AM

Hi @ganeshwaree.ramburruth ,

 use the following command:

ise/admin# application install ise-apply-CSCwa47133_Ver_24_30_allpatches-SPA.tar.gz LOCAL

Note: LOCAL is the name of my repository that points to disk:

repository LOCAL
  url disk:/

I always prefer to put the patch on the disk:

ise/admin# dir
 Directory of disk:/
 ...
 4747 Dec 16 2021 05:56:27 ise-apply-CSCwa47133_Ver_24_30_allpatches-SPA.tar.gz
 3413 Dec 16 2021 05:57:46 ise-rollback-CSCwa47133_Ver_24_30_allpatches-SPA.tar.gz
 ...

 

It took 10 to 15 min in a LAB environment.

 

Hope this helps !!!

Go to solution
DennisTX
Level 1
Level 1
In response to Marcelo Morais

‎12-16-2021 05:06 AM - edited ‎12-16-2021 05:21 AM

Hi,

 

in second try, it started the installation, but now it´s stuck in "restarting application" for a long long time.

With a second terminal, i checked the services and not all of them are running.

 

What should i do now? It seems that the patch is installed, but the script doesn´t finish properly:

Cisco_Patch.png

With these issues, i´m afraid of patching our active nodes...

 

Regards,

Dennis

0 Helpful

Go to solution
Marcelo Morais
VIP
VIP
In response to DennisTX

‎12-16-2021 07:10 AM

Hi @DennisTX ,

 on another CLI, try the show application status ise and check if the Application Server is running or initializing.

 

Hope this helps !!!

0 Helpful

Go to solution
Kilib52
Level 1
Level 1
In response to ganeshwaree.ramburruth

‎12-18-2021 12:18 PM

Hi ganeshwaree.ramburruth,

I'm having the same problem, did Cisco TAC solved the issue, if yes, could you please share what was the solution?

 

Thanks in advance!

Kilib52

0 Helpful

Go to solution
ganeshwaree.ramburruth
Level 1
Level 1
In response to Kilib52

‎12-19-2021 02:23 PM

Hi,
Cisco TAC advised to apply the hot fix via cli instead via GUI.

Go to solution
fedor.solovev
Spotlight
Spotlight

‎12-17-2021 10:01 AM

Guys,
How long should it take ?
The application restart..

0 Helpful

Go to solution
ganeshwaree.ramburruth
Level 1
Level 1
In response to fedor.solovev

‎12-19-2021 02:17 PM

it should take around 15mins. 

0 Helpful
Customers Also Viewed These Support Documents