09-03-2016 05:56 AM - edited 03-12-2019 01:13 AM
Have asa 5525 running on version 8.6.1. On which version I can go supported on the device to fix recent snmp vulnerability.
Solved! Go to Solution.
09-03-2016 06:01 AM
Hi,
The fix for the vulnerability is been addressed in version 9.1.7.9 which is supported on the platform you are running on. Please find the below link regarding the vulnerability for your reference.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-asa-snmp
Regards
Pradyumna
09-03-2016 06:08 AM
Hi,
Since you are running on version 8.6.1, you need to follow an upgrade path in order to move to version 9.1.7.9.
8.6.1 -> 9.0.4 -> 9.1.7.9
Also please find the release notes for 9.1.x version for your reference.
http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/release/notes/asarn91.html#pgfId-763574
For the HA, you can upgrade with a zero downtime. First upgrade the standby unit. Once done make it as Active unit and then proceed with other unit. (Remember to take a backup of configuration before proceeding with upgrade).
Please find the below document for you reference for upgrading Active/Standby failover pair.
http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/upgrade/upgrade91.html#pgfId-61610
Regards,
Pradyumna
09-03-2016 06:01 AM
Hi,
The fix for the vulnerability is been addressed in version 9.1.7.9 which is supported on the platform you are running on. Please find the below link regarding the vulnerability for your reference.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-asa-snmp
Regards
Pradyumna
09-03-2016 06:03 AM
thanks for quick reply. I am having failover active standby, can I upgrade with no downtime. Is there any path I need to go for upgrade.
09-03-2016 06:08 AM
Hi,
Since you are running on version 8.6.1, you need to follow an upgrade path in order to move to version 9.1.7.9.
8.6.1 -> 9.0.4 -> 9.1.7.9
Also please find the release notes for 9.1.x version for your reference.
http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/release/notes/asarn91.html#pgfId-763574
For the HA, you can upgrade with a zero downtime. First upgrade the standby unit. Once done make it as Active unit and then proceed with other unit. (Remember to take a backup of configuration before proceeding with upgrade).
Please find the below document for you reference for upgrading Active/Standby failover pair.
http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/upgrade/upgrade91.html#pgfId-61610
Regards,
Pradyumna
09-03-2016 06:09 AM
ahh...got it. thanks.
09-03-2016 08:21 AM
Double check your current version. 8.6(1) is not available on 5520 platform. The 8.6 release was specific to Saleen hardware (X series).
Perhaps you mean 8.4(1).
09-03-2016 09:28 AM
Thanks Marvin, Yes I mis-typed, I mean for 5525.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide