cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1168
Views
20
Helpful
7
Replies

ISE 3.0 Patch 5, does it require log4j hotfix?

patoberli
VIP Alumni
VIP Alumni

Hi all

 

Basically the title says it all. Does ISE 3.0 Patch 5 still require the Log4j Hotfix? I'm asking because the release notes state CSCwa47133 as fixed, but neither the hotfix notes nor the bug notes have been updated in regards to Patch 5.

 

Thanks

Patrick

7 Replies 7

balaji.bandi
Hall of Fame
Hall of Fame

as per i know yes it is required to patch.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Thanks for your replies. Then it's not really nice that this Bug is listed as resolved with P5. 

 

 - Indeed , but I too am near-sure that it (still) needs to be applied in your case (too). Of course one could look for exploit examples with the searching powers of the Net but that would indeed require some additional efforts.

 M.



-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !

Also using exploits might damage the appliance, if still vulnerable. But I hope for the best that P5 indeed includes the patch (it was released some 3-4 months after the log4j patch). 

 

 - That's a dilemma indeed, I don't want to be the always mr. right person. But here there are solutions too, such as importing or migrating/mapping  an appliance to a virtual (VM)-copy and testing on a kind of isolated network. All that of course depends on how strong security requirements for the particular Intranet are.

         - Or even installing a virgin ISE node with the particular ISE-version and testing on it.

 

 M.



-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !

Hi @patoberli ,

 please take a look at: CSCwa47133 ISE Evaluation log4j CVE-2021-44228, ISE 3.0 P5 is a Known Fixed Released:

CSCwa47133 00.png

 

Also take a look at ISE 3.0 Release Notes.

IMO you are good and don't need to install the hotfix.

 

Hope this helps !!!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: