07-26-2018 08:35 AM
Customer needs to know what are the best practices for not only patching ISE itself, but the underlying RHEL kernel should there be a CVE that needs to be patched for RHEL by their Linux Admin. The understanding is that Cisco will not provide the RHEL patch, the customer Linux Admin would have to complete that task. How would the customer know if patching RHEL will break ISE itself.
Solved! Go to Solution.
07-26-2018 02:06 PM
From the TAC case notes, the customer's inquiry is fairly general.
07-26-2018 08:45 AM
07-26-2018 12:09 PM
07-26-2018 12:59 PM
07-26-2018 01:03 PM
Perhaps some mis-understanding. If possible, please share with me the TAC case number to take a look.
Some of OS changes are not patchable; e.g. CSCvg15984
07-26-2018 01:44 PM
07-26-2018 02:06 PM
From the TAC case notes, the customer's inquiry is fairly general.
07-26-2018 09:38 AM
Similar situations have come in the past with OpenSSL vulnerabilities. The process for such situations is that Cisco PSIRT gets notified about third party vulnerabilities and they coordinate patch fix testing for Cisco application with respective BU. BU will track the fix using a bug ID and PSIRT with publish an advisory with all the details of when and what patch, in this case ISE patch, will have the fix for the vulnerability.
Hope this helps!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide